I used the $authWithPassword() to login User, and it works fine. User can login, add content in the URL (/index.html#/notebook). Then I used the unauth() to log user out, then redirect them to the login page. It does say use is logged out, and redirect the user to the login page (/index.html#/login).
$scope.logOut = function(user) {
logoutObj.unauth();
console.log("User is logged out");
$location.path('/login');
};
However, when I type the URL in browser again (/index.html#/notebook), it shows this user is still logged in, and the content still available for the user.
It seems that the unauth() function does not really log out the user. Am i doing some thing wrong?
It's actually $unauth() and not unauth().
So change your code to this:
$scope.logOut = function(user) {
logoutObj.$unauth();
$location.path('/login');
};
Related
I'm making a redirection on the login required pages.
If user is not logged in and he/she tried to open the login required page directly then he or she will be redirected to the login page with a destination parameter
Like this:-
https://localhost/example-app/login?destination=login-required-page
And when it will redirect to login page then there will be check of destination at the top of the file
//LOGIN CHECK
login_required_page.php :-
if(empty($user_id)) {
redirect(BASE_URL . '/login? destination=' . $page_section);
//page section is the page type ex. Login, signup, settings
}
Here is config file that contains the redirect function:-
function redirect($destination) {
header("Location: " . $destination);
}
Here is the login page redirection block :-
if($_GET['destination'])) {
$destination = $_GET['destination'];
redirect(BASE_URL . '/' . $destination);
//Only for checking I don't added redirection button onclick
//Added redirection at top of the page so that I can check it's working fine or not
}
And the error is coming on the login page.that localhost redirected you so many times and page is not able to open!
Please help me to resolve this problem
I am trying to redirect the user that uses my website after he has logged into his account, he will be redirected to a dashboard.
The problem is that I can see a request for the /dashboard route in the Network tab of the browser Inspection Tools, but the page never loads.
This is my code so far.
router.post('/login', function(request, response){
// verify against database and send back response
var userData = {};
userData.email = request.body.email;
userData.password = request.body.password;
userData.rememberPassword = request.body.rememberPassword;
// check if in the database and re-route
var query = database.query('SELECT * FROM users WHERE email = ?', [userData.email], function(error, result){
if(error){
console.log('Error ', error);
}
if(result.length){
// check if the password is correct
if(userData.password === result[0].password){
// redirect to the dashboard
// TODO this piece of code does not redirect correctly
response.redirect('/dashboard'); // < HERE
console.log('Haha');
}
}
else{
// do something when there is are no results
// invalid email status code
response.statusCode = 405;
response.send('');
}
});
});
And this is the route towards the dashboard, and it is being rendered properly when accessed in the browser.
router.get('/dashboard', function(request, response){
response.render(path.resolve(__dirname, 'views', 'dashboard.pug'));
});
Why can't it redirect when the user completes the login process?
Thanks.
The issue can be in the frontend and not in the backend. If you are using AJAX to send the POST request, it is specifically designed to not change your url.
Use window.location.href after AJAX's request has completed to update the URL with the desired path.But the easiest way would be to create a form with action as /login and use the submission to trigger the url change.
To make sure that the problem does not lie with the backend,
Add a logging statement to router.get('/dashboard' to verify if
the control was passed.
Check that the HTTP status code of the /login route is 302 indicating a redirect and location header has the route /dashboard.
Content type of response /dashboard is text/html.If not please set it using res.setHeader("Content-Type", "text/html").
In Onedrive I am able to use their Live SDK API and get the Access_token and the filepicker for my users is also working properly.
But, every time a user tries to attach a file I am calling the API to get the Access_token.
Is this a problem, when more number of users try to call this API every time they try to attach the files( did Microsoft has a limit for number of API call).
Also, If i try to use Refresh_token for Access_token using WL.offline_access scope how would my app know the Access_token is expired?
You'll need to add logic to your code to see if the user is already has a session occurring. You can do this this by adding WL.Event.subscribe and checking for "auth.statusChange". If the users status has changed at any point, it will call the function to check the users current status (i.e. connect, notConnected, and unknown) by calling WL.getLoginStatus. WL.getLoginStatus will also return the users session object (access_token, expires_in, etc) if you want to use any values there.
Your code will look something like this.
< script type = "text/javascript" >
WL.Event.subscribe("auth.statusChange", chkStatus);
function chkStatus() {
WL.getLoginStatus(
function(response) {
if (response.status == "connected") {
document.getElementById("info").innerText = "You're signed in";
} else {
WL.login({
"scope": "wl.skydrive_update"
});
}
More info on WL.getLoginStatus can be found at https://msdn.microsoft.com/EN-US/library/hh550842.aspx. I hope that helps.
I'm currently trying to make a site where the user can log in with his google+ account. Most of it is working. I get them to grant access to my website. They can log in and I get their name and user ID, and I show content specific to their google account on my site.
When however someone else wants to log in and I try to 'log out' of the site, the google log in still remembers that it just logged in and after logging out it instantly runs the code to log in again. If I delete the SSID cookie from google it doesn't do this, so I'm assuming that's where google stores the fact that I just logged in with x.
Is there a way to when I log out make google not instantly log in with the same account, but rather ask for the e-mail and password of a google user?
I feel like I'm missing something obvious here, but I can't figure out how to deal with this.
Code I use to Auth and get data:
<button class ="btn btn-primary" id="authorize-button" style="visibility: hidden">Log in</button>
<script>
var clientId = '';
var apiKey = '';
var scopes = '';
function handleClientLoad() {
gapi.client.setApiKey(apiKey);
window.setTimeout(checkAuth,1);
}
function checkAuth() {
//alert("authorize");
gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: true}, handleAuthResult);
}
function handleAuthResult(authResult) {
//alert("authorized");
//alert(authResult.access_token);
var authorizeButton = document.getElementById('authorize-button');
if (authResult && !authResult.error) {
authorizeButton.style.visibility = 'hidden';
makeApiCall();
} else {
authorizeButton.style.visibility = '';
authorizeButton.onclick = handleAuthClick;
}
var token = document.createElement('h4');
token.appendChild(document.createTextNode(authResult.access_token));
document.getElementById('content').appendChild(token);
}
function handleAuthClick(event) {
gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: false}, handleAuthResult);
return false;
}
var x;
function makeApiCall() {
//return;
gapi.client.load('plus', 'v1', function() {
var request = gapi.client.plus.people.get({
'userId': 'me'
});
request.execute(function(resp) {
x = resp.id;
var heading2 = document.createElement('h4');
var heading3 = document.createElement('h4');
heading3.appendChild(document.createTextNode(resp.displayName));
heading2.appendChild(document.createTextNode(resp.id));
document.getElementById('content2').appendChild(heading2);
document.getElementById('content3').appendChild(heading3);
$.post("token.php", {id: x});
});
});
}
When you make the auth call, set approvalprompt to force. This will force the consent dialog to appear every time. It overrides the default setting of "auto." You can learn more at https://developers.google.com/+/web/signin/#sign-in_button_attributes.
gapi.auth.authorize({client_id: clientId, scope: scopes, immediate: true, approvalprompt: force}
After the user authorizes your app, they are basically logged in to your app any time that they are also logged in to Google, especially when immediate mode is turned on.
What some sites do is have a logout link or button that displays a page or dialog that says something along the lines of "You're logged in to Google and this site with account blah#blah.com. If you want to switch accounts, go to google.com and log out of your Google session."
You can also track the logged in status of a user using your own cookies and setting and removing them during the appropriate events in your code. You would want to discard any tokens that your app obtained on behalf of the user during a log out event. When the user logged in again, they would not need to re-authorize your application with the popup (or redirect window), but you'd still get a new access token during the callback.
Is there is a way I can force the google account chooser to appear even if the user is logged in just with one account.
I have tried by redirecting to this URL:
https://accounts.google.com/AccountChooser?service=lso&continue=[authorizeurl]
and it seems to work, but I don't know if there are any other conditions in which it might fail.
The following parameter is supported in OAuth2 authorization URLs:
prompt
Currently it can have values none, select_account, and consent.
none: Will cause Google to not show any UI, and therefore fail if user needs to login, or select an account in case of multi-login, or consent if first approval. It can be run in an invisible i-frame to obtain a token from previously authorized users before you decide, for instance, to render an authorization button.
consent: Will force the approval page to be displayed even if the user has previously authorized your application. May be useful in a few corner cases, for instance if you lost the refresh_token for the user, as Google only issues refresh_tokens on explicit consent action.
select_account: Will cause the account selector to display, even if there's a single logged-in user, just as you asked.
select_account can be combined with consent, as in:
prompt=select_account consent
Also, you can add "prompt" parameter in HTML tags as data-prompt="select_account":
<div class="g-signin2" data-onsuccess="onSignIn" data-prompt="select_account">
and it will force account chooser every time, even if you are logged in with only one account
Some people may end up here looking for an answer about how to do this in Microsoft.AspNetCore.Authentication.
We were able to accomplish it via the following code in the Startup.ConfigureServices method:
services.AddAuthentication()
.AddGoogle(options =>
{
options.ClientId = configHelper.GoogleOAuthClientID;
options.ClientSecret = configHelper.GoogleOAuthSecret;
options.CallbackPath = "/signin-google";
options.AuthorizationEndpoint = string.Concat(options.AuthorizationEndpoint, "?prompt=select_account");
});
If you are using gapi than just add prompt: 'select_account'
Example:
gapi.load('auth2', function () {
gapi.auth2.init({
client_id: "client_id.apps.googleusercontent.com",
scope: "profile email", // this isn't required
ux_mode: 'redirect',
redirect_uri: 'https://www.example.com',
prompt: 'select_account'
}).then(function (auth2) {
console.log("signed in: " + auth2.isSignedIn.get());
x = auth2.isSignedIn.get();
auth2.isSignedIn.listen(onSignIn);
var button = document.querySelector('#signInButton');
button.addEventListener('click', function () {
auth2.signIn();
});
});
});
For google api php client (https://github.com/google/google-api-php-client) you manage to do that as following:
$client = new Google_Client();
$client->setApprovalPrompt("force");
$client->createAuthUrl();