I am using the LinkedIn API for login. I have that pretty little button. It works great.
However, when people "logout" of my app, something goes wrong. I do this:
Log the user out: IN.User.logout();
Redirect to my landing page for not logged in users: window.location = "/index.php";
Everything is fine, but when they get to my landing page for logged out users, where I have the log-in with LinkedIn button, they immediately get logged back in again.
Why would they be automatically logged in again? Didn't I just log them out? Shouldn't they need to click the log in with LinkedIn button again?
Here is the code for the button:
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: lydbpp0zdpad
onLoad: LinkedInSignIn.redirect
authorize: false
</script>
When you change the window.location, the browser kills all requests currently in progress. This may be preventing the logout request from going through. Can you try delaying for 5s before redirecting them? (There are ways to get around this problem without delaying, if it is indeed the issue.)
Related
I have a RoR / JQuery Mobile app that uses Facebook OAuth for authentication. It all works fine when accessing it via any normal browser on desktop and mobile with one exception.
If a user clicks a link to the app within the Twitter iOS app the home page loads within an internal webview. If the user then clicks 'Sign In with Facebook' the authentication seems to be successful but when Facebook redirects the user back to the app the page never loads. It just displays a blank page and the network indicator at the top of the screen just keeps spinning. If I close the web view and click the link again the page loads fine because the user has already authenticated.
Has any one else had problems with Facebook Auth inside the twitter app on iOS? Any suggestions on how I can resolve this problem? Is it possible this is just a bug with the Twitter app on iOS?
Thanks
I believe I found the solution. The facebook authentication process used a lot of redirects which I thought could be causing the problem (5 in total). After reviewing the process I realised I could remove one of the redirects and take the user directly to the page I wanted once they were authenticated.
www.example.com (link from the tweet)
www.example.com/auth/facebook (use clicks 'Login with Facebook')
1 - Redirect to: graph.facebook.com/oauth/authorize
2 - Redirect to: www.facebook.com/dialog/oauth
3 - Redirect to: www.example.com/auth/callback
4 - Redirect to: www.example.com/entry_path (This has now been removed)
5 - Redirect to: www.example.com/final_logged_in_path
The login process now works from within the Twitter iOS App.
I have a RoR app using omniauth. I want to allow the user to log out so that they can sign in with a different Facebook user, but no matter what I do, once a user logs into FB, it keeps them logged in.
I have tried:
https://www.facebook.com/logout.php?next=&access_token=
To no avail. I also tried the reauth option for omniauth-facebook but that resulted in the user being brought to FB rather than to my specified redirect URL.
Its easy, add this to your javascript initialization code: (after FB.init)
FB.logout(function(response) {
FB.Auth.setAuthResponse(null, 'unknown');
setTimeout('document.location.reload()',0);
});
And the button of sign out:
Logout
Using the approach https://www.facebook.com/logout.php?next=&access_token= will make your user leave your page, as facebook won't redirect to your website again.
I hope this will solve your problem.
I am adding facebook comments to my iPad application using UIWebView and HTML5 code provided by Facebook.
When the user is not logged in, the application shows the comments and button "Login to Facebook to Post a Comment".
Clicking the button takes me through login process. After the login completes the view is redirected with an empty page with "Login complete" message. It is not redirected back to the comments dialog.
Right now I implemented an ugly workaround. Upon receiving webViewDidFinishLoad event, I look at contents of the page and reload it if the page shows this message. Though, it does not seem a clean way to go.
Why doesn't Facebook redirect me back to original comments page?
I suspect the problem you're having is related to this issue: Facebook authentication in a UIWebView does not redirect back to original page on my site asking for auth
Specifically, the standard Facebook web login process launches a new browser window dialog, and dispatches a message back to the opener to indicate login success for the redirect to occur.
Quoting a passage in the linked SO, "UIWebView doesn't support multiple windows so it can't postMessage back to your original page since it's no longer loaded."
I'm also developing an iPad application, and my solution is similar to yours: i drive the user to "https://m.facebook.com", always, to force him to login first, then in "webViewDidFinishLoad" i inspect the returned url and if it matches:
"https://m.facebook.com/login/checkpoint/"
exactly, that is, the url returned upon a successful login, then i call my own method (with reload or anything i want). At this time, the user is authenticated and has a valid FB session, so, redirections are not necessary anymore.
It's definitely not pretty, and may break as soon as FB changes the way it processes the login dialog, but i too cannot find a way to resolve it any better. Even tried using "FB.Event.subscribe('auth.login', function(response) {});" without success, of course, because the code is never reached.
I think a bug is already submitted to FB, but i don't think it's getting the deserved attention...
I ran into same issue as this question, but after reading some Facebook official documentation, I'll be redesigning to use the Facebook native SDK.
All iOS and Android apps must (effective October 2, 2013) use our SDKs
for iOS and Android for requesting permissions.
Though, I also gather that the "or else" is just a "developer notification"?
Posting this in hopes it will save time for someone using the same approach :)
If it possible to force a re-authorization (I.E asking for username and password) from the LinkedIn oauth api?
Usecase:
To protect sensitive data, in case someone forgets to log out, some actions on our site can only be taken after you re-verify yourself with your password (even when logged in). We allow login using LinkedIn, in which case the user does not have a separate password on our site. In this case we would like to force a re-authorization (username/password) from the LinkedIn api so that user can still confirm his identity.
The important issue here is that it cannot just accept because the user is already logged in on LinkedIn and has accepted to app, this would not provide any level of security for someone who has forgotten to log out, it has to explicity ask for authorization by password again.
There is no way to force re-asking of the OAuth username/password once the user has logged in other than to log them out of LinkedIn first.
You can see this in action by opening your LinkedIn JSAPI-enabled site and having the user 'Sign in with LinkedIn'. Once you have completed the initial OAuth sign-in/authorization, open a tab in the same browser and go to linkedin.com - you will also have been logged into the site.
In your case, if the user simply walks away from the computer leaving the browser open, they will still be logged into both of your site AND linkedin.com. Closing the browser, or logging out via the API or the linkedin.com site will solve this.
One strategy might be that any access to 'sensitive' data generates a logout, which will clear the cookies but not the app authorization, and then to instantiate the auth dialog:
IN.User.logout();
IN.UI.Authorize().place();
Details here. I've tested this and it seems to work well.
You can do a logout call when a user wishes to logout from your site,
simply make them call an iframe request to https://www.linkedin.com/secure/login?session_full_logout=&trk=hb_signout and return a successful signout message when that happens. Sounds dodgy (xss attack) but this is probably the only non-intrusive way of logging the user out.
Here's a small jQuery plugin that I wrote to help accomplish this.
First, add a data-hidden-iframe attribute to your standard "Sign Out" in your application.
Sign out
Note that the data-hidden-iframe attribute value points at the LinkedIn logout URL that Ernest recommended.
Next, add this jQuery plugin to load a hidden iframe with the LinkedIn logout URL. It will wait until the iframe is fully loaded before propagating back to default click behavior.
$(document).ready ->
$("[data-hidden-iframe]").loadhiddenIframeBeforeClick()
$.fn.loadhiddenIframeBeforeClick = ->
this.on "click.iframe", ->
return if $(this).data("already-iframed")
event.preventDefault()
event.stopPropagation()
href = $(this).data("hidden-iframe")
$(this).data("already-iframed", true)
$("<iframe style='display:none;'>").attr("src", href).appendTo("body").load =>
$(this).trigger("click")
For those that cannot read CoffeeScript, here's the equivalent JavaScript:
$(document).ready(function() {
return $("[data-hidden-iframe]").loadhiddenIframeBeforeClick();
});
$.fn.loadhiddenIframeBeforeClick = function() {
return this.on("click.iframe", function() {
var href,
_this = this;
if ($(this).data("already-iframed")) return;
event.preventDefault();
event.stopPropagation();
href = $(this).data("hidden-iframe");
$(this).data("already-iframed", true);
return $("<iframe style='display:none;'>").attr("src", href).appendTo("body").load(function() {
return $(_this).trigger("click");
});
});
};
I know this is an old question in which I am answering.. But it can help someone to get out of this problem
There is a solution I have recently implemented just create a fake webview call with the actual logout url for linkedin that is
https://www.linkedin.com/secure/login?session_full_logout=&trk=hb_signout
Just call the above url with a fake webview, incase of iOS it could be
UIWebView *webView=[[UIWebView alloc] initWithFrame:CGRectZero];
NSURLRequest *req=[NSURLRequest requestWithURL:[NSURL URLWithString:#"https://www.linkedin.com/secure/login?session_full_logout=&trk=hb_signout"]];
webView.delegate=self;
[webView loadRequest:req];
Hope it helps someone..
If you want to force the user to re-login with their Linked In credentials, then just take them through the authorization process again. However, it will have to be the entire authorization process with Linked In requesting the user to authorize your application and you storing a new OAuth token.
Everything seems to be working fine with my implementation of Facebooker with Authlogic (using the authlogic_facebook_connect plugin) except for one thing.
After the initial authorization of the application (by clicking OK on the Facebook pop-up) I still remain on the login page. There is no redirection. However, once I refresh the login page and then click the Facebook button again, there is no popup because it is already authorized by Facebook, instead it redirects to /user_session (for authentication via Facebook session) automatically and immediately takes me to the dashboard page as expected.
Additional Information:
Any idea why it doesn't redirect on the very first click, right after authorizing Facebook? The post-authorize URL is set for http:///user_session/ and the routes for authlogic are set properly.
I have tried with Prototype and jQuery, both give the same results.
You can see the same issue on this tutorial website if you try to authenticate with Facebook. This website is not mine so try at your own risk:
http://facebooker.pjkh.com
Thanks.
Also having the same issue here. I think the reason it was doing nothing for me, using jquery, is the code generated by
<%= authlogic_facebook_login_button :controller => 'customer_session' %>
which is something like
<form id='connect_to_facebook_form' method='post' action='/customer_session'>
<input type='hidden' name='authenticity_token' value='keLV8CIfc5znsRkjhkjhkjhkjhkjh='/>
</form>
<script type='text/javascript' charset='utf-8'>
function connect_to_facebook() {
$('connect_to_facebook_form').submit();
}
</script>
<fb:login-button js="prototype" onlogin="connect_to_facebook()"></fb:login-button>
the jquery to submit the form is wrong it should be
$('#connect_to_facebook_form').submit();
(duh, because I did not pass in :js => :jquery)
but if I fix that I still get
1 error prohibited this customer
session from being saved
There were problems with the following
fields:
* You did not provide any details for authentication
so the right details are not being injected into the form I guess