I have a web application developed in AngularJS that uses LinkedIn authenticated user login. It used to work, but not now. The Facebook and Google based login do work. The frontend is calling RestAPIs developed using AWS Lambda and integrated with AWS APIGateway.
When I click on the button "Login with LinkedIn" it is displaying an error "The application is disabled. I tried creating a new app in LinkedIn Developer and modified the environment variables for the Lambda function by giving the new client ID and secret key. Still it is not working. The browser URL seems to show the old Client_ID, which seem to suggest the front end has hardcoded the Client_ID. I'm not conversant with Angular to check and modify the code.
Is there a way to re-enable the app on #linkedin Developer?
Related
I have Azure App Service EasyAuth working successfully with Google, Microsoft, and Facebook providers in my Mobile App using the MobileServiceClient.LoginAsync method. However, I'm having trouble getting it to work with Apple.
I am able to successfully kick off the authentication process as follows:
await myMobileServiceClient.LoginAsync("Apple", "myapp");
This does launch a new browser window and display the Apple login. I am able to authenticate successfully in the browser window.
The first problem I have is that post_login_redirect_url is being ignored and not passing back control to the mobile app using the myapp://easyauth.callback protocol. Instead, the login successful page is displayed in my Azure App Service website and there is no redirect.
I managed to hack around this issue by omitting the code_challenge and code_challenge_method parameters in the call to my Azure App Service. This DOES NOT pass back control to the mobile app using a redirect:
https://.azurewebsites.net/.auth/login/apple?post_login_redirect_url=myapp%3A%2F%2Feasyauth.callback%2F&code_challenge=WxdeYYJSn5ZoozK0i7WPwYMryh%2BNokYryHevXD2%2BG3k%3D&code_challenge_method=S256
This DOES pass back control to the mobile app after authentication:
https://.azurewebsites.net/.auth/login/apple?post_login_redirect_url=myapp%3A%2F%2Feasyauth.callback%2F
The second problem, regardless of whether I meddle with the call to the Azure App Service above, I do not get back an authorization_code parameter. Instead, I get a token:
https://.azurewebsites.net/.auth/login/done#token=%7B%22authenticationToken%22%3A%22eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGFibGVfc2lkIjoic2lkOmFkZTg4ZDIwMjMzNjgzZGFhYTU0NmU1OGE0Zjg5MmYxIiwic3ViIjoic2lkOmFkZTg4ZDIwMjMzNjgzZGFhYTU0NmU1OGE0Zjg5MmYxIiwiaWRwIjoiYXBwbGUiLCJ2ZXIiOiIzIiwibmJmIjoxNjUyMzg4NDI5LCJleHAiOjE2NTIzOTIwMjksImlhdCI6MTY1MjM4ODQyOSwiaXNzIjoiaHR0cHM6Ly9vc3hiYWNrZW5kLmF6dXJld2Vic2l0ZXMubmV0LyIsImF1ZCI6Imh0dHBzOi8vb3N4YmFja2VuZC5henVyZXdlYnNpdGVzLm5ldC8ifQ.ujhWH9B05vc18rsOFKR-k8tHBAHNvzqLxF9fFLaLlAA%22%2C%22user%22%3A%7B%22userId%22%3A%22sid%3Aade88d20233683daaa546e58a4f892f1%22%7D%7D
Does anyone have a working example or insight into the details of OAuth to get this to work?
We are having problem with ADAL redirect authentication in MS Team Desktop client recently.
We have a custom Teams app package (Team Tab) to display a page on our application server. The page uses ADAL JS library to get Graph token to access One Drive. Since the page is displayed in iframe and will be used in Teams desktop client, we use page redirect authentication in ADAL. From debug console, we can see the issue happened when ADAL sent request to “login.microsoftonline.com”(login_hint parameter is used to specify current user account). The flow stopped with error saying the “login.microsoftonline.com” can’t be displayed in iframe. In the past, “login.microsoftonline.com” simply redirected the browser to the specified redirect URL and auth flow completed without any problem.
Our application server has implemented SSO with Azure. Implicit auth flow is used to get the token. The issue only happens in Teams desktop client, we use ADAL popup (not supported in desktop client) to get token in browser. The flow was working before April. Seems to me that something has changed recently at the Microsoft login page.
Just wondering if anybody has the same issue. Any suggestions will be appreciated.
Have you looked at using Teams SSO, which uses MSAL, instead of ADAL? See here for a sample: https://github.com/pnp/teams-dev-samples/tree/master/samples/tab-sso
I have installed the AWS Amplify CLI and added federated authentication through Facebook. In Cognito, the attributes are appropriately mapped.
When using the AWS Amplify (aws-amplify) React library, using the Auth component, I provide a button to the user for login, which calls Auth.federatedSignIn({provider: 'Facebook'}). The call goes to Facebook successfully and redirects back to my app successfully.
However, I get an error, saying "username attribute mapping required." But when I go to Cognito, I've mapped username to ID. Thoughts as to why I'm getting this error?
TLDR: turn off "Require App Secret" in your app's Facebook developer portal settings.
I wasn't able to pinpoint a more valuable error code until I tried to use Facebook's login in a more direct approach (i.e., outside of Amplify). I finally received the error "API calls from the server require an appsecret_proof argument," which led me here.
The Facebook team responded with:
This issue was caused by a backend change that has made appsecret_proof incompatible with the JavaScript API. After evaluating the change, it has been decided that this behavior will have to remain. As such, for your apps that use the JavaScript API, you will now need to uncheck "Require App Secret." You may then want to set up a separate app for your server side logic so that appsecret_proof can be used for increased security.
Once I turned off "Require App Secret," I was set. If that level of security doesn't matter to you for your application, then this is the only answer, unless Amplify comes up with some server-side version.
I am using the salesforce mobile sdk to develop an application in native IOS. I was doing some testing logging in as a user. All was fine. Then I logged out. When I logout I call the coordinator revoke authentication method. I then tried to login as a new user who had never logged into the device and I received the following error: "Receiving Remote Access Authorization Error there was a problem in setting up your remote access." I then selected the Not me link and it logged me out. However, when I tried to login again as the user that wasn't able to login it takes me to the salesforce website for that user?!!!! It did not take me to the application but to the salesforce website? Anyone know why first the error above occurs? Does it have to do with a possible token issue? Also why would I be driven to the salesforce website when I try to login as the user again?
Note: The salesforce login is in its own webview component. I had a button to force a logout no matter where I am in the app. When I force the logout and try to login as the person it then takes me to the application. Very confused in terms of what is going on in this scenario.
There is potentially a solution posted here, or at least some clues: seems to suggest a timing issue and refreshing the web view in applicationDidBecomeActive might fix it
https://developer.salesforce.com/forums/ForumsMain?id=906F00000009CBgIAM
Also more information here:
http://help.salesforce.com/apex/HTViewSolution?id=000175700&language=en_US
You might also try making sure that you have a Connected App properly set up under Setup/Create/Apps, and that the key and return URL match those hardcoded in your app.
I'm plan on deploy a Java application to Google AppEngine and use federated login (still experimental according to Google). The application is pretty simple Java EE application which expose RESTful interface for simple CRUD operations.
I then want to be able to authenticate to this application using Windows Client Application written in C#.
I think the application should be able to open a window with a browser in ti which will present the login page of my web application and after successful authentication I should be able to get the login token or a cookie to use in the rest of my HTTP requests.
Is it possible to do such thing using federated login? I've found a post explain how to do it using google proprietary login.
Thank you,
Ido.
I've manage to make this work much easier then I thought it would be.
When I send HTTP request to my web service I get 302 Found response with response header name Location which point to the login page.
I use WebBrowser control, register to it Navigated even and navigate to the URL in the Location header.
When the Navigated even fire I use the code from this answer to get the cookies container.
I check each cookie until I find one with the name ACSID and store it.
For every web request to my service I add cookie name ACSID with the value saved at step 4.
This is not the most secure way of doing this. I will add check for the domain of the cookie but this looks good.