Custom "didn't allow" page - authentication

As you can see, some Facebook games have custom page for "Didn't allow" user action. It shows when applicataion try to install and user click "Didn't allow"
f.e. - Cityville by Zynga - http://gyazo.com/6e398bfa6b803a23cfc36a32a6956e48.
How can I make the same page for my app?

If the user did not "allow" your application, he/she will be redirected (via HTTP 302) to the URL specified in the redirect_uri parameter that you specified in the authentication parameters with the following data :
http://YOUR_URL?error_reason=user_denied&
error=access_denied&error_description=The+user+denied+your+request.
All you have to do is handle this data and display the message that you want to the user.
This information (and a whole lot more) can be found in the facebook authentication documentation

Related

Creating the Custom Verified Email Page URL & Custom Reset Password Page URL

Using Back&, I'm working on creating the "Custom Verified Email Page" & the "Custom Reset Password Page" to work with my app so that users can verify emails at signup and request password resets via email.
Does anyone have an example of what these pages should be doing? I know the URL receives a token for the transaction but what are we suppose to be doing with it?
Thank you.
You don't have to do anything with it (look under security -> security acctions -> newUserVarification. Backand handles all of it for you. Make sure you specify a Custom Registration Page URL and the Custom Verified Email Page URL. If you don't have the registration url, the link in the email to confirm you as a new user will always send you to a blank page that reads, "SignUp redirect url was not supplied in configuration".

Twitter Streaming API query does not recognize authentication

From my google chrome browser I enter:
https://stream.twitter.com/1.1/statuses/filter.json?track=canucks
I get a window "Authentication Required". I have set up a Developer app in my twitter account. I enter my twitter User Name and my Password, and press Log In, but it keeps giving me the same Authentication Window. Any ideas what the problem could be?
In the Authentication Required window I see the text:
"The server https://stream.twitter.com:443 requires a username and password. The server says: Firehose."
The problem is that authorization with header info is needed. It is more complicated than the simple URL above. It is best done by writing some code with the authorization header needed, along with the above URL.

Facebook Redirect url to "https://www.facebook.com/dialog/oauth/read" with no access token

I have set a web browser control in winform and navigate to the following url-
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxx&redirect_uri=https://www.facebook.com/connect/login_success.html&display=popup&scope=publish_stream,user_status&response_type=token
It show the login dialog box. After enter username and password facebook redirect to following
url-
https://www.facebook.com/login.php?skip_api_login=1&api_key=xxxxxxxx&signed_next=1&next=https://www.facebook.com/dialog/oauth?redirect_uri=https%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html&display=popup&scope=publish_stream%252Cuser_status&response_type=token&client_id=xxxxxxxxxx&ret=login&cancel_uri=https://www.facebook.com/connect/login_success.html?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied%23_=_&display=popup
and display a message with two button called "okay" & "cancel"
xyourappxxxx would like to access your public profile, friend list and status updates.
if i click on "Okay" button this will redirect to following page with the msg of--
page---https://www.facebook.com/dialog/oauth/read
message---Success SECURITY WARNING: Please treat the URL above as you
would your password and do not share it with anyone.
application type: Native/desktop
App secret in client: no
Client OAuth Login: enbl
Embedded browser OAuth Login: enbl
Sandbox mod: ON
Problem is after authorization facebook not redirect to my redirect_uri and not getting any access token.
I am using vb.net 2008 express
thanks
I might be mis-understanding your question/issue, apologies if so..
in your first line.. you have the redirect_uri set to just go back to facebook, whereas it's supposed to be the URI of the page on your site that you want facebook to send the user to after they authenticate and approve your app, no?
in other words shouldnt your first line be:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxx&redirect_uri=**https://WWW.YOURDOMAIN.COM/YOURPAGE.ASPX**&display=popup&scope=publish_stream,user_status&response_type=token
after the user clicks "okay" on the popup, it will then redirect them to YOURPAGE.ASPX on your site, passing the access_token

Spring security: show error 403 page instead of login form page for non-authenticated users

I've set basic spring authentication. When user comes to page and enters secured URL, login form is rendered, but I want to show error 403 page (or any other page i choose).
If I understand correctly I can't use access-denied-handler because user is not authenticated at all.
How do I show any other page than login form page to non-authenticated user, when he accesses secured URL?
When you are using form-login the default AuthenticationEntryPoint redirects to the login page.
You can override this by injecting a custom entry point using the entry-point-ref attribute.
You can use the code for Http403ForbiddenEntryPoint as a guideline (or use that directly if all you want is a response code sent to the client).
Add the below tag in your security context file.
access-denied-page="<name of the page>"
add this in http tag like below:
<http auto-config="true" access-denied-page="/authenticationfailed.jsp">

Authenticate a user from a page tab

I'm trying to make a Facebook page tab where people can vote for their favorite video or music track from a bunch of embedded files. I need to get a unique ID from each user to make sure that they can only vote once. The signed_request only contains the user's id if they have authorized my app.
I have tried to have users authorize my app using the FB.login() javascript api, but I get the error:
An error occurred with Remix // Rework Vote. Please try later
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not permitted by the application configuration.
As far as I know, I have not set any redirect URL. Do I need to set this somewhere, or is this the not right approach to get a user to authenticate my page tab?
You must specify both "Site URL" (or "Mobile Web URL") and "App Domain" to use OAuth flow...
See where to fill the details on https://developers.facebook.com/docs/authentication/#redirect-uris
So I managed to get this to work by ticking "App on Facebook" in the app settings, and setting the Canvas URL and Secure Canvas URLs to be the same as the Page Tab URL equivalents.
This worked even though this isn't a full app, it's only a page tab, and it won't function as an app unless it's in a container page.
I'm guessing this is a bug in Facebook - the UI implies that you can have a page tab only app. The documentation doesn't say you can't, and I can't think of a good technical reason for it not to condsider a page tab URL as a valid URL.
Thanks to #julio-santos for pointing me at Facebook - Error Message: redirect_uri is not owned by the application, which seems to be the same problem in a slightly different context.