I have built a web app for our sales team.
The web app is currently using oAuth web server flow in order to authenticate with Salesforce.
Everything is working fine when running it on a separate tab.
We recently wanted to add some functionality from within Salesforce specific objects and display information from our web app.
So I've built an aura component displaying an Iframe with the URL from our web app.
Unfortunately, it crashes with a console error
Refused to frame 'https://***.my.salesforce.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
So I went to Salesforce's login page and indeed, there is a policy header that prevents it from being loaded from within an Iframe.
What is the correct way to authenticate the user with Salesforce in this situation?
Thank you very much
If you are calling a web app inside of an Iframe(Aura component) it would require the Salesforce domain calling it to be whitelisted in the web app.
Related
I basically have the same question as what is detailed here: Login redirect with asp.Core 2.0 and React. But that post never got an answer.
I've searched quite a bit and pretty much my problem is also touched on here here: https://github.com/aspnet/JavaScriptServices/issues/1440
I want to create a react front end application, but use .net core for the backend. I've used the .net core template with react redux as my boilerplate. I've also configured the .net identity on my backend. So I can actually use [Authorize] on my api calls and it works. By this I mean that if someone is authenticated the api returns data and if no one is authenticated it returns whatever the default redirect page is. I can confirm this by looking at the response on my chrome debugger and I see that it is showing the html for the register page which I've defaulted my login path to in configureapplicationcookie options.
The boiler plate is setup to serve up pages from the react client folder and uses react router. Therefore, I cannot set up any links to pages on my server. However, I'm able to manually navigate to my server pages for example /Account/Login and successfully login. My api calls through the links on the react front end then seem to work just as I would like.
What I would like to do is:
make calls from my react application to my server api
upon unsuccessful access to any api endpoint, redirect the user/request to my register page on the .net core server
have the user register and/or login and then redirect them to the route they came from through the react application.
Is this possible? Is it advisable?
I understand that you can manage all this on the front end using IdentityServer as detailed here: http://docs.identityserver.io/en/release/quickstarts/7_javascript_client.html. However, if all the infrastructure can be quickly spun up in .net and I can leverage the authentication templates, then I want to experiment with that setup and save time. Plus if this is feasible, why bother doing the setup on the front end using a 3rd party login provider? What am I missing?
I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support
I have multiple ember apps, but just one of them has the login page. I want to authenticate all of them with this unique page. How can I redirect other apps to an external login page using ember-simple-auth and redirect to the corresponding app after the authentication?
You need to write custom authenticator. In it's authenticate method I suggest to not redirect, but open a child window with login page. And that login page should be able to communicate with your ember app in some way (window.postMessage for example) in order to give your app auth token. Authenticator must wait until it receive answer (promise and timer will help with waiting). I used such method with google's oauth in node-webkit application (my authenticator opens google's oauth page where user prompted to give my app an access). I don't want to share a code because its too big, complex and have code specific to nw.js but I hope my answer will help. I used code of oauth2 authenticator to develop my own, it helped me a lot.
Up to this point, I had a functioning Azure Mobile Service with service-directed OAuth working nicely for Google. I tried to rehost the mobile service as an app service since mobile services are deprecated. I also have an HTML/JS web app that accesses my service through the MobileServiceClient JS client. This is where the fun starts.
After changing the redirect address to the appropriate app service address in the Google API manager, I get a message saying I'm successfully logged in in a new popup window: .
Clicking on "Return to Website" takes me to the address of my app service, not the app that initiated the OAuth request, and if I close this window, the MobileServiceClient throws a "cancelled" exception and I don't get my credentials.
What am I missing or what changed that I need to account for?
Thanks!
It turns out that this particular behavior happens when using an older version of the MobileServiceClient JS library. Replacing the 1.2.7 version with the 2.0.0beta version fixed this. To get the whole OAuth flow working, I also needed to add the appropriate addresses to the allowedExternalRedirectUrls node of the config/authsettings node through the Azure Resource Explorer. If there is a nicer way to do it than through the resource explorer, I don't know what it is.
How to integrate vLine Video Chat in MVC4 application?
https://vline.com/developer/docs/support
We don't have an example for an MVC4 application, but if you take a look at our examples for other languages, you should be able to get an idea of how to do it.
Basically, you need to generate an authToken for your authenticated user and inject that as a JavaScript variable in the page that is displayed to the user. Your JavaScript in the page then uses the vLine API to log in to our cloud and make calls.
For example, here's the page from the node example that shows a call button for other logged-in users. Note that jwt and serviceId are enclosed in `<%= %>'; those are the values that are generated on the server and replaced before serving the page to the user.