Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm trying to get a link to my app to work on mobile devices similar to this:
http://m.facebook.com/angrybirds?id=314467614927
however my mobile web link from the app center requires a facebook login, where the angry birds link does not. Any ideas how to replicate the functionality?
my link:
http://m.facebook.com/appcenter/ansibletestapp
edit:
also filed a bug report with facebook: http://developers.facebook.com/bugs/343512979067831
http://m.facebook.com/angrybirds?id=314467614927 is the link to the page of the Angry Birds. (Web version here: http://www.facebook.com/angrybirds)
Using an application on facebook will always require authentication, that is a valid session, so the user will have to log in to facebook to view the application.
It's probably related to list of permissions listed on Settings -> Permissions page for your application. (See Authorization section of App Center guide).
Configuring Permissions
Use these settings to enter the set of permissions your app requires when displayed in App Center or using Auth Referrals
Learn more about Configuring Permissions
Listing some of permissions in that section of application settings will result in Auth Dialog appearance prior to application visiting from any link on Facebook.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
I'd like to create application with reactjs on frontend, .NET Core web api on backend, some database, and token-based authentication.
I want users to be able to sign-up, sign-in, sign-off, recover password.
I cannot believe I need to build all this from scratch. There should be set of building blocks that I just need to put together. Are there?
I was struggling with this as well. If you're still looking, I have a boilerplate I'm creating to address authentication / authorization with React + .NetCore:
https://github.com/moh704/AuthenticationExample
I have the signin and authorization employed so far as this is the hardest part for me. I'll soon be adding sign up / log out features. I'll also put in sql server database scripts to generate user registration tracking and password storage.
Azure Active Directory B2C seems to be a right answer for security user flows.
react-adal enables AAD B2C with react.js
.NET Auto Generated Controllers enables very thin transparent back-end, allowing to have the entire business logic in react.js.
The only business logic I manually created in .NET is authorization. It verifies that the user is eligible to read/write data he/she is reading/writing.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm building a web app using angular 2 + web api. I have created the api using web api template that vs provides. I manage to create the log in of my app, what I did was pass the user name and password using basic authentication over https and api responds with a token + some details such as token exp, username etc., I then store these details in a local storage and use it to validate if the user is authenticated. Is the security around what I did enough?
Foremost, the kind of security that your application needs depends on what kind of data you are dealing with.
FYI, basic authentication is a really old technique which was drafted in 1999.
If you have security as a necessity for your application, you could go with OAuth 2.0 or JWT/Bearer tokens or you could even use basic authentication only for the initial API requests, get the token and then proceed with the token in the following requests.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I'm using angularfire/firebase to authenticate with various OAuth 2.0 providers (github, google, facebook, twitter) from a chrome extension. They all return the same error: Authentication failed: Error: The user cancelled authentication.(…)
Looking for a way that the extension can capture the token generated from firebase's $auth function.
Thanks!
I am trying to do the same thing as you and I am getting the same error.
From this page: https://www.firebase.com/docs/web/guide/user-auth.html#section-storing
Note: Browser popups and redirects are not available on all platforms or browser environments. Popups are not available in Chrome for iOS, iOS Preview Panes, or local, file:// URLs. Redirects are not available in PhoneGap / Cordova, or local, file:// URLs. Therefore, it is recommended that you use a combination of both authentication methods to cover all environments:
Have you tried using the redirect method?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
As I understand, App Engine Apps are OAuth 1 providers by default.
Is there a way to use OAuth2, e.g. with Google+ Sign-In or (mobile) chrome.identity API while still taking advantage of the GAE Users API and not having to implement a custom provider?
If not possible, what are the alternatives?
Can't say anything about what you refer to as "(mobile) chrome.identity API," but, inasmuch as I got to your question because of its google-chrome-app tag, I can answer for a Chrome App: Yes, it's possible to use the chrome.identity API to connect to an OAuth1 server (I've done it), but it's a lot of work, and you have to horse around with all of the OAuth1 handshaking. It's somewhat easier than trying to connect without chrome.identity, but not nearly as easy as connecting to an OAuth2 server, which is pretty much automatic.
Note that this is not a way of using OAuth2 to connect, which is what you literally asked. Rather, it is a way of using chrome.identity (for a Chrome App) to connect to an OAuth1 server.
Cloud Endpoints seem to be exactly the solution I need. They are not (yet?) a part of the official GAE for Go documentation, but can be found at Github.
Probably the best way to start is the examplary tictactoe app.
A quick test with the Google+ Sign-In button was successful (although with my probably wrong config it is performing multiple calls under the hood and some of them resulting in scoping errors).
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm setting up an AngularJs site. One part is the marketing side of things (FAQ, Home page, how it works, etc) and the other part is the actual web app (authenticated). The web app is currently a SPA. Should the marketing part of it be part of the same SPA or a separate SPA?
Pulse.me has a very nice SPA type application.
https://www.pulse.me/
I ran into this same issue in my app. I ended up going for two separate SPA. My main reasoning was that I didn't want to expose JavaScript to unauthenticated users because you would be able to see calls being made to the back-end. Yes the back-end would reject them, but why even allow the random web crawler or hacker to see what they are.