I want to open a website in my mobile app to make the user log in to a specific page (so he can trust that it's the real website), if the login succeeds, there is data in the response which I need for my application. Is there a way to get the response data from the Xamarin.Essentials WebView or Browser or something else?
Some additional Information after Juan Sturla's hint:
I've got this url:
https://steamcommunity.com/openid/login?openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.realm=https://MYAPP&
openid.return_to=https://MYAPP/signin/
This link refers to the Steam login page. Can I somehow tell the Authenticator to return to the app after logging in without setting up a Backend? Like is it somehow possible to magically bind the app as return URL? I'm on iOS btw.
Thanks a lot in advance
We are using the Microsoft MSAL library to authenticate our users. When a user needs to login, they are shown this dialog each time. Is there a way to disable this prompt so the login experience is more seamless?
This pop-up occurs anytime the app uses SFAuthenticationSession or ASWebAuthenticationSession, MSAL.NET does not control what is displayed there, as that is the point of the pop up, it is to initialize a private dialog with the user, outside of the app. From Apple's developer site: " users are prompted by a dialog to give explicit consent, allowing the application to access the website’s data in Safari. When the webpage is presented, it runs in a separate process, so the user and web service are guaranteed that the app has no way to gain access to the user’s credentials. "
#Jenny has the correct response. However, for using MSAL against Azure AD, using an embedded webview prevents the prompt from displaying.
The key is this line...
.WithUseEmbeddedWebView(true)
Here is a more complete example when acquiring the token interactively.
var authResult = await PCA.AcquireTokenInteractive(Constants.B2CConstants.Scopes)
.WithAccount(GetAccountByUsername(accounts, username))
.WithUseEmbeddedWebView(true)
.ExecuteAsync();
Can't login using Google Auth,
Error 403: org_internal
This client is restricted to users within its organization.
Go to cloud console (https://console.cloud.google.com/apis/)
APIs and services
Credentials
Oath consent screen
Ensure Application type is set to "public" and not internal.
Obviously assuming that you are creating an app that should be accessible outside your org. If this is related to testing and phones, it is possible to create testusers that are excepted from company policy rules.
The reason for this error is indeed because the Application type is set to "internal".
But setting it to public is not always the right answer...
Add "&prompt=select_account" to the authentication url. This will force the user to select the correct (organization-)account.
Without the parameter, Google tries to show the consent screen for the logged in Google-account, but as it is not an organization-account it will just display the 403 page without giving the user this choice.
https://developers.google.com/identity/protocols/OpenIDConnect#prompt
I had an Internal app that I was trying to authenticate with one of our YouTube channels using an organization account, and I was getting the same error:
Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.
After contacting Google Workspace Support, they asked me to Change the restriction on it from Limited to Trusted.
Steps are mentioned in this support thread: https://support.google.com/a/answer/7281227
Open the Google Admin Console.
From the sidebar menu, choose: Security → API Controls.
Click on MANAGE THIRD-PARTY APP ACCESS button.
Hover the cursor over the required app and click on Change access.
Choose the option: Trusted: Can access all Google services
And save the CHANGE.
Once you've done, take note that there will be 24 hours of propagation on it before it gradually takes effect.
Make sure, for the browser you are using, that you have logged out of "All" Google account(s). This should force the "select account" windows to display.
We have almost exactly the same problem while trying to configure WP Mail SMTP for Wordpress.
The OAuth Client's Application Type has to be "Internal" so changing it to "External" was not an option for us.
Hope this helps.
I had the same issue and in my case was because the project didn't had a support email address set it.
I fix it by adding one on the Firebase Console > Project Settings > General under the Public settings section.
This error is most likely due to the configuration of your application in Google Cloud Platform.
Setting your application to "internal" is causing this error. Try making your app "external" in the OAuth consent screen, but make sure it is in a "testing" status. Then, add yourself to the test users. This configuration will work well for an internal, lightweight application.
Once complete, try to authenticate with the channel again.
I had the same issue with a project. The error only appeared if I tried to log in to my app while already logged in with an account outside the organization (worked just fine while logged out of all accounts, or while logged in with an internal organization account). I had to change the OAuth Client's Application Type from Internal to Public in the Google Dev Console.
More info can be found at https://support.google.com/cloud/answer/6158849?hl=en
Maybe you have another google email to login, not the correct one.
I created a Microsoft Account using my work mail.
Using this account, with 50$ credit, i tried to register my bot (already published using visual studio 2017). The problem is that when i tried to obtain the credentials for my bot, i'm getting an error that says i don't have enough privileges (even though i'm supposed to be the administrator of the account)
Button i clicked to get credentials
Error image
Please log into http://aad.portal.azure.com and go to Users and Groups -> User Settings and check if Users Can Register Applications is set to Yes.
I can’t seem to be able to force the user consent dialog to appear.
The first time user logs in, the consent dialog properly comes up.
However, after we change the app permissions or the user manually removes the app consent (from portal.office.com/myapps) then we can no longer cause the consent dialog to re appear.
Details:
UWP Windows 10 native client connecting to WebApp (ASP.NET) which calls downstream WebApi (O365) using the “on-behalf” oath2 pattern (using latest 3+ ADAL libraries)
Single tenant WebApp (no special admin perms)
After changing WebApp permissions (eg adding more o365 apis) or the user removing the WebApp consent, the WebApp’s AcquireToken returns AADSTS65001
Using wtr.Properties.add(“prompt”, “consent”) in the UWP client app does not cause consent dialog to re-appear
Re-cycling WebApp (to clear the built-in AAD token cache – it doesn’t use its own token cache) or clearing the client’s token cache (by login out) does not help
What is the proper way to having the user re-consent?