I followed the guide provided here by Sorcery about handling user logins with Facebook.
# callback method called by Facebook after getting the authorization by the user
if user = login_from(provider) # provider == "facebook"
redirect_to root_path #, :notice => "Logged in from #{provider.titleize}!"
else
begin
user = create_from(provider)
...
However it only requires that my users leave my site to go to the Facebook page and then get redirected here.
What I would like to achieve is what I see when using the Facebook JavaScript SDK which is a clean popup right in my page. To achieve this I followed a tutorial on Railscasts:
$('#sign_in').click (e) ->
e.preventDefault()
FB.login (response) ->
window.location = '/auth/facebook/callback' if response.authResponse
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
In the server-side flow, the code is just an intermediate step in getting the access token – app gets code, and exchanges code for an access token.
Since in the client-side flow you already get an access token when it’s finished – it does not get any more “proper” than that.
So you have two options:
either refactor your Sorcery-thingie, so that it skips the step where it gets a code and exchanges that for an access token, and directly “set” the access token yourself after getting it (wherever Sorcery might want it to be set); or
stick to the server-side flow, but open that yourself in a popup window. Then you’ll still get the code, but you’ll get it inside the popup window. So you’d have to close the popup window and maybe reload your original window yourself afterwards.
Related
I've one trouble with my teams custom app. I'm making a custom app that return sign-in action to unlogged user when he try to use a search message extension. Now, my problem is:
How can I resume the query after the user logged?
I return to the user an auth composeExtension type that point to one route of my spa. The user make authentication and correctly return the accesstoken, but then it doesn't continue the search. I've already try call :
microsoftTeams.authentication.notifySuccess({ accesToken: oResponse.accessToken })
but it only close the opened popUp.
Please, help me. Thanks.
I have been doing the upgrade from React-Admin v2 to v3 for a while now. I'm almost finished, but there's something that I would like fine-tune.
Using v2, when user comes to our website at domain.tld without a token, Promise is rejected and user is redirected to domain.tld/#/login. No error/warning messages are shown.
Using v3, if the same situation happens, Promise is also rejected and user is redirected to the login page, but there comes the ra.auth.auth_check_error warning message - and twice!
I understand the logic, it may be useful most of the cases to display the warning message. For example if non-logged user tries to access domain.tld/#/settings, the user should be redirected to the login page and notify, that "you must login first". But if user comes to the website first time ever, he gets redirected to the login page as supposed to, but in this case that warning message should not be displayed. In this case the user is most likely known that he/she must login before seeing any content, so there's no point to warn the user since he/she didn't do anything wrong.
I don't know how easily this could be solved. Maybe just removing the notify completely? How that can be done?
Maybe some exception would be the other solution, that if user tries to access the root, domain.tld/#/, then the warning message would not be shown. And with other routes it would be shown. How this could be done?
Can the functionality what happens after Promise.reject() be overwritten somehow?
My checkAuth in authProvider.js:
checkAuth: () => localStorage.getItem("token")
? Promise.resolve()
: Promise.reject(),
In your Promise.reject you can add a string that will be presented to the user when their authorization fails.
checkAuth: () => localStorage.getItem("token")
? Promise.resolve()
: Promise.reject("You are not authorized to view this")
You could theoretically return a different message based on what page you're on but you don't have that info in the checkAuth.
You could also build your own login page and filter the messages so that no toasts popup for the login page.
I have deployed Google+ Sign-in Button, now I have to provide Sign-Out Button, before that, I need to know whether the user is still signed in, by which I can then show or hide this button.
I found this documentation: gapi.auth.checkSessionState(sessionParams, callback):
https://developers.google.com/+/web/api/javascript?hl=en#gapiauthchecksessionstatesessionparams_callback
Could someone demo how to use it ?
Many thanks.
gapi.auth2.getAuthInstance().isSignedIn.get()
This returns boolean
You don't need to use a separate function call to determine the user's signed in state if you've already added the sign-in button. The sign-in button's callback is going to trigger either on sign-in, when the page loads, or any time that the user's signed-in status changes. The page load trigger (immediate mode), will also help to indicate if the user is a Google signed-in user or not.
See monitoring the user's signed in status, which shows the different status fields that you can check (Google signed in, app signed in, or signed out).
From Google dev docs :
If you pass null to sessionParams.session_state, you can check if the user is signed in to Google, whether or not they have previously authorized your app.
So your code will be like this:
gapi.auth.checkSessionState({session_state: null}, function(isUserNotLoggedIn){
if (isUserNotLoggedIn) {
// do some stuff
}
});
This is an example of how to use it:
gapi.auth.checkSessionState({client_id:'99999999999.apps.googleusercontent.com'}, signinCallback);
where client_id is the id of your project on g+ console. and siginCallback is a function i created to check the state.
IT'S VERY IMPORTANT to notice that the official api documentation says:
If the argument is true, the supplied session_state is still valid. If the argument is false, it is no longer valid and the application should perform a new re-authorization flow with immediate set to true to get an up-to-date access token or detect a non-authorized or nonexistent Google sign-in session.
But when i recive the response of checkSessionState i get true value when im signed off and false when im signed in. I Dont know if there was an error on the documentation but you can try it by yourself.
Hope this has been helpful for you.
PD: excuses for my awful english
Adapted from Tom Anthony's Blog
One simple way you can use without the use of an API to see if a user is logged into Google + (Or Google/Facebook/Twitter) is to try to access a resource which they would only be able to access if logged in. The code below attempts to load an image resource for which the user needs to be authenticated to access. By default html <img> tags run onload() if an image is successfully returned, but onerror() otherwise.
<img style="display:none;"
onload="function(){document.getElementById('signOutButton').style.visibility = 'hidden';}"
onerror="function(){document.getElementById('signOutButton').style.visibility = 'visible';}"
src="https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0"
/>
I get a user's data using the Facebook JavaScript SDK like this:
FB.login(function(response){
// some code here
userid = response.authResponse.userId;
});
If the user id is odd (undesired one), then I call:
FB.logout();
This will make the user logout from my application and their Facebook account as well.
I want it to only log out the user out from my application. They should not be logged out from their Facebook account.
Below is the code I use to initialize the FB variable:
FB.init({appId: 'XXXXXXXXXXXXX', cookie: true, status: true, xfbml : true});
If a user logs in to my application then I get the response. The response has the status, access_token and user_id.
Which variable should I use to achieve only logging them out of my application and not Facebook?
I am also having the same problem, looks like we need to use both PHP and Javascript SDK to get and maintain the state for App only logout. You can check out the tutorial here, I am just looking into this, so I have not actually checked if it works.
So i've been trying to get FB Connect working on my site, simply for login and authentication, using the Javascript SDK and following the code at:
https://developers.facebook.com/docs/guides/web/
So the button appears, i click it, a dialog pops up, i click that, presumably my site now has permission to know who i am...
Then what? The guide goes on to saying all the stuff I can access through the Facebook API, all the cool things about permissions, but presumably i need the user's ID or access token or something to get at this stuff. How is that given to me? left as a attribute on one of the elements? Left in a Javascript variable somewhere? Given as an argument to some callback? Thrown high into the heavens for me to receive via satellite downlink?
This is probably incredibly simple, but for the life of me i have not been able to figure it out. Facebook's tutorials have failed me, and so has Google. I want to get this in the Javascript, so I can immediately fill in form-data using the user's Facebook name, put a picture, etc. etc., and presumably send this all back to the server so the server can validate with Facebook that the data is real.
I'm assuming you're using the Login button? https://developers.facebook.com/docs/reference/plugins/login/
If you simply want form info, check out the registration plugin - https://developers.facebook.com/docs/plugins/registration/
However, to answer your question, make an API call to /me. For example:
FB.api('/me', function(user) {
if(user != null) {
// The user object now contains info about the logged in user
}
});
You should subscribe to the auth.login event and wrap the above API call in the successful response, i.e.:
FB.Event.subscribe('auth.login', function() {
// JS to run if when the user logs in, for example, the code snippet above
});