I tried revoking the permissions from the Facebook apps list. The LoginButton turned off and became "Login" when Session.getActiveSession() is called and returns AccessToken token:ACCESS_TOKEN_REMOVED.
Is it possible to show the login page (and start the LoginActivity) programatically?
Or should the user press the LoginButton manually?
Related
Setup Overview
I am using B2C custom policies for sign-in flow in react application using msal-react and msal-browser packages. The user is able to log in properly for the first time after entering credentials. Now when the user clicks logout, B2C logout popup shows up and it goes away instantly without asking the user to choose an account which is expected because the user is signed in with only a single account. The user is redirected properly.
Doc followed - [https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/logout.md
Issue
After successful logout, which seems to be happening properly as the UnAuthenticated template executes after login. When the user presses login again, it does not ask for any credentials, and user is signed in again which is a security issue. I am not sure what am I missing now. I have gone through all the MS docs multiple times and GitHub issues but did not find a solution
Flow:
Before First login - Session Storage and Cookies are empty,
After login - Session Storage has values and Cookies have 2 entries - x-ms-cpim-sso and x-ms-cpim-csrf
After logout - Both are cleared with no values
Click login again, values from step 2 come back in. But if you don't click login and try different app routes, it shows Unauthenticated template which has login button. So seems like user was correctly logged out
A few questions and helpful information
Is azure ad B2C considered as social sign in (federated entity) or is it considered a local account like Azure AD
I have read here that it does not assume logout from social IDP but I am not using anything other than B2C. In this GitHub, it also mentioned it is expected behaviour but how do I logout properly so that user is asked for credentials again. [https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/2547
After pressing logout, if user is signed out from B2C as the app executes Unauthenticated template instead of Authenticated, how is it able to sign in again without any credentials.
Please guide me to solve this issue
I am using react-native-webview for react-native-azure-ad-2 login authentication. Webview saves the login credentials once user logged in and it perform automatically login on relaunch. I want to clear the old user credentials when user relaunch the application again so that a new user can perform the login with new credentials.
I am creating an app with Node.js express to display social media feeds using their API. I am using FACEBOOK, TWITTER, INSTAGRAM. When I click on any social media icon, a popup window is appearing to login. After logging in all of them. I clicked a button to display feeds. This is working good for single account. Now I want to login multiple account for every social media. But whenever I clicked another social media icon to login .I saw there is already logged in.
For example I click Facebook icon to login . After appearing model window I fill up my username(jrajput315) and password. After logging in this account, I want to login some other Facebook account. And I click Facebook icon to login again. But I see (jrajput315) is already logged in there.
Since you are already logged in to Facebook from one account, Facebook uses a sign-in cookie to keep you logged in. Until this cookie is flushed out, you cannot login through another facebook account on the same browser in the same session.
I guess similar practice happens with few other web-apps, if I am not mistaken.
I'm using Google OAUTH2 for my website. I can successfully login using the google authentication.
Here is what I want to do is:
1) user goes to website homepage and user signs in by clicking "sign in with google" and login is successful and user is taken to logged user dashboard page.
2) user comes back after half hour, user goes to home page and they should get automatically redirected to logged in user dashboard instead of homepage since they already have a valid session.
question - how can you detect if the user is already logged in? Should I be storing the access_token in the session to detect this? what's the recommended way to acheive this with Google OAUTH2?
Yes, you can store the access token in the session, but keep in mind that it could be expired. You should be able to get a new one with an immediate request.
You could also try and do session synchronization from JavaScript, if your site does not have its own session management:
https://developers.google.com/+/web/api/javascript#gapiauthchecksessionstatesessionparams_callback
I implementet Google+ Sign-In API in the root page of my app. It automatically signs in user if user is signed in to google, then API automatically signs him in to my app. The problem is that when user logs out of my app, he is redirected to root page which logs him back in, since he still is logged in to google.
You can see the whole code here: https://developers.google.com/+/web/signin/
wierd, they have "See also, signing the user out of your app."
link, but it's broken :(
Any ideas?
This is similar to this question:
Preventing automatic sign-in when using Google+ Sign-In
You could use a cookie that is set when the user is logged in on your site. If the user is logged in, indicated by the presence of the cookie, allow the user to automatically get redirected into your site. If the user is not logged in, require that the user click the sign-in button before you hide the button and redirect them to the signed-in experience. To log the user out, delete the cookie.