The problem is in my users table, we already have email of user existing in our DB, so we try to apply one more layer which include google SSO which allow user to log in if and only if that user have the same email in our DB. But it turn out every user can login event if they don't have one.
If user doesn't have the same email in DB, redirect back to login page.
Related
Hi there I am new to the Auth0 thing we are creating an app where we use passwordless auth0 user only has to put an email in our app then the auth0 link will send in the user email when the user clicks it will open out the app also the same time the user is created in our user database with
auth0Sub id, this case in staging and dev environment but now in a production environment we only allowed few users for login/signup this time client requirement he has the bulk of user JSON file where user email and information store so my team leader said I have to find an Auth0 related script where I can send(pass) our user JSON file and based on user email I will get
auth0Sub id as a response so that further I can manually store user data with
auth0Sub id in user collection of production environment however I searched google but was not able to find the correct answer
I am using Cognito User pools and the hosted Cognito UI. I want new users to be disabled when they first sign-up.
I am trying to use a Cognito Trigger to disable the user.
The "Pre sign-up" trigger is to soon, the user has not been created yet. I have successfully used the "Post confirmation" to disable the user, however this is causing a side effect. After the user enters the confirmation code which is emailed to them, they see this message in the hosted UI "User is disabled".
Does anyone have a suggested solution on how to make the new users disabled by default?
We had a similar Business Requirement. For us we made use of a User Pool Group. This allowed the sign up and validation process to work as normal. We had the Post Confirmation trigger send our product team an email with details about the new confirmed user. We had a simple UI for the product team to add the group to a user if they should have access.
To Deny/Grant Access to the app: Our app checked the ID Token, once a user successfully authenticated, for the group (the ID Token has a 'cognito:groups' key which contains a list of all the groups the user is in). If the group was not present we displayed a page showing the user a customized access denied message
Im trying to add google oauth2 as my login method in superset. Users cant register by their own, the system admin must provide access for the user deppending on permissions/role.
When a annonymous user loged in, the system must check if the user email exist and what role is applied to him and show the user profile
I already have the google oauth2 linked in superset, i can click in the login google button the login pop apears and enter the email and pasword of an google acount. But when the login is done, it apears a message saying that the user is not authorized.
Login Page
After Login, with console error (page stays loading...)
The question is how i can associate an google user to a superset user, or register an user by this google oauth2 method with the respective role?
One thing you can do is set Flask App Builder's AUTH_USER_REGISTRATION = True and
AUTH_USER_REGISTRATION_ROLE = "some_default_role".
Then if you want to alter the registration flow, I'd recommend setting your own SecurityManager and overriding BaseSecurityManager.auth_user_oauth . I'd copy the source of that method and alter it.
I'd be great if FAB had a pre_registration hook in BaseSecurityManager for this purpose. Maybe it could receive the User object FAB is planning on creating (before it gets created) and could return a list of roles, or None if we want to abort the registration process.
I am trying to create an app with SQL database connection. Like other apps, user should have the option of both custom register(email,password) and facebook login.
If user choose custom login thats fine, but if user choose facebook login my app would be able to retrieve email from facebook yet no password.
In most apps if you choose facebook login, after login with facebook you never deal with register and logging again (Single sign on, and access token).
But How other apps let user register without choosing a password? Do they let password field null in database (that doesnt seem feasible)? Or do they create a random password for user and save it to users device? What if user logs out or delete their facebook account and wants to login to my app, how would they login without password since in first place they have chosen facebook login?
I know multiple question but they are all related and I am having a difficult time understanding that simple task.
Thanks
M. Fustang
In general if you allow people to register using Facebook, you can force them to set their username and password for this website on first time they log in. And simply store user's id from Facebook as a column in users' table together with username and password provided by user. And then allow them to login using this user/pass data for your website or using Facebook. This will allow your users to log in even after Facebook's account removal.
Im adding facebook one-login to my website. Just wanted to get some feedback from people who have already implemented it.
At the moment im allowing user to login to my site using fb:login, providing they have a valid account on fb and login successfully, if the same email address thats returned from fb matches my email address I hold in my own database, they will automatically be logged in to my site.
The problem I have is, im finding hard having just the email as my main authentication between the user and the my site. For those who have already implmented this, could you please share some of you loggic (theory) on how you autenticate the user when you're logging them onto your site.
I had the same problem than you. I had users in my database with their name and email address and I wanted to add the Facebook connect plugin.
Now, on the login page, I let users choose between standard and Facebook login. If one choose Facbook login I retrieve his Facebook ID with the Facebook PHP SDK (see on github) :
$facebook = new Facebook(...);
$id = $facebook->getUser();
If I have this Facebook ID in my records, I log the user in.
If not, I retrieve his email adress :
$profile = $facebook->api('/me');
$email = $profile['email'];
If I have this email in my database, I store the facebook ID in that record (for the next time) and I log the user in.
If not, I create a new record with the Facebook ID and the email. After that, the user can set a password in his settings to be able to log in with the standard login (without Facebook).
You may want to check the example of the Facebook PHP SDK out to better understand how the flow works.
Hope that helps.
I have also done this. I have now understood that you do you want to match the email address that if user changes his email address you want to update it. Its simple solution is that store the user information in your database. What I have done, I store the user profile id returned by the facebook as user name and by converting into md5 I store the same profile ID as password and email adress returned by the user. Now every facebook user has its unique id in my database. Whenever user comes to my site and logins with facebook, There are two cases
1- I compare the profile id with my database and if record found I always update the email address in that particular field returned by facebook.. Now I can have the latest email address of the user. 2- if the user is not in my database then I insert the record by applying the above method.
Hope it will help you