Hello guys I am trying to authorize my salesforce android application ,I followed this post https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com
Here I found information regarding authentication but my problem is
I want to get authorization code through http request ,In the post it said that we are able able to get that when the browser redirected with the code contained in the url. Is it possible to do that in a non-browser application
The Username and Password Flow only requires your application to interact with Salesforce servers. You don't need to redirect the users browser.
Of course, you shouldn't be prompting users for their credentials if you can help it.
Related
We currently have a website that is setup to use SSO through Azure AD. it is configured to with SAML.
Yet, we have third application that needs to connect to this website using specific email and password.
This application can do any default connection that POSTMAN can do.
What I do notice is that web all cookies are removed from the browser. the website allows me to enter
the email address and password.
I am trying to configure POSTMAN to test login to this website. And using the POSTMAN configuration i will be able to configure the application.
Any Guidance is greatly appreciated. Thank you!
I have try configuring post using HTTPS POST BASIC Authentication. Not sure if this correct manner as I am not postman expert nor have attempted such authentication method before.
Our expectation is the POSTMAN could login into the website and create a cookie that has an active session.
Postman is not a browser so it doesn't "log in". The authentication in Postman is related to webservice calls. So imagine you have an online shop and you expose your API to a third party (let's say a sponsor or partner). For example you let another site (the partner/sponsor) add items for your common client from his site (instead of him having to logout of that site then login to your site, it's easier and your partnership makes both sites profitable, let's say for our example - so their site would be more like a sort of forwarder - when the user adds an item on the partner's site, they actually add it in the cart on your site).
In our example, they would call your API (for example, adding an item in the cart). The question is, how do they do that? How do you stop abuse from a malicious user? Simple: you add authentication. So what your (theoretical) shop's partner does is use some auth method (as you said, Basic Auth) to call the endpoint that results into adding an item into the cart for purchase.
But this auth is not what the client uses to log in to your partner or your site. It's an internal auth, like a sort of a "technical" user. And what you would do in Postman is simulate that call and the Postman login would be to allow it to call endpoints.
If, on the other hand, you have a separate login call that this is all it does, logging in, then yes, you can use Postman to login, BUT, keep in mind that the login auth info would not AND SHOULD NOT be the same as the API call login info. So you would still use an auth to allow the API call and a (hopefully different) auth for the actual login url as params.
In other words, Postman auth in any POST or GET call is just a way to tell the remote server they can trust you because you identify yourself. A login window like the Microsoft one is one for user accounts which is something totally different.
Initiating the Google Connect, with response_type=code, I am getting in the response the authorization code, but I do not have access for the user who actually approved the app (username, email, etc.)
is there a way to get access to the current user info?
Btw, I am actually using this library- https://www.npmjs.com/package/react-google-login
and you can find the implementation here- https://github.com/anthonyjgrove/react-google-login/blob/master/src/GoogleLogin.js
I have had the same issue with C# app. So I end up automating the google user consent step.
You can try to use a headless browser like PhantonJs to automate the google user consent response and get the access code.
I can try to help more if you can give some more details.
I want to get logged in username in Web Api but unable to do so. Below is my problem -
I have a Web App developed using AngularJS and Windows authentication is enabled on it.
I have a API which the Web App calls to get the data.
API application is configured to use basic authentication so I need to pass logged in username whenever I call any API method.
The problem is, I can't find a way to get the logged in username and pass it in the request header as I don't have any control over it.
Any help would be appreciated !!
I am using the salesforce mobile sdk to develop an application in native IOS. I was doing some testing logging in as a user. All was fine. Then I logged out. When I logout I call the coordinator revoke authentication method. I then tried to login as a new user who had never logged into the device and I received the following error: "Receiving Remote Access Authorization Error there was a problem in setting up your remote access." I then selected the Not me link and it logged me out. However, when I tried to login again as the user that wasn't able to login it takes me to the salesforce website for that user?!!!! It did not take me to the application but to the salesforce website? Anyone know why first the error above occurs? Does it have to do with a possible token issue? Also why would I be driven to the salesforce website when I try to login as the user again?
Note: The salesforce login is in its own webview component. I had a button to force a logout no matter where I am in the app. When I force the logout and try to login as the person it then takes me to the application. Very confused in terms of what is going on in this scenario.
There is potentially a solution posted here, or at least some clues: seems to suggest a timing issue and refreshing the web view in applicationDidBecomeActive might fix it
https://developer.salesforce.com/forums/ForumsMain?id=906F00000009CBgIAM
Also more information here:
http://help.salesforce.com/apex/HTViewSolution?id=000175700&language=en_US
You might also try making sure that you have a Connected App properly set up under Setup/Create/Apps, and that the key and return URL match those hardcoded in your app.
I'm plan on deploy a Java application to Google AppEngine and use federated login (still experimental according to Google). The application is pretty simple Java EE application which expose RESTful interface for simple CRUD operations.
I then want to be able to authenticate to this application using Windows Client Application written in C#.
I think the application should be able to open a window with a browser in ti which will present the login page of my web application and after successful authentication I should be able to get the login token or a cookie to use in the rest of my HTTP requests.
Is it possible to do such thing using federated login? I've found a post explain how to do it using google proprietary login.
Thank you,
Ido.
I've manage to make this work much easier then I thought it would be.
When I send HTTP request to my web service I get 302 Found response with response header name Location which point to the login page.
I use WebBrowser control, register to it Navigated even and navigate to the URL in the Location header.
When the Navigated even fire I use the code from this answer to get the cookies container.
I check each cookie until I find one with the name ACSID and store it.
For every web request to my service I add cookie name ACSID with the value saved at step 4.
This is not the most secure way of doing this. I will add check for the domain of the cookie but this looks good.