I get "Session Expired" when logging in to our site - ruby-on-rails

Sorry for double posting probably same question but I don't think I've explained the question much on the previous one. Here's an easier to understand question:
The site I'm working on uses Devise (https://github.com/plataformatec/devise/) and Omniauth (https://github.com/intridea/omniauth) to allow users to logon via Twitter. It works well when it's used in browsers.
This is how to reproduce the problem:
User is using Twitter's IOS app
User clicks on a link of our site that was embedded in a tweet
Twitter opens our site via UIWebView
Our site requires the user to login via Twitter
The app executes Safari and redirects to Twitter's login portal, prompting the user to login
When the users submits the form, it redirects him back to our site and throws an error: "Session Expired"
Any ideas why this is happening? Or anyone experiencing the same problem?

I don't think there has been any change to this, I posted this question here that has more interaction https://dev.twitter.com/discussions/9711.

Related

iPhone OAuth login request redirects to App not Browser, doesn't work

My current scenario is:
Running an iPhone on the latest iOS
LinkedIn App is installed and logged in
Web browser is NOT logged into LinkedIn (because I have the app)
Developing a web app with "log in with LinkedIn" functionality
On the iPhone, clicking the "log in with LinkedIn" button redirects me straight the the LinkedIn App, which subsequently does nothing - just shows me my feed. I have verified this same behaviour occurs on a third-party site as well as my own. Note that Android exhibits similar behaviour, though I haven't tested as extensively there.
I've found several workarounds:
If I open the web site in Private Browsing mode clicking the login button asks me if I want to open the App or stay in the browser.
If I long-press and "Open in background tab" the login button it'll open (in the background, of course) instead of redirecting to the app, allowing me to log in.
If I manually type "linkedin.com" into the browser and log in then it seems to work too.
None of these are even vaguely practical for end users, essentially forcing us to remove the option entirely.
I'm fairly sure this is a problem at LinkedIn's end and the solution is either:
Don't redirect to the App for OAuth Authorize requests, or
Make the App correctly handle OAuth Authorize requests.
If I'm incorrect and there's some way we can stop this redirect from the client side I'd be happy to hear, otherwise I hope LinkedIn engineers actually see this...
See the comments in Issues with Linkedin Social connection
LinkedIn already confirmed that it is a problem on their side.

Facebook login on Apple CNA

Questions:
Is it possible to set up Facebook login for use in the CNA?
Does CNA documentation exist for developers?
Can you debug the CNA screen using any developer tools?
Details:
I have created a captive portal login page that uses an email submission form or a Facebook login button. The login button uses javascript as documented on Facebook's developer resources to open a window and log the user in.
Testing:
CNA: Clicking the Facebook sign in button redirects to the facebook login, after multiple clicks. Facebook login page allows submission of username and password but does not generate these entries from cookies. After submission, the page is blank and login is not completed.
Full Featured Browsers: In Safari, Chrome, Firefox, etc. the social sign is functioning and works as expected. All browsers redirect the user to the login page, the user may use the email submission button or the social sign to authenticate on the hotspot and redirected to a landing page. The problems only occur on the CNA.
Research:
Forums threads state that it's impossible to use Facebook login in this way but I'm not sold because Social Sign In seems to be doing exactly what I'm proposing. They claim to accomplish the login without using apps so I have to assume their using either a CNA browser or launching Safari directly. Some javascript is functional in the CNA but I'm unable to track down resources to explain exactly what the capabilities/limitations of the CNA are.
Thanks for any help on this issue

Instagram Authentication Page Doesn't Auto Redirect When The User Is Logged In on Another Tab

I did my best to find a similar problem, but I did not come across one. I speculate this error may have been introduced with Instagram recently changing its API. I'm wondering if anyone else came across the same issue.
I use instagram for authentication. The problem is that, when a user is logged in to Instagram on another tab, if he clicks the instagram sign-in button to log in to my app, he lands on the instagram authorization page and is asked to enter username and password. The problem is that instagram is supposed to auto-redirect to my app directly since the user is already logged in on the browser. But this doesn't happen. Moreover, even if the user enters wrong password or empty user name, instagram still redirects to my app with the logged in user. So the browser definitely knows that the user is logged in to instagram. I am quite sure that the problem is related to instagram, because when I change the provider settings to twitter, redirection occurs with no problem.
And this problem occurs for returning users as well.
For reference, I use rails 4 and my authentication strategy is omnioauth-instagram (no devise). I mainly followed this tutorial http://www.sitepoint.com/rails-authentication-oauth-2-0-omniauth/ for authentication. I am still in development mode so I use localhost.
EDIT: Here is the instagram notice:Instagram Platform and documentation update. Apps created on or after Nov 17, 2015 will start in Sandbox Mode and function on newly updated API rate-limits and behaviors. Prior to going Live, and being able to be used by people other than the developers of the app, these apps will have to go through a new review process. Please read the API documentation or the Change Log for more details.
I started creating my app before nov 17th.

Facebook Test User Login URL - Doesn't work after clearing cache/cookies

I have a test users page for my site which loads a simple grid of 4 buttons, which, when clicked, launch their associated Facebook test user login_url. I'm obtaining these via the PHP SDK and they work great...
Except when the cookies are cleared in Safari (mobile and desktop)... In this case, the test user login_url takes me to a Facebook login page where I'm prompted to login.
If I clear cookies and visit the plain old www.facebook.com homepage first and then navigate to my site, it works fine.
I understand that the 3rd party cookie setting would prevent me from loading this login_url successfully in an iFrame, but I don't understand why it doesn't work when I actually try to follow the link.
Is this a bug? Are Facebook test users a rather unpolished developer feature?
Disclaimer: I work for Facebook, but I am not on the Platform team, so my knowledge on this topic isn't that much more than a regular developer.
The login_url mechanism is not a full blown secure login mechanism. I would venture to guess that it switches the identity of the currently logged in user from the regular user to the test user. However, if there is no currently logged in user, it can't switch the identity, and therefore needs to ask you to login.
However, test users do have a user ID and password (which were returned as a response to the create API) that you could use to go through the standard Facebook login procedure. Note though that as far as I know, currently there is no automated method of loggin a user using the user ID/password - they are intended for manual logging in scenarios.

Not redirecting to Facebook comments in UIWebView after login

I am adding facebook comments to my iPad application using UIWebView and HTML5 code provided by Facebook.
When the user is not logged in, the application shows the comments and button "Login to Facebook to Post a Comment".
Clicking the button takes me through login process. After the login completes the view is redirected with an empty page with "Login complete" message. It is not redirected back to the comments dialog.
Right now I implemented an ugly workaround. Upon receiving webViewDidFinishLoad event, I look at contents of the page and reload it if the page shows this message. Though, it does not seem a clean way to go.
Why doesn't Facebook redirect me back to original comments page?
I suspect the problem you're having is related to this issue: Facebook authentication in a UIWebView does not redirect back to original page on my site asking for auth
Specifically, the standard Facebook web login process launches a new browser window dialog, and dispatches a message back to the opener to indicate login success for the redirect to occur.
Quoting a passage in the linked SO, "UIWebView doesn't support multiple windows so it can't postMessage back to your original page since it's no longer loaded."
I'm also developing an iPad application, and my solution is similar to yours: i drive the user to "https://m.facebook.com", always, to force him to login first, then in "webViewDidFinishLoad" i inspect the returned url and if it matches:
"https://m.facebook.com/login/checkpoint/"
exactly, that is, the url returned upon a successful login, then i call my own method (with reload or anything i want). At this time, the user is authenticated and has a valid FB session, so, redirections are not necessary anymore.
It's definitely not pretty, and may break as soon as FB changes the way it processes the login dialog, but i too cannot find a way to resolve it any better. Even tried using "FB.Event.subscribe('auth.login', function(response) {});" without success, of course, because the code is never reached.
I think a bug is already submitted to FB, but i don't think it's getting the deserved attention...
I ran into same issue as this question, but after reading some Facebook official documentation, I'll be redesigning to use the Facebook native SDK.
All iOS and Android apps must (effective October 2, 2013) use our SDKs
for iOS and Android for requesting permissions.
Though, I also gather that the "or else" is just a "developer notification"?
Posting this in hopes it will save time for someone using the same approach :)

Resources