I have app using Facebook SDK and permissions to access user's data.
How can I correctly check these situations:
user has logged off the Facebook account in iPhone settings
user has logged off the Facebook account and logged in using another account in iPhone settings
user has denied the app to access the Facebook account in iPhone settings
Thank you
UPDATE
I am able to check, if the user is not logged in into Facebook on iPhone setting. But I'm not able to check, if the user has logged out in FB app
UPDATE
There is no need to check, if the user has logged out from Facebook app. All what I need is to check if the user has changed the phone settings by observing ACAccountStoreDidChangeNotification.
Check the iOS documentation here:
Apple Documentation on ACAccountStore
You'll find whatever is needed to ask user permissions and check current auth status on iOS6.
Related
I've setup my GCP App Engine app to use the Identity Aware Proxy (IAP) to limit which users can see/use my app. I followed these docs.
However, when I navigate to my page the login screen says: "Sign in
to continue to iap.googleapis.com".
How do I get it to say "Sign in to continue to MYDOMAIN.com"?
I've configured the "OAuth consent screen" properly w/ my domain and contact info, but it doesn't seem to be getting applied.
Any ideas?
Based on this article, verification is required when a project is configured for a user type of External and a publishing status of In production, and would want to display the App or Logo name.
Submitting for verification may not be required, based on the current configuration of your OAuth consent screen. Users may not see all of your app's information, including its name and logo, until your project has completed verification.
Additionally, see this list of OAuth verification criteria:
You want to display an icon or display name for your project on the OAuth consent screen.
Your project's OAuth clients request authorization of any sensitive or restricted scopes.
The number of authorized domains for your project exceeds the domain count limit.
There are changes to your project's OAuth consent screen configuration after a previous published, verified configuration.
I got basic profile info permission from a user through my google app. And now i newly added "access_type=offline" in the api call. It will prompt the user in consent screen like "Have offline access". How do i avoid this screen and get automatically offline access from user without consent screen.
My api call:
https://accounts.google.com/o/oauth2/auth?client_id=CLIENTID&redirect_uri=REDIRECTURI&scope=email+profile+https://www.googleapis.com/auth/drive.readonly&response_type=code&access_type=offline&state=12345678909876543
in the above url i added access_type=offline newly. So it display a consent screen like "Have Offline Access". help me to get offline access from user without prompting the consent screen while user clicks my google app from their account.?
Thanks in advance.
It is not possible to get offline access without user consent.
But maybe you don't need offline access. When you have an administator install your app through gsuite marketplace, you can use a service account to do stuff in the users drive by impersonating.
That way you don't need each user of your domain to give consent.
Be aware that you cannot use the service account for everything. For instance: you cannot impersonate a user and than call an appscript script.
I am writing a SPA web app that is registered as an app in Azure AD. Everything was working fine most of the week; however, when I went to work on it today, I wasn't getting the expected results.
I deleted and recreated the app registration, hoping it would fix the issue, but it made things worse. When I navigate to the URL, I'm redirected to log in to Azure AD. That part works fine. Since I just created the app registration, I would expect to be taken to a page to consent to the application, but instead I'm redirected back to my application.
I check the app registration in Azure, and it does not have me listed as a user of the application.
Because of all of this, I can't acquire tokens to call external APIs (which I have registered in my app registration).
I'm not sure why I am running into this all of the sudden. Any thoughts on why the OAuth consent is being by-passed? I'm starting to wonder if MSFT is having services issues or not, but more than likely, the problem is on my end.
Suggestions on how to troubleshoot are also welcomed!
There's two things you can do to give consent that will likely fix your app. From what it sounds like your app isn't consenting before ADAL.js you use acquireToken (which is a silent call and can't consent).
Go into the Azure Portal > Azure AD > the app you registered, then at the top hit Grant Permissions. This is the equivalent of admin consent and will consent for all users in your tenant.
Run your app and hit login. When you get redirected to the Azure AD sign in page, add to the url &prompt=consent, hit enter and reload the page w/ that parameter and sign in. This will force the consent screen and consent for the current user. You can also append on the prompt=admin_consent if you're signing in w/ an admin account.
Google App Engine permissions.
I have GAE account and I am trying to invite access to another user
The email is sent and the user pasts the link into Chrome incognito window
The user is asked to login which works but then it says
You are not authorized to access this application
The user has its own app engines
I can think of nothing else - is there a limit to number who can be invited?
Make sure that the user is logging into the account that you invited (an easy way to do this is by having them just click the link rather than using an Incognito Window). If it still doesn't work, I would suggest you file a bug in the issue tracker.
I refer here to that page you are redirected after you login to GAE app with your google account, which asks your permission to access your google account.
Put this toghether with custom domain and https and you get my problem.
Sorry for the lengthiness. I searched everywhere. Didn't find anything. Not sure it is an OAuth issue (think not).
My configuration:
developed myapp.appspot.com
configured custom domain myapp.mydomain.com to point to myapp
myapp is making use of GAE login service
need for https posts from custom domain (!), solved as follows:
page is loaded in HTTP from http://myapp.mydomain.com
some submit HTTPS URLs are hardcoded in the page, as https://myapp.appspot.com/someservice
same domain policy resolved server side by means of http headers
GAE login service applies both to http://myapp.mydomain.com handler AND https://myapp.appspot.com/someservice handler
The workflow is:
user not yet authenticated
user browse http://myapp.mydomain.com (not ssl)
user is redirected to google account login page
user logins
user is redirected to the abovementioned page: myapp is requesting permission to access user's google account
user grants his permission
user is in - OK
Now comes the problem:
user makes a submit to https://myapp.appspot.com/someservice (so that data is ssl transmitted), which is loginrequired decorated
login is ok, user is not again redirected to the login page,
I think this is because the google login is cross application (the same should appen if the user was already logged in into gmail, to say)
but now https://myapp.appspot.com/ is again requesting permission to access user's google account - and this is the problem
The user is prompted TWICE to grant permission to myapp to access his account:
once when he browse to http://myapp.mydomain.com
and another one when he submits data to https://myapp.appspot.com/someservice
My user doesn't like it and me too !!!
I suspect this is because the user answer (Allow or No Thanks) is saved server side with respect to the URL of the app
and not with respect to some other unique id of the app.
But I have no idea how to solve it or at least work it around.
Thank you for your patience in reading up to here.
Any help would be appreciated.
The cookie that is issued for the user's session is per-domain and per-protocol. As a result, the same session won't work on the appspot app and on your custom domain. This isn't an App Engine limitation - it's simply how HTTP works.
The best solution, currently, is to put the form itself on HTTPS as well (which is in general a good idea anyway).