I developed an application that uses the Google + API to authenticate the user using the following code snippet:
<div class="g-signin"
data-callback="loginFinishedCallback"
data-clientid="{My Client ID}"
data-scope="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read"
data-cookiepolicy="single_host_origin"
>
</div>
This basically displays a Google Sign in button and when the user clicks on it, another window opens and they sign in. In desktop browsers everything works great but in mobile devices the second window opens and after the user logs in, Google doesn't close the login window so the user ends up staring at an empty page. In other words the callback function never gets called because the mobile browser doesn't close the new (login) window. Is there a way to work around this issue?
This is the javascript file Google provides:
<script src="https://apis.google.com/js/client:plusone.js" type="text/javascript"></script>
Cannot comment--however I would like to see an answer for this question. I am having the same problem with Google login redirecting mobile devices to blank page. Desktop Google login works perfectly fine. I am using OAuth2.0.
EDIT:
I solved this problem for my own framework. After tracing through and using a ton of var dumps I realized where google's redirect was dying out. The problem was that when the page redirected from my site's control to Google's authentication control, my $_SESSION redirect was lost. My other social logins (FB and LinkedIn) work with this method, however I had to add a catch for google specific redirect. I checked if the redirect was set and if not, made sure to set it there.
I hope this helps with your problem.
Related
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?
I am developing a cocoa app for Mac OSX. It's a basic browser application and I use webview component.
In the page I want to connect, there is standard Login with Google Account button in order to login with my existing Google Account. When I clicked on this button nothing happens.
The same functionality works properly when I visited the same page by using Safari or any other browser but there is no reaction on webview component.
I've checked the action behind the Google's login button and here is the JS code.
onclick="return Dialog.Login.loginWithGoogle(false, 'https://www.mywebsite.com/-/oauth2callback', 'https://www.mywebsite.com/')"
As a part of the standard oauth process the process also has many redirections after this URL is called and normally should be completed at my site's login screen as expected. However, webview doesn't handle this.
Please note that the web site I am trying to connect in my webview is not belong to me and I have no control on it.
I checked many solutions on the web for 2 days but nothing helped.
Any help/hint will be appreciated.
my first post after years of reading :P
I think that are some problem with the page of soundcloud https://soundcloud.com/popup_callback.html
My app uses the soundcloud api and work fine, but when my users try to connect with facebook and they are go from facebook to
https://soundcloud.com/popup_callback.html?returnTo=CALLBACK_URL
but it is not redirected to the callback url, only show a empty page.
Users need login in soundcloud in other window before to make login in my app.
Can be a problem my callback url? "http://domain.com/callback/"
I try it in ff, opera and chrome and diferents at S.O.
This seems to be a bug in the SoundCloud API (see Soundcloud: blank page with popup_callback.html when trying to auth using Facebook)
I was able to work around this by including display=popup in the querystring when redirecting to SoundCloud's OAuth2 authorization endpoint: https://soundcloud.com/connect?client_id=[my_client_id]&redirect_uri=[my_redirect_uri]&response_type=code&display=popup. This will force the mobile optimized display to show up, but fixes the Facebook login issue.
Note that I'm not actually opening a popup window, I'm just including this param when doing a client-side redirect using window.location='https://soundcloud.com/connect?...&display=popup'
I'm running into a strange interaction between chrome and jquery mobile. The application flow is straightforward:
Homepage / login screen. "Login" link is data-ajax="false" and rel="external" so all the fancy JQM AJAX stuff is disabled.
A series of 302s for the oauth dance which ends at /auth/facebook/callback
/auth/facebook/callback 302s to the real page /home which is a very simple Jquery-mobile page
On Chrome and Firefox the jquery mobile 'ajax-loading' spinner shows forever, with the actual page loaded in the DOM but not displaying. On Safari (desktop or mobile) the page displays properly.
The problem is coming from Facebook. When returning from oauth, they add a URL fragment #_=_ to your callback URL, which confuses JQM. As is typical for FB, this is documented as deliberate without justification but vague/incorrect instructions for how to deal with it. A bunch of discussion in this SO question. The best workaround I found is to insert this code to the top of your page before JQM has a chance to get confused:
<script>
// workaround Facebook oauth feature-bug
if (window.location.hash == '#_=_') window.location.hash = '';
</script>
To my knowledge, AJAX requests don't handle redirects very well (there are tons of SO questions about this subject).
Instead of doing your authentication in JavaScript, how about a server-side implementation? It will be faster and less complicated for the user's browser.
I want to make a webpage, that works as an APP (in facebook, iframe) and as a usual webpage too.
How can I accomplish this in a proper way?
Right now, I'm connecting to facebook as an APP with the PHP SDK: getLoginUrl(), then redirect the user to this url, blabla. Works fine if I'm in facebook, and using it as an app.
Problem is if the session is outdated, and I'm not looking this on facebook, this redirecting gets annoying, also: very unprofessional in my opinion...
Thanks in advance!
SOLVED: here's the solution for my specific problem:
It took me 1 change of line in the code, which is the following:
$canvaseurl = ($_SERVER['HTTP_REFERER'] == "https://apps.facebook.com/APPNAME/") ? "https://apps.facebook.com/APPNAME/": "https://MYWEBPAGE.hu/app/";
So I simply redirect to the url, where the user came from.
Pretty simple. :)
Once the person authorizes the application, you will be able to use either the iframe or the website, just so long as you don't force it to go back to the application page. I have used the Facebook PHP SDK and noticed that if you enter the actual location that is loading into the iframe it will stay on that page outside of the apps.facebook.com. However this is dependant on the settings you use. Try experimenting with it and see if that helps you.