Google App Engine oAuth Issue - google-app-engine

I'm working on building an iPhone application and using Google AppEngine as the data storage. I also need to have the ability to use oAuth for my users, but I can't even get oAuth to work at this moment on AppEngine.
Successful Demo:
http://twitteroauth.appspot.com/
Code powering that demo:
http://github.com/tav/tweetapp/blob/master/standalone/twitter_oauth_handler.py
The problem is that when I run the script on my account with my Twitter application information, it goes through the process successfully, but nothing happens. It takes me to Twitter for the "allow or deny" page, but when I allow, it just reverts me back based on the callback URL without the page thinking I'm logged in.
Anyone have any ideas?

You mean the login page in twitter? If your question is about twitter not showing the login page then you are logged into twitter already. If your question is about twitter not showing allow or deny (authorization page) then you have already authorized the application. Twitter doesn't ask authorization question every time.

Related

Microsoft Authentication Library SPA versus a Web App

TLDR: Which is the correct way to check for login states across multiple web pages, a SPA or a Web App.
I'm looking to develop an internal staff website for a company I'm working with. We currently have a SPA configured and developed and working properly but as we are adding more features I'm thinking that we are going to need more than one single page.
Correct me if I'm wrong, but this is my current understanding of MSAL.js with SPAs. Let's say a end-user is attempting to access our staff page at [company].com/home, if the user has not authenticated with their account that is stored in our Azure AD, the end-user can authenticate only for that page and their session state can be stored in the local storage, so when they access [company].com/home, their login can be acquired silently and the end-user will not have to log in again. If they do not have an account, they will not be able to access any page.
Also, by this logic, if the end-user accesses [company].com/staffresources, they will have to also login for this page as well, in addition to the cached login for [company].com/home, and the same will follow for each page throughout the website. At least, that is my understanding, correct?
I do see that there is an option for a Web App, would this solve the issue to where the end-user would have to authenticate each seperate page that they attempt to connect to? Or is there a way to check for a login state using a SPA, if the user has not been authenticated, they are can be redirected to a [company].com/login.
Any direct links to proper documentation for a solution would also be greatly appreciated.
localstorage is segmented by domain, not by each individual page. If a user signs in with msal.js on [company].com/login they will be signed on every page under the [company].com domain.

What is an ideal login workflow along with Facebook's OAuth2?

So today, I tried playing with Facebook's OAuth2 in my AngularJS application. I was able to make an activity work by clicking a Like button in my app. I'm also able to check if I'm logged in to Facebook using FB.getLoginStatus(). So my question is, if we currently have a login page, what is the ideal user experience when combining it with Facebook?
Do you display Facebook login page then goes back to your original login(this is what is happening on my application right now)
Do you display Facebook login page then once you've been logged in, bypass your original login page and allow the app to bring you directly to the main application. But how do I find out the facebook username that was used to log in?
any more ideas?

Salesforce Mobile SDK Issue Login "Receiving Remote Access Authorization Error"

I am using the salesforce mobile sdk to develop an application in native IOS. I was doing some testing logging in as a user. All was fine. Then I logged out. When I logout I call the coordinator revoke authentication method. I then tried to login as a new user who had never logged into the device and I received the following error: "Receiving Remote Access Authorization Error there was a problem in setting up your remote access." I then selected the Not me link and it logged me out. However, when I tried to login again as the user that wasn't able to login it takes me to the salesforce website for that user?!!!! It did not take me to the application but to the salesforce website? Anyone know why first the error above occurs? Does it have to do with a possible token issue? Also why would I be driven to the salesforce website when I try to login as the user again?
Note: The salesforce login is in its own webview component. I had a button to force a logout no matter where I am in the app. When I force the logout and try to login as the person it then takes me to the application. Very confused in terms of what is going on in this scenario.
There is potentially a solution posted here, or at least some clues: seems to suggest a timing issue and refreshing the web view in applicationDidBecomeActive might fix it
https://developer.salesforce.com/forums/ForumsMain?id=906F00000009CBgIAM
Also more information here:
http://help.salesforce.com/apex/HTViewSolution?id=000175700&language=en_US
You might also try making sure that you have a Connected App properly set up under Setup/Create/Apps, and that the key and return URL match those hardcoded in your app.

Google Accounts customization in GAE

Well, this question is regarding the authentication system of an app in GAE. I've read several posts and found out the best way to manage the user authentication stuff is using the Google Accounts service. I've read several suggestion (here is one of them) but they don't really give a solution to the problem.
Here is what I want to do: I am going to use the Google Accounts service and I want to know if there is a way to change the login and create account page, so that I don not have to redirect the user to the Google Sign-in form, but rather redirect the user to my own login form and then forward those data to Google Servers. I would like to do the same exact thing with the register form. In conclusion I need that the user feels she is using the login of my application, but is really using the Google Accounts service.
Here is an example of something I want to do: This webpage uses Google Accounts Service, but the login form, is a custom form that then (I imagine) forwards the data to Google Servers and then logs the user in.

authentication redirect with offline webapp (gae python, html5)

To GAE+html5 gurus out there :)
When user logs on to a GAE hosted application, his credentials are stored locally in a cookie (correct?).
After this cookie expires (e.g. if users hits logout on another browser tab), no login_required protected methods will work.
Regular webapp will require re-authentication next time the user navigates to a login_protected url by automatically redirecting to a login screen.
What would be the right way for a cached webapp to be handling this?
My test is a simple login_protected page accessed by Chrome and iOS browser. It's cached and accessible offline as expected. Then, (while online) and after the authentication expires, the server log shows a 302 response which is followed by 200 response of the authentication dialog page, but of course no authentication happens.
Thanks!
If you are using google authentication to provide access to your page . Which means even if you are logged in one of the other google services. Your cookie still exists in the browser. login_required will assume that you are logged on based on the cookie. What you are seeing is a redirection to google's page that's 302. If you want you can manage sessions on your own and check for authentication based on your data in data Store.There are lot of solutions availble for both Python and Java .

Resources