In my play 2.2.4 application, using securesocial 2.1.3 module for authenticating the user via social login(google, facebook,linkedIn). Finally I want to logout the user from social site. For logout I use the following call.
GET /logout securesocial.controllers.LoginPage.logout
But the social site is not get logged out.
what is this the correct way of doing logout?
You can't log out from an external provider. That is not supported and I would advise against it. Your users won't expect to be logged out from Facebook for example if they decide to log out from your app.
Related
Lately I started looking into PoC with Auth0 for our use case where we want to allow users to login with Google and Facebook, also want Guest user to login and access our API and once guest user choose to login with Google and Facebook then we can link guest user so that their data will be served once logout.
Here's the things which I am to able to do till now with PoC:
Able to Login with Google and Facebook through client App.
Access authenticated API after getting bearer token from client App.
Things which still need to do, I tried to search but couldn't found good resource:
I want user to login as Guest user and latter if they want they can login with Google/FB and link their account.
Also, I am looking into Rest login API in Auth0 so that we can hit login API after getting access token from Google/FB and register user into Auth0 and get the token for API access.
It would be great if anyone help me on above two points. Thanks!
I am trying to set up an integration API between ServiceM8 and another 3rd party application. I need to create a webhook which requires Platform Services Authentication using Oauth.
I have created a developer account and a store item after which I got the APP ID and APP Secret which are required for the authenticatcation.
I initiated the authentication by redirecting the user to the url
https://www.servicem8.com/oauth/authorize?response_type=code&client_id=[App ID]&redirect_uri=[my redirect url]&scope=manage_jobs
The user was es expected directed to the login page.
However after logging in, instead of prompting the user to accept the required permissions and redirecting to the redirect_url the user is being redirected to the ServiceM8 dashboard page.
Can someone please help me.
Thanks
According to this link Facebook Login for the Web, I can let my users login with facebook accounts (after logging to my facebook app).
now, all the work is done here in javascript which is a client-based code, it means it is insecure and a hacker could easily trespass my login step.
I know i should be using PHP SDK (for example) to secure the login process, but my question is why would I use this method ????
How I can determine that user is logged in to facebook but not authenticated my facebook web application using php sdk. I know we have $user = $facebook->getUser(); but this only check that user authenticated the app or not. I want something like FB.getLoginStatus
the user is logged into Facebook and has authenticated your application (connected)
the user is logged into Facebook but has not authenticated your application (not_authorized)
the user is not logged into Facebook at this time and so we don't know if they've authenticated your application or not (unknown)
Want to determine second condition using php sdk i.e. of not_authorized but logged in to facebook
The PHP SDK on it’s own has no way of knowing that.
The JS SDK can make cross-domain calls to have Facebook check if there is an active session under their domain. From server-side alone there is no way of doing something similar.
I want something like FB.getLoginStatus
And why not use just that, and pass the info on to the server? (Cookie, AJAX, …)
I have the following scenario:
User logs in with Facebook connect (devise, omniauth)
User starts browsing around the site
User logs out from Facebook
User can still browse around. <-- how can I prevent this from happening?
I basically want to redirect the user to the login page if he is logged out from Facebook
I'm using Rails 3.1 with devise, omniauth.
I think you have a misconception here. Once the user has granted your app privileges to access the Facebook profile--either by virtue of being logged into Facebook in another browser tab, or by explicitly logging into Facebook when redirected--then the OAuth handshake it done and your user is authenticated. The authentication state is now kept locally with your app; you presumably have a session cookie with the user_id, which Devise will handle for you.
The Facebook login on the browser is only necessary to log in, not to authenticate each single request.
You could presumably run the OAuth handshake on every single request, but that would be a lot of performance overhead, and also Facebook may rate limit you.
What is the business case for this scenario? Why do you think you want this?