I'm using vue-authenticate for social account authentication. It works perfectly on desktop browsers, but not android mobile (chrome/firefox).
When authenticating, the popup window opens and works correctly, but then the redirectUri (with the access token) opens in a new browser tab (not the origin tab), therefore losing state and breaking the auth flow.
How to work around this? thx
https://github.com/dgrubelic/vue-authenticate
Related
I am building an app using .Net Core with VueJs along with JavascriptServices&NodeServices for ServerSideRendering, and Identity as auth mechanism.
Scenario :
I navigate to /details page - having some hidden info because the user is not logged in (so, User.Identity.Name) is null.
I click login, a pop-up shows up, I enter my credentials, and after the AJAX call is made to auth the user, I do a full refresh of the page using location.reload(true).
This works on chrome desktop but on mobile devices it doesn't; on mobile browsers it works if I "fake navigate away" meaning that I go back one page and then come back (so I don't trigger a SSR).
Does anybody have an idea why this doesn't work?
My project includes the firebase sign-in methods: Twitter, Facebook, Google and Github.
I am using firebase.auth().signInWithPopup() to handle authentication and callback. It works fine when run in the browser:
in mobile, this is different. I realize that it opens a new safari window, but it does not redirect to the app home screen. How can we do that?
this is the project in the firebase console for the Facebook sign-in
I believe this is a known issue for home screen apps in iOS. The window that is opened is sandboxed from the home screen app. The popup is unable to pass back the result to the parent home screen app. Instead, you should use signInWithRedirect in that mode. I believe that should work.
I started with the sample FormBasedAuthenticationProject which uses NonValidatingLoginModule.
I launched the app and login as testUserA. Works fine. Then I launched another new browser window intended to login as testUserB. But the app thinks I am logged in already and the WL.Server.getActiveUser returns testUserA. Just wonder does WL.Server support multiple users logged in concurrently?
A Browser's windows or tabs share cookies amongst themselves, which is why you say you are already logged-in after launching the web app in a new browser's window. For example, you can login to Facebook in window A, then open window B and you will still be logged in.
If you will test this in a device, this will not happen to you.
To "overcome" this "limitation" when testing in browser, you can:
Clear cookies before trying in window B
Try in incognito mode
Try in a different browser. For example, Safari and Chrome.
I developed an application that uses the Google + API to authenticate the user using the following code snippet:
<div class="g-signin"
data-callback="loginFinishedCallback"
data-clientid="{My Client ID}"
data-scope="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read"
data-cookiepolicy="single_host_origin"
>
</div>
This basically displays a Google Sign in button and when the user clicks on it, another window opens and they sign in. In desktop browsers everything works great but in mobile devices the second window opens and after the user logs in, Google doesn't close the login window so the user ends up staring at an empty page. In other words the callback function never gets called because the mobile browser doesn't close the new (login) window. Is there a way to work around this issue?
This is the javascript file Google provides:
<script src="https://apis.google.com/js/client:plusone.js" type="text/javascript"></script>
Cannot comment--however I would like to see an answer for this question. I am having the same problem with Google login redirecting mobile devices to blank page. Desktop Google login works perfectly fine. I am using OAuth2.0.
EDIT:
I solved this problem for my own framework. After tracing through and using a ton of var dumps I realized where google's redirect was dying out. The problem was that when the page redirected from my site's control to Google's authentication control, my $_SESSION redirect was lost. My other social logins (FB and LinkedIn) work with this method, however I had to add a catch for google specific redirect. I checked if the redirect was set and if not, made sure to set it there.
I hope this helps with your problem.
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?