I am using https://github.com/arunagw/omniauth-twitter
Apparently this issue only happens on the iPhone and iPad.
Here's how to replicate the issue. I tweeted on Twitter. The tweet contains a link that points to by web app: https://www.foobar.com/1 (ps This is a dummy link. You can use your own link).
Make sure the controller/method handling the link (https://www.foobar.com/1) has the following line redirect_to "/auth/twitter?use_authorize=true"
On the iPhone or iPad, open up the Twitter App. Search for the tweet. Tap on the link (https://www.foobar.com/1).
The page should redirect you back to /auth/twitter?use_authorize=true. Everything works fine so far. The user is sent to Twitter's login portal/form. However, after the user fills out the form and submits it. Instead, of being redirected back to our web app, he is sent to Twitter where it says:
"#sessions" does not exist
Anyone else experience this before? At this point, I don't know if this is a Twitter API issue or the way I am supposed to redirect with the gem.
The issue also seems apparent with other people:
https://twitter.com/Starbucks/status/482656278410723328
https://twitter.com/CocaCola/status/483420891393826816
https://twitter.com/RayaVlogs/status/492528237629943808
https://twitter.com/MattNavarraUK/status/494915033634447360
https://twitter.com/WillHillBet/status/497021431021330433
Update: Searching #sessions on Twitter, returns several people experiencing the same issue. It may be related to Twitter's API, more than anything. Apparently, its also happening with their widgets. Anyone think of a workaround?
Related
I did my best to find a similar problem, but I did not come across one. I speculate this error may have been introduced with Instagram recently changing its API. I'm wondering if anyone else came across the same issue.
I use instagram for authentication. The problem is that, when a user is logged in to Instagram on another tab, if he clicks the instagram sign-in button to log in to my app, he lands on the instagram authorization page and is asked to enter username and password. The problem is that instagram is supposed to auto-redirect to my app directly since the user is already logged in on the browser. But this doesn't happen. Moreover, even if the user enters wrong password or empty user name, instagram still redirects to my app with the logged in user. So the browser definitely knows that the user is logged in to instagram. I am quite sure that the problem is related to instagram, because when I change the provider settings to twitter, redirection occurs with no problem.
And this problem occurs for returning users as well.
For reference, I use rails 4 and my authentication strategy is omnioauth-instagram (no devise). I mainly followed this tutorial http://www.sitepoint.com/rails-authentication-oauth-2-0-omniauth/ for authentication. I am still in development mode so I use localhost.
EDIT: Here is the instagram notice:Instagram Platform and documentation update. Apps created on or after Nov 17, 2015 will start in Sandbox Mode and function on newly updated API rate-limits and behaviors. Prior to going Live, and being able to be used by people other than the developers of the app, these apps will have to go through a new review process. Please read the API documentation or the Change Log for more details.
I started creating my app before nov 17th.
I'm working on an iOS PhoneGap/Cordova app for a customer that launches a contact's LinkedIn profile page in an in-app browser. (Retrieved the URL from the people api) That part seems to work fine.
The problem is that once the page load, the user's LinkedIn app will launch, kicking the user out of my app.
Does anyone know of a way to prevent this from happening, aside from the user uninstalling their LinkedIn app?
If you are viewing an in-app browser, then you can instead of loading the page, retrieve the html for the page you want to view. Then, if possible, strip out the offending redirection (it might be javascript based) and display the modified HTML. At the end of the day, if you have access to the page that you are displaying, you should be able to find a way to strip out the offending stuff.
Now, if linked in changes their web page, you would probably need to update this code, but this way would work.
My app does automatic tweeting and I'm wondering if this flow is allowable.
The user clicks on a twitter connect button on one of my pages, then it directs them to the login page in settings. After they've logged in, i'd send an automated tweet to their page.
Is this legal to do? Only asking if this is legally ok to do. Thanks!
As far as legality goes, I would imagine this is fine if they know that the app will tweet for them.
Twitter has a page telling developers about these sorts of things.https://dev.twitter.com/terms/api-terms
See Section II, subsection 1, part B.
Sorry for double posting probably same question but I don't think I've explained the question much on the previous one. Here's an easier to understand question:
The site I'm working on uses Devise (https://github.com/plataformatec/devise/) and Omniauth (https://github.com/intridea/omniauth) to allow users to logon via Twitter. It works well when it's used in browsers.
This is how to reproduce the problem:
User is using Twitter's IOS app
User clicks on a link of our site that was embedded in a tweet
Twitter opens our site via UIWebView
Our site requires the user to login via Twitter
The app executes Safari and redirects to Twitter's login portal, prompting the user to login
When the users submits the form, it redirects him back to our site and throws an error: "Session Expired"
Any ideas why this is happening? Or anyone experiencing the same problem?
I don't think there has been any change to this, I posted this question here that has more interaction https://dev.twitter.com/discussions/9711.
I am adding facebook comments to my iPad application using UIWebView and HTML5 code provided by Facebook.
When the user is not logged in, the application shows the comments and button "Login to Facebook to Post a Comment".
Clicking the button takes me through login process. After the login completes the view is redirected with an empty page with "Login complete" message. It is not redirected back to the comments dialog.
Right now I implemented an ugly workaround. Upon receiving webViewDidFinishLoad event, I look at contents of the page and reload it if the page shows this message. Though, it does not seem a clean way to go.
Why doesn't Facebook redirect me back to original comments page?
I suspect the problem you're having is related to this issue: Facebook authentication in a UIWebView does not redirect back to original page on my site asking for auth
Specifically, the standard Facebook web login process launches a new browser window dialog, and dispatches a message back to the opener to indicate login success for the redirect to occur.
Quoting a passage in the linked SO, "UIWebView doesn't support multiple windows so it can't postMessage back to your original page since it's no longer loaded."
I'm also developing an iPad application, and my solution is similar to yours: i drive the user to "https://m.facebook.com", always, to force him to login first, then in "webViewDidFinishLoad" i inspect the returned url and if it matches:
"https://m.facebook.com/login/checkpoint/"
exactly, that is, the url returned upon a successful login, then i call my own method (with reload or anything i want). At this time, the user is authenticated and has a valid FB session, so, redirections are not necessary anymore.
It's definitely not pretty, and may break as soon as FB changes the way it processes the login dialog, but i too cannot find a way to resolve it any better. Even tried using "FB.Event.subscribe('auth.login', function(response) {});" without success, of course, because the code is never reached.
I think a bug is already submitted to FB, but i don't think it's getting the deserved attention...
I ran into same issue as this question, but after reading some Facebook official documentation, I'll be redesigning to use the Facebook native SDK.
All iOS and Android apps must (effective October 2, 2013) use our SDKs
for iOS and Android for requesting permissions.
Though, I also gather that the "or else" is just a "developer notification"?
Posting this in hopes it will save time for someone using the same approach :)