I have implemented the FOSUserbundle on my application, I have manage to get chained userproviders to work as well as overriding some of the default controllers.
I have one issue though, I need to find a way to intercept the login process.
My userobject is linked to a client entity, Now I need to deny access to the Userobject even though it's valid because the client entity is disabled.
What I have attempted.
1)I tried extending the SecurityController to no avail, it seems to redirect before executing my code.
2) I tried to set _target_path on my login form to a controller that does the check of the client entity status, This seems to work but after I logout the user using,
$this->get('request')->getSession()->invalidate() ;
The user is redirected back to the login page but I cannot get a flash message to appear on twig template stating that the client is not active.
Any help or ideas will be much appreciated.
You might want to attach a handler to the login and logout process: http://www.reecefowell.com/2011/10/26/redirecting-on-loginlogout-in-symfony2-using-loginhandlers/
Related
Is there a way to logout without doing a popup or redirect to the authorization server using oidc-client-ts? I can sign in/out with redirects, but if the session has expired or the token for some reason is invalid, I would like to sign out the user and then go to the applications login page. I cannot see any methods on the UserManager that does this.
I learned from this issue that the base class OidcClient does this with createSignoutRequest(), but as the documentation states, I should
Only use this class if you simply want protocol support without the additional management features of the UserManager class.
so I would prefer to only use the UserManager. Furthermore when I do call createSignoutRequest(), I get a CORS-error, but it is the same url that is used for userManager.signoutRedirectCallback() which works like a charm. I can remove the user and redirect, but the user is not signed out, so clicking the Login-button sends me directly to the main page instead of the auth server.
I'm trying to do an Authorization request following the documentation about it on Microsoft (Getting access on behalf of a user: https://learn.microsoft.com/en-us/graph/auth-v2-user). I'm making the request using Azure's Logic Apps. I already made an app registration in Azure AD and gave it the following permissions (I used the app for a few different requests before so that's why it contains a lot of unnecessary api permissions). I already succeeded in getting access without a user (https://learn.microsoft.com/en-us/graph/auth-v2-service). Now I really don't know what I'm doing wrong, so if anybody has an idea of what it is, please let me know. I will try to explain as carefully as possible using screenshots so you guys get the idea of what I'm trying to do.
On the first screen below you can see the api permission I added to my app registration. For this request I'm only asking authorization for the one with arrow next to it(as you will see later on).
On the second screen you can see the HTTP post request I'm trying to make to the authorize endpoint. I blurred out the Tenant and Client_id for privacy reasons. I only added the required parameters in the body as described by Microsoft. In the scope parameter you can see the api permission I'm asking permission for.
On the third screenshot you can see the output of the request. Instead of getting an Authorization code as requested, I get an HTML body.
When I paste that HTML body into a browser it gives me the following result:
I have no clue what I'm doing wrong. I tripled checked to make sure cookies are enabled, made sure third-party cookies are not disabled and added login.microsoftonline to my trusted websites.
I'm starting to think I'm doing something very simple wrong, but I can't figure out exactly what. Any help is welcome! :D
Sorry can't add a comment so posting as an answer
What you are trying to implement is the Authorization Code grant flow of OAUTH 2.0. In Authorization code grant flow following steps occur
1) User is presented with the scopes that an application requires when accessing certain resources,
2) The user authorizes this. and the user is redirected to a redirect url
3) The application then exchanges the code sent with the redirect url to get the actual token which in this case will be sent to the Microsoft Graph for validation.
4) User then sees the information pulled.
The major crux of Authorization Code grant flow is that "User Authorization is required" This basically means that this flow is used when the call is invoked from a browser client where the user is actually interacting. This flow should not go through the Azure Logic Apps. If you want a service or a daemon to access the resources in that case you should use Client Credentials Grant flow
I have a request page which every users have access to it but everyone can access to their own requests and can change it with some functions that work with AngularJS.
The thing is that if the user logs out in another page, while the user haven't refreshed this page angular functions are continuing to work.
I know I can Check the loged in user in the controller, but is there any way that angular prevent it?
(I Use ASP.Net Authentication and MVC)
You have to use some sort of communication channel such as signal r or sockets to achieve that. One solution could be to intercept http request and check if the user is login. If isn't navigate to login page.
I have an angular based app and I want to open another URL on a new tab from my app and automate a login. For example my app is www.myapp.com, and it will open www.anotherurl.com/login. Let's say I have both the username and password for www.anotherurl.com/login.
How can I automate the login by populating the form and do the login?
Is this something we can achieve from the client side? or this needs a server side implementation?
Or is this is even possible?
Update:
I have no control over www.anotherurl.com/login by the way. This is just another way of saying I want to open gmail.com with credentials and automate a login instead of me typing the username and password, and pushing the login button myself.
Thanks in advance for your thoughts.
you can send them along as query parameters, but if you are not using https then they will be sent in the clear. for example:
https://www.anotherurl.com/login?user=bob&pass=secret
then in your controller, if these query params are present then call a login method
also worth mentioning that even if its over https the password will be in the user's browser history and thats probably not a good thing either.
I have one problem and want to ask for a "angularjs way" to solve it properly.
I have a several services that will be used into me application. Before using it I must use login service and "log in"
the user. So I also have a service that returns status of user - AUTHENTICATED or NOTAUTHENTICATED. I using ngRoute. Me first idea was to put the check for user status into service and call if in every controller. If the user is not authenticated I will display login popup. Other option is to use global event but I don't like it. So what is the best way?
Best regards.
IMHO the best way would be to put login functionality in a service that way it can be easily injected where necessary. You can check if user is authenticated when he is interacting with a backend service.
i.e. angularjs do http/resource call to backend for a listOfUsers then backend either returns valid json or it returns response with login specific failure, then you can that kind of response process in angularjs and display a loginbox