Is there a setting, either in Google projects or in Firebase databases for specifying that unauth should not cache user credentials? One I have logged into my app via the Firebase Google authentication, calling unauth() does not permit me to log in again with a different account. An attempt to login after that immediately logs in with the old credentials without asking for a new username and password. Closing and reopening the browser after the logout didn't help.
Firebase doesn't have access to your credentials when you use its Google authentication. Instead it uses OAuth to create a relationship between the Google account and your application.
When you call unauth Firebase expires the token that is part of the current session. But it does not remove the relationship between the Google account and your application. That's why you "automatically" get a new token when you call auth... next time.
It is up to each individual user to revoke the rights, which in the case of a Google account they can do at the Account Permissions page: https://security.google.com/settings/security/permissions
Related
Setup Overview
I am using B2C custom policies for sign-in flow in react application using msal-react and msal-browser packages. The user is able to log in properly for the first time after entering credentials. Now when the user clicks logout, B2C logout popup shows up and it goes away instantly without asking the user to choose an account which is expected because the user is signed in with only a single account. The user is redirected properly.
Doc followed - [https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/logout.md
Issue
After successful logout, which seems to be happening properly as the UnAuthenticated template executes after login. When the user presses login again, it does not ask for any credentials, and user is signed in again which is a security issue. I am not sure what am I missing now. I have gone through all the MS docs multiple times and GitHub issues but did not find a solution
Flow:
Before First login - Session Storage and Cookies are empty,
After login - Session Storage has values and Cookies have 2 entries - x-ms-cpim-sso and x-ms-cpim-csrf
After logout - Both are cleared with no values
Click login again, values from step 2 come back in. But if you don't click login and try different app routes, it shows Unauthenticated template which has login button. So seems like user was correctly logged out
A few questions and helpful information
Is azure ad B2C considered as social sign in (federated entity) or is it considered a local account like Azure AD
I have read here that it does not assume logout from social IDP but I am not using anything other than B2C. In this GitHub, it also mentioned it is expected behaviour but how do I logout properly so that user is asked for credentials again. [https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/2547
After pressing logout, if user is signed out from B2C as the app executes Unauthenticated template instead of Authenticated, how is it able to sign in again without any credentials.
Please guide me to solve this issue
Lately I started looking into PoC with Auth0 for our use case where we want to allow users to login with Google and Facebook, also want Guest user to login and access our API and once guest user choose to login with Google and Facebook then we can link guest user so that their data will be served once logout.
Here's the things which I am to able to do till now with PoC:
Able to Login with Google and Facebook through client App.
Access authenticated API after getting bearer token from client App.
Things which still need to do, I tried to search but couldn't found good resource:
I want user to login as Guest user and latter if they want they can login with Google/FB and link their account.
Also, I am looking into Rest login API in Auth0 so that we can hit login API after getting access token from Google/FB and register user into Auth0 and get the token for API access.
It would be great if anyone help me on above two points. Thanks!
I had a Google account based on not-GMail-account. I had another email company's email as a login to my Google Account (myemailhere#ukr.net). And I used this Google account to login the dialogflow.cloud.google.com.
Today Google suggested me to create a #gmail.com account and attcach it to my myemailhere#ukr.net Google Account. I have confirmed and created the myemailhere#gmail.com.
Using both of this logins (myemailhere#gmail.com and myemailhere#ukr.net) I am still able to login my cloud.google.com Profile. But when I try to login the Dialogflow Profile (dialogflow.cloud.google.com) - I see the eternal loading animation (or a totally blank page). There is no errors about password or something like this. Just login process after I submit the password and then white page. This behavior I see on all my devices, while I trying to login with myemailhere#gmail.com or myemailhere#ukr.net
And I see some 400 errors in web console (if it matters).
Could you please help me to fix this and get access to DialogFlow?
Screen that I see after the login and password entering
Do you have the project owner role for the mentioned username that is registered on your project in the GCP console (not Dalogflow Console)? Here is a list of roles related to Dialogflow that grant access to its Console.
Note that some of these roles give full access or edit access while other roles have permissions that simply gives view access to the Dialogflow Console.
If you are missing any of these then simply assign on your GCP project's console.
Assigning roles as described above did not work for me. Solution was to delete gmail email service from the account.
Instructions here
If you would like to use gmail, do NOT add gmail to your existing google account. You should instead create a seperate google account and use gmail from this seperate account
Problem:
I am using Aws Cognito using google as external federated identity for auth of my application:
problem is it logs me in with the last user when having only one signed in google account. Basically it seem its simply not able to logout the user completely.
Heres what is happening :
I am logged into google with e.g user a#gmail.com
I login into cognito via the external federated identity use the above email and login. All iz well.
I now logout and want to login into cognito using 'b#gmail.com', now say I created the account using another browser and never used the current browser, so browser does not know about this.(In short I am logged into just one gmail account in this browser.)
When I try to signin I am shown the option to 'Signin with Google' but it never presents me the account selection screen and directly logs me in.
I am using the screen cognito shows at https://mydomain.auth.auth.us-east-1.amazoncognito.com/login
Using Prompt:
I see that google itself has a way to force the user to select an account using the 'prompt' : select_account option. But I see no way to specify this anywhere in cognito.
Question :
- Anyone have any fix / workaround to above problem? I need a way to 'always' show the account selection so that he can choose or use a different account.
Did you try the logout endpoint from cognito ?
- Yes, This is happening even after I send the user to the logout endpoint of cognito, which is probably supposed to logout the user.
I am trying to migrate user from my current directory to cognito userpool. I was able to migrate user when they enter username and password, but not able to migrate when user sign in with google. I have linked google accounts with existing user in my current directory( I use email to send authentication token if user email of google account found in my directory). Same I want to do for migration. Approach I have tried
On pre-signup trigger by external provider get users from my current directory and add it to userpool and link it with external provider. Problem is how to use same password.
Is there any better approach to migrate user on google sign in?