I am migrating to the new-ish google auth api based on google.accounts.id and documented here https://developers.google.com/identity/gsi/web/guides/display-button
Using the old API I was able to check if a user was logged in before displaying the login button using gapi.auth2.getAuthInstance().isSignedIn.get().
What is the equivalent with this new google.accounts.id approach?
According to their docs, that method has been removed and it's now up to you to directly manage the state of a user's session state: https://developers.google.com/identity/oauth2/web/guides/migration-to-gis?authuser=1#session_state.
I'm dealing with the same issue as you and found this possible workaround using a Cookie instead to track the user's session state. It might be helpful in your situation: https://stackoverflow.com/a/68855272/8056536
Related
I have a Chrome extension that communicates with my Meteor app through a REST API created with the Restivus package.
The user authenticates to the REST API and then uses authenticated tokens to make any further requests.
So far, everything works fine, as long as he stays within the extension. However, from the chrome extension, I'd like to redirect the user to his profile page on my main website. When that happens, he's no longer authenticated, and must re-sign-in to access the profile page.
I figure this is because the REST API session and the webpage session are two completely different sessions on the server (even though both the API and the webpage run from the same server). My question is, is there a way to maintain the user's logged-in state as he moves from the extension to the main website?
I figure there are a few options:
I'm using the standard meteor accounts package. Is there a way to push whatever standard cookie / data that the accounts package uses, to the user's browser, so that when he goes to the website, he'll be considered logged in?
Push a custom cookie to the user, which I then check for and log him in when he first comes to the website. However, I don't know how to push a cookie through a REST API or generate one in the Chrome extension
Use DDP to communicate with the second session and transfer the login credentials.
I don't know if these are the best options (or even how to implement them if they are...). Has anyone figured out a way to do this already? Thanks!
I would suggest you to develop your own flow of authentification using a token as an URL parameter. You should achieve a similar experience that slack provides with magic authentification links
The idea is to generate a token and add it to the Meteor.users collection for the user logged in your chrome extension.
Then, redirect your user to an url with the token as a parameter. The app checks which user is linked with this token and log him in.
You can get inspiration on what is done in the account package to handle enrollment and reset links, or in the passwordless package
I have successfully implemented the LDAP authentication in APEX 4.2. I am now trying to extend the functionality by using the policy that users are locked after trying to login x times.
This is correctly used in my LDAP server, a user can not login after trying (atm) 3 times. The problem is that APEX displays this as a failed login instead of a message that the user is locked, so the user has no way of knowing why he can't login.
How can this be displayed accordingly?
I am using PL/SQL, for which the package DBMS_LDAP.simple_bind_s doesn't indicate the reason why the login failed. So I checked out the DBMS_LDAP_UTIL package because this gives more return values. Is this the way to go by adding a procedure checking if the user is locked out, or is there another way?
I can't get the DBMS_LDAP_UTIL.authenticate to work though. I copied the existe_user function mentioned here: http://fdegrelle.over-blog.com/article-1311889.html
Running this says my Authentication failed, although I do use the correct user and password.
Any ideas to help me out? Thanks in advance!
If you want everything the password policy extension provides, you have to use the password policy extended operations and controls. In this case you need to use the password policy request control on the bind operation. Then you will get a password policy response control with the response, that will give you the information you need.
I am currently working on the linqtotwitter library.
I am using cookies to store the token and key. My problem isnt with the api as much. It is more with ASP net and page life cycle.
The problem i have with my webform app is the same with the aspnet webform defaultasp sample same at linqtotwitter site.
This is how the api works
You pass the Credentials to Authorize object to Twitter context in a nut shell.
In the sample you authorize and etc. Once the page load the auth.screenname label is changed to your twitter handle because you authenicated and it passed the auth.credentials to the twittercontext.
This is where my problem is. If I hit refresh the label is cleared out but I am still authenicated with twitter so I can post except i can not get values from the auth objects.
How would I keep the state on a refresh so I keep something like the auth.screenname or something else in memory.
I think i would need to preload the twitter authorized context but I have no idea about doing that.
I do not think using a hidden form element is proper because your masking the underlying problem.
If you want to see what linqtotwitter is, it is at http://linqtotwitter.codeplex.com/
You could throw the tokens into Session if you have it enabled, that might solve your issue.
I'm currently developing an ASP.NET website, and I'm using ASP.NET's built-in Login control with client-side cookie generation for state management.
Unfortunately, as I didn't figure out how to append custom information (generated by other controls on my application) to the Login control self-generated cookie, my application generates an additional cookie to store that additional info. Basically, I have two cookies: one managed by the Login control and another managed by me, programatically.
What I would like to know is if it's possible to merge my additional information into the infrastructure's Login control self-generated cookie. This would prevent some issues with the "sliding timeout" feature that could result on my "custom cookie" expiring with the user being logged in - I could solve this one with a custom HTTP Module to prevent it, but that seems to me as an "inelegant" solution.
Any brilliant mind could help me out with this?
Thanks in advance for your attention and support.
Yes, you can store data in the UserData property of the authentication ticket. Please see the section "Storing the Username of the Admin User Who Logged On As Another User" at https://web.archive.org/web/20210304120451/https://www.4guysfromrolla.com/articles/102208-1.aspx
However, you might find the User Profile system to be more useful. https://web.archive.org/web/20211020111657/https://www.4guysfromrolla.com/articles/101106-1.aspx
Our SSO login process uses Forms Authentication against a custom user store in SQL Server.
One of our new security requirements is to only allow an account to have one active session at a time. So any time a user logs in, we will check to see if the login credentials are already active, and preferably prevent the new user from logging in again until the other session ends. Alternatively we could force the other session to end, if that would be easier to implement.
Is there a simple way to do this with Forms Authentication? We've considered a custom approach where we track each session in the database, but it would be a lot of work and we'd probably have to modify all of our applications to detect the session_end, which I'm hoping to avoid. I figure there has to be something in Forms Auth that handles this.
I've seen the MembershipUser.IsOnline() method, which seems ideal, but we're not using a Membership provider.
UPDATE: Just to be clear, I do not need to check whether the current user is logged in, I need to know if somebody else is already logged in using the same account.
Try this:
System.Web.HttpContext.Current.User.Identity.IsAuthenticated
If I understood you correct, you would need to store the last activity state based on the user id.
Membership.IsOnline() is implemented by checking the LastActivityDate property persisted in the membership database.
So somewhere, you would need to track user activity.
You could maybe implement a httpmodule that updates a timestamp for user activity.
If the HttpContext.Current.User property is not null then they are logged in. And Identity.IsAuthenticated is true.