I trying to use Auth0 in a office add-in (React SPA), specifically Excel.
I am using the popup to login instead of the redirect because the redirect doesn’t load in the iframe.
(The error for the iframe is "Refused to frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’” ").
The issue I’m having is once I login successfully, the pop just goes white and gets stuck on the login/callback.
I’ve checked the logs, it says a successful log but it doesn’t say anything about an exchange (success or failure).
I’ve tested the pop up on a different application (react web app) and it works perfectly fine.
The login we are using is the Universal Login (the new one, not the classic)
I’m interested in any and all approaches for using the Universal Login in this context.
Thanks
Related
I am building an app using .Net Core with VueJs along with JavascriptServices&NodeServices for ServerSideRendering, and Identity as auth mechanism.
Scenario :
I navigate to /details page - having some hidden info because the user is not logged in (so, User.Identity.Name) is null.
I click login, a pop-up shows up, I enter my credentials, and after the AJAX call is made to auth the user, I do a full refresh of the page using location.reload(true).
This works on chrome desktop but on mobile devices it doesn't; on mobile browsers it works if I "fake navigate away" meaning that I go back one page and then come back (so I don't trigger a SSR).
Does anybody have an idea why this doesn't work?
Our web app allows users to log in via Facebook. Technically, we are using Facebook OAuth2. We have implemented this login process two years ago. It worked fine until 13th November 2015 but since that day it does not. When our server sends the request
https://graph.facebook.com/oauth/access_token
with appropriate parameters (client_id, redirect_uri, client_secret, code), the response from Facebook has HTTP status 400. The response body is a HTML page saying "Sorry, something went wrong".
On 13th November, there was some problem on Facebook probably.
I have found the following message:
http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-down-site-breaks-for-many-people-though-not-for-everyone-a6732906.html
However, our server still gets this error response after a week. We have an instance of the system deployed in the production environment and one more instance in the test environment (with different Facebook account, i.e. with different client_id and client_secret). Currently, Facebook login works fine in the test environment. I am not sure if it worked on 13th November.
Do you have any experience with recovery from such problem? Why does Facebook login work in test environment and does not work in the production environment in the same app? Why did the production instance break on a particular day and is still broken a week later?
Thanks for any help.
I had the same issue. I believe that the issue stems from passing in invalid scope in your authentication requests. Try removing the scopes in your authentication request to see if that works.
One more corner case I found in 2022:
In the App Dashboard, if you choose Facebook login for Business, same error happens. It will go away as soon as you select Facebook Login one.
Finally, the issue was resolved by restarting the servlet container (Tomcat 7). However, I have no idea why.
All of this is using exclusively the login button. Not the API serverside and not FB.login(). It would work for me sometimes and sometimes not and I couldn't figure out why. I would open a new window and it may work, or may not - but it seemed like once broken it was broken.
There appears to be an issue when using the Chrome 'Device simulator'.
Looking at the SDK Javascript (that's to say the SDK that the Facebook Login button uses) it checks to see if the device is a 'touch' device and if so it will use the m.facebook.com domain when requesting the oauth token.
This domain fails m.facebook.com:
However if the mobile device mode isn't activated when the page loads then it uses www.facebook.com and succeeds:
So for me the current workaround is:
Assuming you are developing with the console active.
When you need to reload your page press Ctrl + Shift + M to deactivate the mobile device mode.
Refresh the page
Once the button has initialized press Ctrl + Shift + M to reactivate it again.
If you see m.facebook.com then you didn't do it fast enough, or maybe you're using something like Angular with hot reload and you need to manually refresh.
I'm trying to develop a rally app using the app builder. When I load App-debug.html in my browser, I am prompted to enter my user credentials in the form provided. I enter them, but the form re-appears over and over again.
I did notice that the login attempts to authenticate via https://rally1.rallydev.com:443. If I go to this in another window and enter my account details I am able to get in. However, when I do log in, there is a corporate redirect that takes place (for SSO) and I ultimately end up on us1.rallydev.com.
How would I get my app to authenticate through us1.rallydev.com. Changing urls in App.js and config.json only causes errors when trying to load javascript for APIs.
The app should always just piggyback on your existing session. Changing the serverin config.json and re-running rab build should cause all traffic to go to that server- if that's not happening then that's a bug.
You won't be able to authenticate from scratch using SSO from an app, but it should have no problem re-using an existing session.
Another option is to use an API Key to develop: https://help.rallydev.com/apps/2.0/doc/#!/guide/embedding_apps
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?
I asked a question earlier about if it was possible to use Firebase in a Windows 8/WinJS app. #MichaelLehenbauer told me that I just needed to add the following line to my code in order to fix a bug in firebase.js:
Firebase.INTERNAL.forceWebSockets()
This worked great and allowed me to read and write to my Firebase. However, now I am trying to get auth working in Windows 8 and running into many issues. I am trying to use the Facebook login but when I call auth.login("facebook"), my app loses focus and a new tab in the modern Internet Explorer app (not the desktop app) is opened with the typical Facebook login prompt. If I put in my credentials and hit login, nothing happens. I need to go back to my app but then it fires up a new IE tab and the process starts again. Instead of opening a new IE tab, Firebase should internally be opening an in-app dialog like seen in the top image here.
So, since I couldn't get the Firebase Facebook login working in WinJS, I tried doing the Facebook login myself and then create Firebase users using the email/password auth. However, when I run:
auth.login("password", {
email: "me#example.com",
password: "password"
});
I get the following warning (which is the same warning I received from firebase.js befoore Michael suggested to me to force web sockets):
APPHOST9601: Can’t load <https://auth.firebase.com/auth/firebase?&firebase=[my_firebase]&transport=jsonp&email=me%40example.com&password=password&callback=FirebaseSimpleLogin._callbacks._firebaseXDR13889674277557>. An app can’t load remote web content in the local context.
I'm not sure if this is another web sockets issue or not, but it looks like FirebaseSimpleLogin is just not working very well in Windows 8 apps. Are there any workarounds to these problems? Even better, is there any plan to provide full support out of the box with Windows 8?
Windows 8 is now supported out of the box with Firebase Simple Login.