I have deployed a service using DotNetOpenAuth library.
The service authenticates against 4 providers (Google, Yahoo, Windows and Facebook)
I am having a problem with Windows and Facebook (Oauth protocol)
My services works fine when accessed through any browser. It redirects to the correct provider after selection, authenticates and replies back with the email address.
But the service does not work when accessed through a Mobile device. Using mobile, when I select Windows/Facebook, it redirects me to the login page. After providing my credentials, the service returns but the redirection of the url leads to page not found.
The url that is redirected seems like: http://mydomain.com/facebook.aspx?code=a_very_long_string
I get a message that page not found on the browser of the Android phone. The same code works fine when accessed through the browser of a desktop/laptop (Windows 7).
Please let me know if I am missing anything to make the service work for the mobile phone
I am able to resolve this issue. It turns out I cannot use server.Urlencode() .Net function before doing a custom redirection.
If I use it, the app breaks in the mobile platform. Removing it, fixed the issue and the url is successfully redirected.
I was doing a custom redirection after the authentication is successful and encoding the url. But seems that it breaks the application.
Not sure if it is a limitation in DotNetOpenAuth library or it is a limitation of the mobile browser.
Related
I'm trying to migrate my application from the older Google Sign-In platform library to the newer Google Identity Services library.
I have a client ID that works for the old method, but when I load the "Google Sign-in" button using GIS, I get 403 errors and an error log that GSI_Logger says my origin is not allowed for the client ID. I'm on localhost, but when I use the old method, there are no issues with localhost.
The only thing I can think of being different is that I load my Google client ID as a constant and rendered the button in the mounted() section of my Vue app's Login.vue, while previously I loaded it in main.js.
"Google One Tap can only be displayed in HTTPS domains".
So, it doesn't work because localhost is HTTP. I deployed to my testing environment which is HTTPS and got no such 403 errors.
Source: https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid
Up to this point, I had a functioning Azure Mobile Service with service-directed OAuth working nicely for Google. I tried to rehost the mobile service as an app service since mobile services are deprecated. I also have an HTML/JS web app that accesses my service through the MobileServiceClient JS client. This is where the fun starts.
After changing the redirect address to the appropriate app service address in the Google API manager, I get a message saying I'm successfully logged in in a new popup window: .
Clicking on "Return to Website" takes me to the address of my app service, not the app that initiated the OAuth request, and if I close this window, the MobileServiceClient throws a "cancelled" exception and I don't get my credentials.
What am I missing or what changed that I need to account for?
Thanks!
It turns out that this particular behavior happens when using an older version of the MobileServiceClient JS library. Replacing the 1.2.7 version with the 2.0.0beta version fixed this. To get the whole OAuth flow working, I also needed to add the appropriate addresses to the allowedExternalRedirectUrls node of the config/authsettings node through the Azure Resource Explorer. If there is a nicer way to do it than through the resource explorer, I don't know what it is.
I've implemented a simple OAuth2 for Authentication login system that is working reliably on my dev server using a localhost redirect uri.
When testing from a production server, with updated redirect uri, the Google account permission interface opens up for the user logging in. After authorizing account access, the browser just hangs on "Waiting for accounts.google.com..." and doesn't go anywhere. At this point, I can see that the application has been granted access to my profile by viewing account permissions on my Google account dashboard.
If I change the redirect uri to an invalid one, I do get the invalid redirect uri Google error message back, so it looks like the redirection cannot reach my redirect uri. I can reach the reditect uri directly through a browser though. Any pointers?
Had a similar problem trying to create a "Login with Google" App. Since this was my first Google App, and I was also just first using the social networking setups in the software package which I bought BEFORE the Google API had changed, I was at a complete loss as where to start.
It finally dawned on me to redirect Google (via the App settings in the developer console) to a test web page on my site (instead of the page defined by the software package,) and all worked as expected, meaning Google redirected properly to the test page (which was actually just my root index.php). This told me that because the Google API had changed, my software package functionality was obsolete, and I needed to explore the code there.
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?
I'm trying to develop a very simple asp.net web-forms site, using Yahoo! as an external identity provider. The user clicks on a link to Yahoo!, and after identifying on Yahoo! login page, Yahoo! redirect the user to the site with a token identifying the user as a URL parameter.
When I'm on localhost, it works fine. The problem is Yahoo redirects to a domain, which also points to my machine (it's actually a no-ip.org sub-domain). At this point, IE pops a message saying "The server at Default: admin/1234 requires a username and password". No password that I enter satisfies it, and the request is not reaching the application.
How do I get rid of this message, and let the request get throu to my application?
I'm pretty certain I don't have an "admin" user on the system.
The whole thing is just two pages, one with a link to Yahoo! and one landing page to which Yahoo! redirects. It's only purpose is to collect the token, for an unrelated library i'm working on.
I'm running on Win7 Home edition, with IIS 7.5, Visual Studio 2012 Web Express and .NET 4.5.
Thanks.