When I use FB.logout() the user gets logged out fine, but then the next time I do FB.login() it logs in the last user without the option to enter in new credentials. I can't find any information on how to forget the previously signed on user. Is there a parameter I can pass into logout or login that would forget the previous user?
I found out that the behavior I wanted could be achieved by deleting the users permissions with the following snippet before logging the user out.
FB.api(`/${fbUserId}/permissions`,
'delete',
{access_token: fbUserAccessToken})
Related
Whether the user is logged in or not, when I call Meteor.user() in Meteor.startup(), the user is always undefined (not logged).
I want to perform an action (redirect the user to an external url where the login must occur) if it is not logged in as soon as the page loads. The problem is that if he is logged in, the page will only know it at some point in time (in milliseconds, of course). I can trap the eventual logged in user with Tracker.autorun, but I want to perform an action now (when the user is always not logged in) and I know only after whether I need to perform it or not (maybe the user is already logged in).
How to do this in Meteor?
EDIT
I ended up with the following working:
Tracker.autorun(() => {
if (!Meteor.user() && !Meteor.loggingIn() && Accounts.loginServicesConfigured()) {
Meteor.loginWithTwitter();
}
});
Try Meteor.loggingIn()
From the docs
if a login method (such as Meteor.loginWithPassword, Meteor.loginWithFacebook, or Accounts.createUser) is currently in progress. A reactive data source.
One solution to the problem is to use the meteorhacks:fast-render package. Its inclusion causes the initial set of data to be sent along with the application code, so the user information is available immediately in the startup method.
If you don't want to use that package, you can always restructure your app so that the "now" you speak of always happen after the initial data is loaded. For example, you can move this check to the onBeforeAction callback of your root controller. This will always run before any template is rendered, assuming you also subscribe to user data in the root controller.
Possibly the question is being solved somewhere, but I can't find the solution.
The problem is following:
There was created Facebook application for web-sites. Application ID: 838914722867595
All setting were set to "public" for the application. I.e. the status is "This app is public and available to all users"
When trying to get user info with not application owner account with "FB.api('/me', ... " I've got an error:
{ status="not_authorized", authResponse=undefined}
{ message="An active access token must be used to query information about the current user.", type="OAuthException", code=2500}
I need only Facebook user ID.
Calling of "FB.api('/me', ..." is wrapped into "FB.getLoginStatus( ..."
Doing the same with application owner account returns the expected user info results.
{ authResponse={...}, status="connected"}
{ id="1395024780825585", first_name="Evgeny", gender="male", more...}
The url with implemented Facebook JS: http://www.doc4net.com/download/2459616413282
Here is the screenshot of the app setting.
Please, advice
The issue is solved.
Facebook "Like" button DOES NOT provide application permissions on login. Even it is calling the login dialog.
So, first the one is need to be logged in with "Log in" button, which rises the login dialog with requesting to allow application permissions to read facebook user info.
Only after using "Log in" the "Like" button works properly.
After a user has already accepted the auth dialog, he should not have to accept it again. However, when including the contacts scope (https://www.google.com/m8/feeds/) and asking for offline access, the user has to accept a 2nd auth dialog in order to sign in. The first auth dialog does not ask the user for offline access, whereas the 2nd dialog does. Here are the repro steps:
Put a sign-in button on the page that triggers the following javascript call to gapi.auth.signIn():
var myParams = {
'clientid' : 'myClientId',
'cookiepolicy' : 'single_host_origin',
'callback' : 'handleAuthResult',
'scope' : 'https://mail.google.com/ https://www.google.com/m8/feeds/ https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile',
'accesstype' : 'offline'
};
gapi.auth.signIn(myParams);
function handleAuthResult(authRe) {
console.log(authRe);
}
Click the sign-in button once, you will see an auth dialog with all of the permissions except for offline access. Click "Accept" and handleAuthResult receives a valid access token.
Click the sign-in button a 2nd time, and you will be prompted to grant offline access. Click "Accept", and handleAuthResult receives a valid access token. However, the user should not have to click "Accept" a 2nd time.
Click the sign-in button a 3rd time, and you will NOT be prompted to accept anymore permissions. The auth dialog quickly opens and closes, and handleAuthResult receives a valid access token.
I do not want to make returning users have to accept a 2nd auth dialog. Ideally, the offline access permission should appear in the 1st dialog.
I have also noticed that this only happens when I include the contacts scope (https://www.google.com/m8/feeds/). Removing that scope does not trigger the 2nd auth dialog that asks only for offline access.
Any help on how to get around this? Is this a bug on Google's end?
As I understand it this is expected behaviour. If you request offline access, the user will always be prompted to authorize offline access when they authenticate. Offline access and automatic subsequent logins are not compatible together.
I have deployed Google+ Sign-in Button, now I have to provide Sign-Out Button, before that, I need to know whether the user is still signed in, by which I can then show or hide this button.
I found this documentation: gapi.auth.checkSessionState(sessionParams, callback):
https://developers.google.com/+/web/api/javascript?hl=en#gapiauthchecksessionstatesessionparams_callback
Could someone demo how to use it ?
Many thanks.
gapi.auth2.getAuthInstance().isSignedIn.get()
This returns boolean
You don't need to use a separate function call to determine the user's signed in state if you've already added the sign-in button. The sign-in button's callback is going to trigger either on sign-in, when the page loads, or any time that the user's signed-in status changes. The page load trigger (immediate mode), will also help to indicate if the user is a Google signed-in user or not.
See monitoring the user's signed in status, which shows the different status fields that you can check (Google signed in, app signed in, or signed out).
From Google dev docs :
If you pass null to sessionParams.session_state, you can check if the user is signed in to Google, whether or not they have previously authorized your app.
So your code will be like this:
gapi.auth.checkSessionState({session_state: null}, function(isUserNotLoggedIn){
if (isUserNotLoggedIn) {
// do some stuff
}
});
This is an example of how to use it:
gapi.auth.checkSessionState({client_id:'99999999999.apps.googleusercontent.com'}, signinCallback);
where client_id is the id of your project on g+ console. and siginCallback is a function i created to check the state.
IT'S VERY IMPORTANT to notice that the official api documentation says:
If the argument is true, the supplied session_state is still valid. If the argument is false, it is no longer valid and the application should perform a new re-authorization flow with immediate set to true to get an up-to-date access token or detect a non-authorized or nonexistent Google sign-in session.
But when i recive the response of checkSessionState i get true value when im signed off and false when im signed in. I Dont know if there was an error on the documentation but you can try it by yourself.
Hope this has been helpful for you.
PD: excuses for my awful english
Adapted from Tom Anthony's Blog
One simple way you can use without the use of an API to see if a user is logged into Google + (Or Google/Facebook/Twitter) is to try to access a resource which they would only be able to access if logged in. The code below attempts to load an image resource for which the user needs to be authenticated to access. By default html <img> tags run onload() if an image is successfully returned, but onerror() otherwise.
<img style="display:none;"
onload="function(){document.getElementById('signOutButton').style.visibility = 'hidden';}"
onerror="function(){document.getElementById('signOutButton').style.visibility = 'visible';}"
src="https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0"
/>
I'm having a very weird issue with user logins.
I'm building a site where all the content/menus are only available after you login.
I made a 'login' through the Modules and assign it the "userlogin" position.
Now when I go to the home page or any page, the login box comes up, but there's also a second login form. It seems to be coming from com_user.
This com_user login form doesn't work. I can't login using any credentials. If it was working I can simply remove my login module.
Is there a way I can either:
get com_user to work with normal user logins
or
disable this and so I can only see the Module login.
I can hide it from CSS, but I want to know where it's coming from.
Check the menu link which you have created should be public.
If these are not public then whenever user clicks it, he/she will be asked for login. Thats why the second login option is coming up.