We have an embedded microApp that is setup on a thirdparty website (Saba) that is designed to pass a session token to our Application. We are initiating a User login by presenting them an embedded browser session using WebView2 in our wpf application. Then after a successful login the microApp on the Saba homepage passes back a session token. This appears to be where the application is hanging, waiting for the valid session token to be returned.
This had been working great up until the last 24 hrs, when we are experience hangs on logging in. It appears that trying to access webview via the console/inspector from Edge doesn't work either. "window.chrome.webview" shows undefined.
We are actively scouring any reference we can find to see if there is information about webview support being deprecated or moved but we haven't yet. If anyone has any ideas or resources of where we may be able to find some answer that would be much appreciated.
Related
I am building my first ever Chrome browser extension and I am struggling to find the right solution for handling authentication. There is a requirement that the extension stay logged in as long as possible, to reduce the need for the user to log in often. This means we would need to use Refresh Tokens. I would very much like to handle all authentication on the background script but this is no longer persistent in MV3 nor does it have access to the DOM.
This being the case, I see these options:
use Auth0 React SDK on the content scripts - this means all my authentication logic will run in a somewhat less secure environment but the token will be handled by the library and I will be able to access it in all my content and popup scripts (if I need persistence across page refreshes, I would still need to use localStorage, I believe). But this means that the background script will not have access to the token and it will need one of the other scripts to retrieve it and send it through a message
implement the Authorization Code Flow with PKCE following the steps in this tutorial on the background script - this will mean that all my auth logic is running in a more secure environment but I don't have a way of storing the token, other than using chrome.storage. It's also a bit tricky to silently retrieve the token (or check if user is still logged in) from the background script (it can be done using an injected iframe and the web_message response type or with chrome.identitybut there are still issues with the redirect_uri which needs to be listed in the Allowed Origin config of the Auth0 app - so you can only easily do this on the pages of the extension).
I know that the recommended solution for an SPA is using the SDK but I would like to know if this is also the right solution for a browser extension. Based on this article on Token Storage, localStorage is dangerous especially due to third-party scripts. Seeing that the MV3 manifest has now removed the ability to execute remote code, is localStorage an acceptable way to store tokens?
I have implemented both options using the docs provided but I am unsure as to what is the best solution, given the changes introduced by MV3.
Thank you
I am using branch SDK in the mobile app for which I am working on for more than 2 years now. I want to have the referral feature in our web application as well. I have followed the web app integration guidelines and has integrated branch in my app. I am using v2.54.2 of branch SDK and v16.13.1 of React.
I am facing a strange issue after integrating. I am calling the branch.logout() method while the user logs out of the application. But after the user logs in back (either to the same user account or to a different user account in our application), none of the branch functionalities work. (branch.setIdentity(), branch.credit(), branch.redeem() etc.). I am getting the following error in the console
Uncaught Error: Invalid JSON string: [object Object]
at ia (build.min.js?cd67:7)
at d (build.min.js?cd67:57)
at Mb (build.min.js?cd67:57)
at eval (build.min.js?cd67:146)
at eval (build.min.js?cd67:135)
at k (build.min.js?cd67:66)
at XMLHttpRequest.Sb.g.onreadystatechange (build.min.js?cd67:64)
I’m not even able to identify which method is causing this error. The branch APIs won’t work even if I do a hard reload. After days of debugging what I found is all the functionalities will work if I open the app in a new tab and close the current tab. But if the user logout and login from the new tab, the issue comes back.
What I suspect is the global branch object, while logging out is not getting reset to the initial state. Can anyone please help me with this issue? I am stuck with this issue for more than 2 weeks now
This is a weird problem and I apologize beforehand that I may not give enough details:
We have a pretty standard Angular app that needs to access an API on a different (sub-)domain, using CORS. Everything works perfectly fine on Chrome and Firefox. We also got it working on IE >=9.
Unfortunately, some of our customers need to access our public website from within their company intranet. In this case, using IE, only a couple API requests go through. Chrome and Firefox cause no problems.
They can create a sessionThey get the result of a second GET requestBut the third request fails
In the console, we see an Access Denied message caused by a GET request.
**AND**: When they reload the page, the third request goes through. One customer could bypass his intranet and access our website directly. Then, everything worked like a charm.
Please note that we are only aware of issues with IE 11.
Any help is really appreciated.
I created a ASP.NET single page application. When I run it I get the following 404.15 error. I see the same error with an MVC application without a Web API in it also.
I commented out the ConfigureAuth code as below:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
//ConfigureAuth(app);
}
}
Now I get another error which is below:
I tried to duplicate this on a different laptop, and I don't see a problem there.
Is this a directory level permission issue on this particular laptop where I created the app? Appreciate anyone can shed some light on this to fix this.
UPDATE 11/9/2014
I did some further debugging and found that the applications works fine with no authentication and Windows Authentication. When the authentication is forms, I see this problem happening. As you see in the IntelliTrace, the GET request is looping back to Account/Login multiple times and finally give with a 404.15 error. I added a authorization section in the web.config to allow all users to access the resources with , I still see the errors.
I see a major difference between how my laptop and the surface pro 2 behaving with the same application. In my surface pro 2, the home page is displayed and the redirect to account/login never happens. But in the laptop the redirection is happening to account/login.
There are tables in the surface pro 2 created by the asp.net identity. But in my laptop there are no tables. I believe when the application starts, there is no requirement for the tables and the control should go to the home page.
I hope anyone can provide an answer with my additional info.
At first sight looking at the requestedUrl it may be the case that you are always redirecting to the same page (the login page) which creates an infinite redirect loop until the request url becomes too long: Since there is no code I can't be sure about it but I would suggest you to check your redirect url. The authentication appears just because you outcommented the ConfigureAuth method but I don't think it will solve the problem.
I've set up my Silverlight WP7 app to use a WebBrowser Control to allow users to log into facebook and grant permissions for further actions. After the user has granted permissions, they are redirected to a web page letting them know permissions have been granted.
The chain is as follows:
App -> opens WebBrowser control at web service #1 -> web service redirects to FB -> Permissions granted -> FB redirects to web service #2 which returns a view.
Web services are both within an externally hosted MVC project.
This all works fine, UNLESS the user is not logged into facebook - instead of taking them to the facebook login page as you would expect, I just get an HTTP 500 internal server error and web service #2 is not hit. If the user is logged in, then everything proceeds as it should.
I'll also mention this ONLY happens on the WP7 device and does not occur in any browser, including IE9, on my laptop.
EDIT: For clarity's sake, Web browsers on my laptop were tested by setting a breakpoint before my WebBrowser control was called in Visual Studio, I grabbed the Uri I had built there, and pasted it into Chrome, IE9 etc.
I'm not even sure what direction to look in! Also, I'm sure you guys may need more details to aid you with this question - please let me know what else it is you might need and i'll do my best to provide it.
This code causes the problem.
// Constants.URL_FACEBOOK_LOGIN contains the parameter "display=touch|wap"
_popUpBrowser.Navigate(new Uri(Constants.URL_FACEBOOK_LOGIN));
This code fixes the problem.
// Constants.URL_FACEBOOK_LOGIN contains the parameter "display=touch|wap"
string userAgent = "User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8B117 Safari/6531.22.7";
_popUpBrowser.Navigate(new Uri(Constants.URL_FACEBOOK_LOGIN), null, userAgent);
Why?
Because Facebook currently has an issue with the Windows Phone 7 User-Agent value and the display parameter values of "touch" and "wap" when they are present in the same request. So simply sending in an alternate User-Agent header when using a WebBrowser control solves the problem for now.
I hope this helps other Windows Phone 7 developers that encounter the nasty 500 error when interfacing Facebook Graph API.
I've figured out the issue and have come to an undesirable solution - however, any solution is better than a HTTP 500 error.
The issue was with the Facebook dialog parameter "display". As my app is intended for the WP7, I have passed "display=touch" to Facebook when I check for permissions - however this WILL NOT WORK! I don't know why, but that was the cause of my error. When I took this parameter out I stopped receiving the error - however the full desktop style is used, which is undesirable.
It seems display=touch and display=wap both give me the HTTP 500 error. 'popup' and 'page' both work. I have not tested 'Iframe'. So for now I will stick to 'popup'.