I feel that I'm doing something wrong...
GoogleWebAuthorizationBroker.AuthorizeAsync is supposed to open a new browser window, and then user can authenticate himself...BUT! I'm using it on WebServer or even in WorkerRole in Azure cloud, so how technically GoogleWebAuthorizationBroker.AuthorizeAsync can open new browser window on client machine?
This is the second question that I ask, but now it is a more specific question, because I feel that I miss something. The first one has little bit more details on what I'm doing.
I think I am having issues properly understanding your problem, I am not exactly sure this is a problem it seams this is more a question about the inner workings of Googles .net client library and in that case may just be off topic for Stack but lets try this.
You have a web application, for authentication it just needs to show this browser window to the user
That is done by redirecting them to this window.
https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Assuming they click accept the authentication is redirected to your webserver using the Redirect URI where you handle authentication. Its not opening a new browser window on the users PC its redirecting there current page to the authentication then back to your webserver.
Again are you having a problem or is this just general curiosity as to how the client library works?
Related
I'm trying to authenticate a desktop application with OAuth. I already asked a question, but I deleted it as I discovered that the method was obsolete (integrated web view).
The idea is to open the browser and then have the page call back my application with a custom:// URI scheme.
Of course it doesn't work, Google asks that the scheme contains a dot (like com.org.myapp), but the native app can only have a fmp:// uri scheme, which I can't change.
The documentation doesn't mention anything, and I can't create a local temporary server.
1- Can I use the fmp:// scheme as a callback in any way?
2- If not, is it possible to redirect the call to another centralised web server? Everything I try generates a 400 error on the google page, saying "redirect_uri_mismatch" or similar stuff.
As stated in the comments above, the only solution is to create an intermediate web server that serves a page which then opens the URL. OR creates a record in the database with the authentication code.
I want to build a website availability checking service that would pass Cloudflare's browser check (aka "I'm Under Attack Mode") that gives a false negative error with isup.me no matter if a website is actually offline or not. Assume that there's no direct connection to the website as well.
Maybe Cloudflare actually has some API to check if a website behind its proxy is online? That would be perfect.
If it doesn't maybe it could be done the hard way. I'm thinking about node-webkit. It's a full-fledged web browser so theoretically it should pass the browser check. But I never layed my hands on node-webkit so maybe I misunderstood. Do you think it is possible and rational?
Any other ideas maybe?
The site owner specifically turned on I'm Under Attack because they were under attack, so what you're looking to do might actually not be helpful while they are under an attack.
I have a web application that uses google & facebook oauth2 to authorize the users.
But, the application can also be hosted in other sites in a frame.
The problem is that in that case google blocks the login phase (since it's in a frame), is there a way to overcome it?
I don't think so. If possible stay away from embedding other site with frames.
You could contrive something where your client makes an ajax call to your server. If your server send the login redirect, your client can use the 302 location to open a popup window. You will of course need to make sure the user isn't blocking popups.
I am developing an application which on login page also supports facebook login with
<fb:login-button>.
I have set up two Apps on facebook:
one for localhost (Web site url http://localhost/, no App Domain)
one for testing server (Web site url http://dev.domain.com/, no App
Domain)
When I am developing on my own computer click on login button operates as expected and I am logged into my application.
When I put my application to the server (change appid and secret to use 2nd App) and click login button the facebook login dialog opens and when I enter email and password it closes but my applciation does not log me in.
Whats more if I check on server I see that process which is handling this web request is constantly increasing memory size (3MB per second) and its taking 50% or more CPU time. If this process is not stopped soon the server becomes unresponsive becouse memory used by it is maximum possible and CPU time is 100%.
This happens as soon as facebook login dialog closes.
In my application I am using library facebook C# SDK from codeplex.
If anyone has any information on what I might be doing wrong O would greatly appreciate the answer.
Found the problem...it was not about facebook but .Net Framework. It appears that some versions of framework support parameter passing from dynamic objects and others don't.
So when i changed code from
dynamic fbuser = GetUserData();
DoSomethingWithID(fbuser.id);
to
dynamic fbuser = GetUserData();
object fbid = fbuser.id;
DoSomethingWithID(fbid);
it started to work...dont really understand why sometimes even on the server it would work (after remote debugging it always worked until dll's were replaced but ...dont really care :) )
Thanks for all replies.
Sounds like an infinite redirect loop.
Check to see what your browser is doing using Firefox's Firebug or a built-in developer tool for Chrome, IE or Safari. I think there might be a setting wrong in your app settings, and by looking at the traffic it might help lead us to the culprit.
I'm hoping this is just a bug on Facebook's end that will be fixed soon, but in my Facebook Connect app I'm launching the dialogue FB provides to make a post. This dialogue is launched on a page with an SSL connection. In this dialogue the profile pic for some users comes up with a security warning while others display correctly. I'm already setup to use Facebook's SSL javascript file instead of the HTTP file.
This is a bug at Facebook, but there's a work-around. When you use Facebook Connect to show a profile pic, you must set facebook-logo="false" on the fb:profile-pic FBML tag. (Note: the default is "true"). If you do this, and follow the instructions at facebook for using ssl, then the profile pic will be served using the correct protocol. If you leave it set to "true", then you always get the profile pics over http.
The bug is reported at http://bugs.developers.facebook.com/ as issue 5507 and possibly 7072 and 8485.
Also check whether you are serving the xd_receiver under ssl. The debugging hint at the bottom of this page can help you find if there are requests going to facebook other than the pictures which might not be SSL, thus confusing their determination of whether the page is under ssl: http://wiki.developers.facebook.com/index.php/Facebook_Connect_Via_SSL
I would use fiddler and see if there are other requests going to facebook which are not ssl, that will probably give you an indication of what is being missed, or if it is a bug.