The use of FacebookAuthProvider in apps - api

I've been working with ServiceStack for quite some time now and i love it. But there is one thing i can't figure out.
How are app's (ios, android etc.) that are using my servicestack endpoints, suppose to use the facebook endpoint "/auth/facebook"?
When using this url "/auth/facebook" from the browser it works fine, but the response is html, and not an AuthResponse og something serializable.
Is this endpoint only to be used from websites with servicestack in the same solution?

The way that stuff works is by redirecting the user to Facebook with an API key that matches your app. The user then tells Facebook that your app is ok, and Facebook redirects them back. This can only be done via a browser. You really have two options to work around this:
Make the user authenticate with Facebook using a website and then authenticate your user with credentials from the app.
Use the built in iOS Facebook stuff and send the resulting auth tokens to an endpoint on your app, where you can save them for later use.
Edit, a bit more clarification:
Option 1
User Goes to your website
User Clicks on your Auth With Facebook button
User is sent your your Facebook endpoint set up in Service Stack
User is redirected by Service Stack to Facebook
User is redirected back to Service Stack from Facebook, with a token in the url
You save the token in your database and tell the user they can now user your app with Facebook.
Option 1.5
The same as Option 1 but instead of making the user go through their browser you create a UIWebView control and point it to your Facebook Auth endpoint. Then you listen for a response from your site that says the user is authenticated. I'm not a objective c, so I can't really get more detailed on how to do that.
Option 2
Use the iOS Facebook API and handle authentication as seen here.
POST the credentials to Service Stack via a Custom Endpoint
Save credentials in the db, and use them in the future to make calls on behalf of the user.
Facebook Login requires a browser of some sort, because Facebook's cookies must be passed along with a request to authorize your website. That is how Facebook knows which of it's users wants to authorize your site, and that they are the ones making the request.

Related

Get long access token from instagram mobile app

I'm using `
https://api.instagram.com/oauth/authorize?client_id={{ instagramAppId }}&redirect_uri={{ redirectUrl }}&scope=user_media,user_profile&response_type=code
` url to verify user via instagram api.
Is it possible to get access token from instagram mobile app? The web view with insta login needs credentials to login, even though user is logged in mobile app.
Thanks!
Webviews keep their own cookie jars, so you have to log in separately. You can't use the mobile app's tokens. You can open the login page in a browser instead of a web view. Then, if the user is already logged in to Instagram in this given browser, you will instantly get a response from the authorization endpoint. Still, the user needs to be logged in in the concrete browser, being logged in in the app won't help.

How to use best use Google/Facebook signin using expo AuthSession to authenticate with a custom backend API

I am working on creating an mobile app using Expo (managed workflow). I have a backend server which this app will connect to. The backend server has its own authentication with username and password and all other endpoints are protected based on a token that you would receive by signing in to the API using a /authenticate endpoint.
Now, I would like to add a 'Sign in with Google' feature to my app. From the Expo's AuthSession documentations, it looks like somehow the app can authenticate with Google. I want to use this identity to authenticate with my backend API.
I created a /api/auth/google endpoint in my API that uses passport google-oauth, redirects user to google and get authorization code sent to /api/auth/google/callback. I then use the authorization code to access Google's people API, to get the email to validate the user and respond back with a access token for my API if the Google sign in was successful. This works fine when using in a browser.
I want to do something similar for the react-native app. When I use the Google example in Expo's AuthSession, it gives me back a access_token. I have no idea how it gets an access_token because the app does not know my client secret. But still, I don't know how to use it to login to my API and get my API's token.
I have thought about using AuthSession to directly open my API's /api/auth/google, so it would redirect correctly and my backend can then send my API's token to the app. The problem with this is, when someone clicks on the 'Sign in with Google' button in the app, apple will tell you 'App name wants to use myapi.com to sign in' or something along those lines instead of Google.com. Additionally when I add more sign in options like Sign in with Facebook and Sign in with Something else, the user's phone will always say that the app wants to use myapi.com to sign in and then in turn be redirected to Google/Facebook or something else. I am not sure if this is allowed and would count as misleading the user and get rejected form the app store. I tried logging into some of the apps on my phone and clicking on 'Sign in with Google' tells the app is trying to sign in with Google.com and 'Sign in with Facebook' tells that the app is trying to sign in with Facebook.com correctly. But then I also know that the app eventually authenticates with its own API somehow. I don't know what is the right way to do that.
Can someone help? Thanks.

Facebook Login for Web

According to this link Facebook Login for the Web, I can let my users login with facebook accounts (after logging to my facebook app).
now, all the work is done here in javascript which is a client-based code, it means it is insecure and a hacker could easily trespass my login step.
I know i should be using PHP SDK (for example) to secure the login process, but my question is why would I use this method ????

What is callback url in instagram api and how to can I implement it

Hi I'm beginner programmer
I'm trying to use instagram's realtime Photo Updates api
My purpose is use this API CONSOLE's subscription method
https://apigee.com/console/instagram
But I can't understand and handle callback url
What is the callback url's function?
And How can I implement the callback url?
The "callback url" (also referred to as redirect_url), is the URL Instagram will send users to after they have logged into Instagram, and authorized your application to read their data.
This is part of the OAuth 2 Spec, which Instagram (and many others) use to control access to their API.
The short version of the OAuth 2 "flow" is this:
You send a user to Instagram's page with your application ID, and a redirect URL.
The user logs into Instagram on their page and authorizes your application.
Instagram will then send the user back to your application (using the redirect URL value), along with a token that you can use to access their data.
GitHub has an excellent guide to how OAuth works on their server, which you will find very similar to Instagram's.
So the "callback url" should be set to the URL of your application server. For example, http://myapp.com/auth. Or, if you are working locally, you would use http://localhost:3000/auth.
Note: With Instagram (as well as most other APIs), the callback URL is permanently set when you register your client. So you'll often have to create separate clients for your live server, and your local one.

Facebook RESTful API require_login() callback

I'm trying to authenticate a user through the RESTful API (not Connect) but I can't since the callback system does not work for me. I have a local app that creates the Facebook API object with my key and secret, then calls the Facebook API require_login() method; I am sent to Facebook login, I login, and then I am sent to http://www.facebook.com/login.php?auth_token=<...>, where there's another login with just a field for password (not username), I write it again, and after that I am redirected to normal Facebook home. What am I doing wrong? I have set the callback URL in the Facebook app proprieties. Does it have anything to do with the fact that it's localhost?
Thanks!
Yes, if you tell facebook to go to localhost, it has no way of knowing where to go. Is your app fbml or iframe? If iframe I'm guessing there's a remote chance that localhost would actually work since the frame loads and then your browser can find localhost. I'm not sure of that, I wouldn't bother trying. But if it's fbml, Facebook needs to be able to hit your server. Give it your external IP instead.
I managed to make the redirect in the end. It appears the "Canvas Callback URL" is what I needed to set, and not the Authentication one.