I have an issue with iOS6 which is app can't re-authenticate after its permission was removed through web interface
Its state stays "On" in iOS preferences, which does not reflect current state of OAuth
Which leads to limbo when app tries to authenticate but gets an OAuth error
Also seems like there is no way to manually remove permission from builtin facebook preferences
Did anyone face similar issues? Any possible workarounds?
If the Facebook access token in the iOS cache is out of sync with Facebook, you can force a sync of the credentials:
// Only do this if there is native Facebook Account support (iOS 6+)
BOOL isFacebookAccountsAvailable = (&ACAccountTypeIdentifierFacebook != NULL);
if (isFacebookAccountsAvailable) {
ACAccountStore *accountStore = [ACAccountStore new];
ACAccountType *accountTypeFB = [accountStore accountTypeWithAccountTypeIdentifier:ACAccountTypeIdentifierFacebook];
NSArray *fbAccounts = [accountStore accountsWithAccountType:accountTypeFB];
for (ACAccount *fbAccount in fbAccounts)
[accountStore renewCredentialsForAccount:fbAccount completion:^(ACAccountCredentialRenewResult renewResult, NSError *error) {
DLog(#"Renew account error: %#", error.localizedDescription)
}];
}
I'm having pretty much the same issue. I tried to remove my app from my applications list on the Facebook website. Now when I log out and log back in, I get the same invalid token. I've got to go to the settings on my iPhone and disable facebook access for my app. This resets the token.
The SDK provides a method
[FBSession.activeSession closeAndClearTokenInformation];
but it does not solve this issue.
It seems like the case is being handled correctly with latest update of Facebook SDK
Related
I am building a Microsoft Teams tab app (https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/what-are-tabs) using React JS. My application has a login form that logs user in with Teams asking for additional permissions then send the access token back to the backend. My login form is working fine on Web and Desktop app version of the MS Teams. But it is not working on IOS MS Teams app.
This is how I login the user.
import {TeamsFx} from '#microsoft/teamsfx';
// rest of the code hidden
try {
let teamsfx = new TeamsFx();
const credentials = await teamsfs.getCredential();
const accessToken = await credentials.getToken([ 'Group.Read.All', 'User.Read' ]);
} catch (e) {
console.log(e.message)
}
when I login on the IOS Teams app, I am getting this error.
Unable to generate the SSO token: App is neither whitelisted nor app resource matches current domain.
What is the potential cause of the issue and how can I fix it?
You need to set the app uri id as api://{fullDomain}/{appId} for you to be able to get tokens. And because you’re getting extra permissions, you need to make sure you are getting consent.
I'm quite stuck at the moment trying to implement authentication into a project I'm working on. The end goal of this project is to have two WPF apps and on web based app hosted on Azure. One WPF app is for an administrator, the other for staff, and lastly the web app for customers. Each application will be connected to one Azure App Service for a shared database and needs to have authentication so separate all the users. For authentication I am planning on using Azure Active Directory B2C.
I've been researching and trying to implement this for several days now on one of the WPF apps but as I stated before I'm quite stuck. From what I understand, the only way to do B2C authentication for WPF is through client managed authentication. Following the code shown on the Azure tutorial sites, other SO posts, and the Azure Git Repos, I have come up with the following code:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
authResult = await App.PublicClientApp.AcquireTokenAsync(App.ApiScopes,
GetUserByPolicy(accounts, App.PolicySignUpSignIn), UIBehavior.SelectAccount,
string.Empty, null, App.Authority);
Newtonsoft.Json.Linq.JObject payload = new Newtonsoft.Json.Linq.JObject();
payload["access_token"] = authResult.AccessToken;
MobileServiceClient msclient = new MobileServiceClient(App.AzureAppService);
MobileServiceUser user = await msclient.LoginAsync(
MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);
Everything starts off great and I'm able to get my Sign-In policy to display. After logging in, I am given an IdToken and an AccessToken. After creating a JObject and adding the access token to it, I attempt to use it to login with my MobileServiceClient. But that's where I am having issues. No matter what I do, no matter what I try, I only get an exception with a 401 Error telling me I'm unauthorized. And this is the point I've been stuck at for the past few days.
Obviously I'm not doing anything special here and I imagine many people have done this before me but I just can't seem to get past this point and was hoping someone may be able to offer me some guidance. Am I way off track? Is there a better way that I could be doing this? Any suggestions or advice would be greatly appreciated as I am very new to Azure.
Thanks all!
Update:
Here's how I have my Azure Settings:
On the app service side
Client Id: "{Client Id of the AAD B2C App}"
Issuer URL: "login.microsoft.com{TennatName}.onmicrosoft.com/v2.0/.well-known/openid-configuration"
Allowed Token Audiences: "https://{App Service Name}.azurewebsites.net" (App Service URL)
On B2C side:
Web and native client enabled
Web Reply URL: "https://{AppServiceName}.azurewebsites.net/.auth/login/add/callback"
Native App: I did not know what custom redirect URL to have so I have both
"{TennatName}.onmicrosoft.com://auth/" and
"{AppServiceName}.azurewebsites.net/.auth/login/add/callback"
Update 2:
My authority is login.microsoftonline.com/tfp{tenant}/{policy}/oauth2/v2.0/authorize
And my ApiScopes = { "https://{Tenant}/thisisatest/user_impersonation" };
If the authority for the client is set to https://{your-tenant-name}.b2clogin.com/tfp/{your-tenant-name}.onmicrosoft.com/{your-policy-name}/, then the issuer URL in the app service must refer to the metadata for this authority; i.e. https://{your-tenant-name}.b2clogin.com/tfp/{your-tenant-name}.onmicrosoft.com/{your-policy-name}/v2.0/.well-known/openid-configuration.
I've been using Azure Active Directory and adal.js to authorize web apps client side and it's worked great. Recently had a request to have user photo instead of a generic user icon.
I added Microsoft Graph permissions to the app registration. And tried to get a token for the user photo request like...
authContext.acquireToken('https://graph.microsoft.com', callback);
Which resulted in the response_type 'token' is not supported for the application error. So I found ADAL JS - response_type="token" is not supported suggesting setting "oauth2AllowImplicitFlow": true in the app manifest, which I did. Now I get Token renewal operation failed due to timeout error.
I've also added 'https://graph.microsoft.com': 'https://graph.microsoft.com' to the endpoints prop of the context config.
What do I have to do get this working? Way too much time spent just trying to get users' photos. Thanks.
I am using Google Apps API for my application with OAuth2. ,but I get an error.
Error: invalid_client
no support email
Request Details
That’s all we know.
If you create OAuth credentials BEFORE you set the support email address in the consent screen, then it appears that you will always get this error, even after setting the support email.
I resolved this by setting the support email, and then recreating all necessary OAuth ids in the credentials page.
In the Google Developer console make sure that you have added a product name and an email address under. Apps & auths -> consent screen.
Update: This shouldn't be to much of a problem anymore. Google made a change in the console that wont let you save anything until you have updated these items.
In Google Developer Console turn Gmail API on.
GDC > Dashboard > Use Google APIs > Google Apps APIs > Gmail API
Be sure that you are set up the setDeveloperKey with your EMAIL ADDRESS offred in Google Console whe you create a Client ID for web application.
Had the same problem and the solution was:
Set my email
Recreate the keys
Activate Google API+ from API Library
1) Fill out the info email address and produce name as well as other details in the 'consent' screen on google's console when you generate the keys.
2) And make sure when you copy paste the ClientID and ClientSecret code from google to your workspace (IDE), there might be some unwanted spaces inbetween
Check with the google console and remove it.
Hope this helps,
--happy coding!
I'm trying to write my first application for Facebook using
python and pyfacebook hosted on Google App Engine. The problem I'm facing is
that of cyclic redirects. Firefox dies complaining "This page isn't
redirecting properly" when I visit http://apps.facebook.com/appname.
Here's the code:
class CanvasHandler(webapp.RequestHandler):
def get(self):
## instantiate the Facebook API wrapper with your FB App's keys
fb = facebook.Facebook(config.FACEBOOK_API_KEY, config.FACEBOOK_API_SECRET)
## check that the user is logged into FB and has added the app
## otherwise redirect to where the user can login and install
if fb.check_session(self.request) and fb.added:
pass
else:
url = fb.get_add_url()
self.response.out.write('<script language="javascript">top.location.href="' + url + '";</script>')
return
rendered_template = render_template('facebook/app.html')
self.response.out.write(rendered_template)
I see this problem when I'm logged out of Facebook. Any help is appreciated.
If you're just starting out with your Facebook app, consider using the Official Python SDK which accesses the Graph API. The REST API is being phased out.
To do authentication, use the JS SDK which will set a cookie you can read on the server side.
I agree with cope360. I've been playing around with facebook app development for a little while now. They seem to be changing their API frequently, so you'd be better off using the official libraries.
That said, to answer your question, pyfacebbok tries to get authenticaion information from information in django's HttpRequest.GET. This is out-dated, because facebook provides authenticaion info in POST data.
The source code that's responsible is in pyfacebook/facebook/__init__.py. The method name seems to be validate_request.