So here is my issue,
I am working on a service using firebase.
You login with your email and password.
You then can connect a page account by email user.
You do so by logging in through facebook, getting the page accounts through the fb.api and associating the page to the email.
My issue is as follow:
- In order to sign in, you need to disconnect from your personal one, then connect, disconnect and login again.
Is there anyway I can do all the operations I need to do without having to disconnect them from their account, using some type of sandbox or something?
Cheers,
Haytham
Related
I want to deny login to a user if it tries to login when its username and password is not registered in the userpool. Is there a way I can do that?
You can leverage the use of a pre-authentication Lambda trigger here.
Since you mention there are two pages (manager and employee), I believe the architecture is such that the manager login page and the employee login page uses different app clients. So basically two app clients in a single user pool.
A pre-auth trigger as the name suggests is triggered right before the login. Inside this Lambda function, you need to write code to check if the request is coming from the manager's app client, and if so reject the login. An example is provided here.
I've been learning Auth0 for a React / React Native project. With two different apps now, including one from their site, I see the following behavior:
clear browser cache
login
enter password, now logged in
select logout
--> now logged out
select login
am NOT prompted for password again, just logged in without interaction.
It seems the session has been kept alive even though I logged out. I would expect that if I manually log out of an application, I must re-authorize with my password on the next login attempt.
As I said I've seen this twice now, once with my own project and once with the tutorial they provide at https://auth0.com/blog/react-tutorial-building-and-securing-your-first-app/ . Doesn't make any sense to me. Am I missing something?
Thanks ~~
This is the Seamless SSO behaviour explained here. This is now enabled by default on all tenants and it "seamlessly" logs the user in without showing any prompts if a session exists for the user in the Authorization server (Auth0 in this case). Previously you would get a prompt that said "Last time you logged in with ..." Clicking it would login you in without requiring a password.
If you are "Logging out" and yet you can log back in again without needing to enter credentials, the most likely explanation is that you are actually not calling the https://YOUR_AUTH0_DOMAIN/v2/logout endpoint which logs out the user by clearing their SSO cookie in Auth0. You can confirm this endpoint is called from Network tab in your browser when you click to logout.
The Auth0 React quickstart by default does not call the logout endpoint, it only removes the tokens from browser storage. To clear the SSO cookie and logout from IdP using Auth0.js you need to call the logout function as well. Refer to the Auth0.js logout function here.
Hope that helps.
Using IdentityServer 4 for authentication which work with different clients, that support OpenID Connect and OAuth 2.0 protocols for AAD authentication
In scenario, if there is an error before Login or after Login (authentication)
User is redirected to Home\Error, default exception middlerware handler. Here I want to provide user with 'Retry Url' which redirects to Client link.
Appreciate if any body can suggest on this.
In Account Controller Login() you can get the return_url from the model(check LoginViewModel). Just validate this return_url and Redirect the user, it will take it to the client. You can also fetch the redirect_uri from return_url which have the client info - if thats what you are looking for!
You can always pass the return_url to error view and inject it in a hyperlink where user can click to go back to the client.
I've implemented Facebook login workflow in my website using Satellizer, and it's working fine. But for some reason, some users that try to login don't get the code parameter sent to the server, just the clientID, so I can't exchange it with the access token to get them logged in. Why is this happening?
In angularfire seed project, there is an account registration process using email and password. But how can we verify that the email is not fake? I mean it is without server code, just client code.
Store a token in the database send the same token via e-mail to the client ask them to click a link in the e-mail that passes the token back to a page which marks their e-mail as verified.
You can angularjs-fire seed project at this link angularfire_seed_with_reg_confirmation. Some explanation of it here email verification using angularjs+firebase Below is the quote from its readme:
It is AngularJS seed with Firebase backend and a feature for account
registration confirmation via email. This feature can be used as an
alternative for account activation. It is a clone of AngularFire Seed
with additional feature above and also login feature vial social login
ie login with Facebook, Twitter, and Google.
The account registration differs significantly from the original seed.
We can register for an account just by supplying an email and then
we'll get a confirmation email about our temporary random password.
The password is recommended to be changed to a memorable one and at
the same time it must also be strong and secure.