I am currently working an an app that requires access to multiple Box accounts. I am using the Web API Library. So far, I am successful in accessing a single account. I am saving the auth token when I authenticate a new user. And then when I want to access any account, I use [Box +initializeSessionWithAuthToken:callbacks:] with the respective auth token. But I am only redirected back to the login page again. Just before initializing a new session, I use [Box +logoutWithCallbacks:] to logout the old user. What Am I doing wrong?
I know this is an old question but
+logoutWithCallbacks:nil
Should invalidate the session and log out the user. Have you verified that this method completed successfully and actually did log out the user.
Then you can use
+ (void)initiateWebViewLoginWithCallbacks:(BoxOperationCallbacksDefine)callbacks;
or
+ (void)initiateLoginUsingURLRedirectWithCallbacks:(BoxOperationCallbacksDefine)callbacks;
these will display a new web log in and allow you to create a new authentification token for the new user
Related
I am writing a Reddit client that uses OAuth to authenticate the user. One of the features I would like to implement is the ability to use multiple accounts simultaneously. This requires the user to authorize my client on each account they want to use. The problem I'm running into is that if the user is already logged into Reddit in their browser, when I pop a browser to perform the auth, it will have them authenticate my client against their currently logged in user.
Is there a way to force the user to re-enter their credentials? I would rather not have to put some kind of disclaimer on my Add Account screen that says "Please log out of Reddit in any open browser windows".
I tried opening the Reddit login page in a WebView so the request is sandboxed, and while that worked, it gives the user access to the entire login page (including all the links that navigate to elsewhere on the site). I don't mind that experience when I'm popping an external browser, but in an embedded WebView I really just want to present a username and password box along with the OAuth validation prompt.
Note: I do kind of prefer the embedded experience because it doesn't interfere with the users existing browser cookies, I just don't like how cluttered the login page is this way and I'm not sure how to prevent the user from navigating away from login. Also, for completeness, this is a UWP app, though this problem is largely technology independent.
The problem I'm running into is that if the user is already logged into Reddit in their browser, when I pop a browser to perform the auth, it will have them authenticate my client against their currently logged in user.
It may be caused by the authorization server. If so, we can not do anything in our client app.
But if it is not the server issue, in UWP, there is a WebAuthenticationBroker class witch can help you to authorize your app to access the user info from Resource server by getting a token. You can try to use the class to implement OAuth authorization. You don't need to use the in a WebView so that you can authorize your app with multiple users if you can manage all the user with the token properly in your code logic.
See the Web authentication broker topic and the sample to learn more details.
I am implementing user authentication using Twitter login and I would like to know how I can proceed.
My app is a universal app with react + redux. I set up the server side login logic using passport and passport-twitter. When I go to http://myApp/auth/twitter, I obtain auth token from Twitter, persist it in db, and save the serialized user using express-session. I am redirected back to my app.
I now want to set up the client side logic. I think I need to store the user information in my redux store. But how can I do it? When I am redirected back to the app after a successful auth, how can I retrieve the user information?
Do I need to find the user info on the server side using something like req.cookie, send the initial state to the client, and rehydrate the user info on the client?
What?
I have an API that takes a username and password and can return an AuthenticationResult. I want to make use of that token in order to start a session within the MVC app. Here's the flow of thins:
User goes to MVC app
User gives password and username
MVC calls API and sends username and password
API returns token to MVC app
After step 4, what can I do to start a session within MVC.
Info on the scenario:
We want to leverage Azure Active Directory to keep all our user info there, but we want users to be able to register using any email, not just our domain. We plan to make an account for every user in AAD using a combination of their email and our domain(since account created in AAD have to belong to a domain). So if the user's email is john#gmail.com, AAD will store johnatgmailcom#ourdomain.onmicrosoft.com
Why?
We can't force a user to create an account using our domain.
We don't want users to see the AAD login screen
We don't want to store any sort of user account info in our DB
We plan to leverage AAD in the future within an iOS/Android apps so having authentication outside the MVC app would allow for this
This is the POC code that we have in our API that authenticates a user login request coming from the MVC app:
AuthenticationContext context = new AuthenticationContext("https://login.microsoftonline.com/cccccccc-cccc-cccc-cccc-ccccccccccccc/oauth2/token");
try
{
UserCredential uc = new UserCredential(userCredendtials.Username, userCredendtials.Password);
AuthenticationResult azureADToken = context.AcquireToken("https://graph.windows.net#" + "ourdomain.onmicrosoft.com", clientID, uc);
return Ok(azureADToken);
}
catch
{
// We didn't authenticate user, send not found - generic error, we can change this
return NotFound();
}
We then check what the result of the API call was within the MVC app to respond accordingly. The $1,000,000 question is how can we start and mange the MVC session as if we were using something like ASP.Net Identity using the token???
We can modify the API and the MVC app as needed but we do have the rewuirement of letting users create their account with any email and to store their info on AAD. If this is totally on the wrong path, any advice is appreciated!
The scenario you described is not supported and not recommended with Azure AD. If you want a white label experience, where uses can pick arbitrary usernames and you can fully customize the cred gathering page, please consider Azure AD B2C: http://blogs.technet.com/b/ad/archive/2015/09/16/azure-ad-b2c-and-b2b-are-now-in-public-preview.aspx
I'm studying how to develop an iOS app and I need to figure out how should I structure it.
Architecture:
I've an external database, a REST api (as interface between the database and the app), and the iOS app.
The question:
I'd like users to authenticate by a simple form or by a Facebook login button but in each case a table 'user' in the database has to be filled with default fields like name, surname, email, profile picture, password(?).
For the standard authentication there are no problem, but for Facebook authentication I'm quite confused about theory:
Should I use access token? How?
When a user get authenticated with Facebook I haven't his password, so how can I get his informations from the database? In the standard way I would give to the database username and password and it would return for example the id field.
Sorry for my english.
You can use the access token of current logged in user
[FBSDKAccessToken currentAccessToken]
and send it to your REST api. From there you can retrieve every information you need and save it to your database (except user's password of course). If a user sign in for first time in your app insert a new user in your database and save user's Facebook User ID.
The whole idea of using authenticate and authorization is not to have access to user's password of another app, but the user authorize (confirm) your app to have access in his/her account with specific permissions.
Here is a step-by-step answer of what you need:
Design for Facebook authentication in an iOS app that also accesses a secured web service
You need to save the currentAccessToken that the login request returns to you.
Then, using Facebook's Graph API, the userID that was returned in the login request, and the user access token, you can request a user object, which has the email address, assuming you added the email permission in the login request.
Also use the Graphi API to retrieve the user's photo using the userID that was returned in the login request:
50x50 pixels
<img src="//graph.facebook.com/{{fid}}/picture">
200 pixels width
<img src="//graph.facebook.com/{{fid}}/picture?type=large">
I have successfully let users to connect to my web application with twitter oauth. And I can insert user information after they logged in.
My problem with is that existing users are always redirected to the Allow/Deny application screen on twitter each time they click on sign in with twitter.
How can I skip this step for my existing users so they don't have to click on allow every time they sign in?
I am using this library: http://www.haughin.com/code/twitter/
thanks.
This is done with the Sign in with Twitter flow. Instead of sending users to https://api.twitter.com/oauth/authorize?oauth_token=xyz send them to https://api.twitter.com/oauth/authenticate?oauth_token=xyz. In this case if the user has previously authorized your app and are already authenticated with twitter.com they will automatically be redirected back to your app without being prompted to allow/deny access.
When a user authorizes your application to use their Twitter account, Twitter gives you two tokens: OAuthToken and OAuthTokenSecret.
Stores these tokens in a cookie, or a settings file, or whatever.
Then, the next time you need to make a request to Twitter on behalf of this user, you use those tokens.