I have created a custom domain for the authentication mail templates in firebase, at the same time I have created a custom index.html in the hosting section. Now when I send password recovery emails the URL is not working, it just shows my index.html. Anyone have any idea what I might be missing.
Before it worked with the default UI of firebase for password recovery and email verification
Assuming you are using the same custom domain, make sure that the configured URL for Authentication has the format https://example.com/__/auth/action?mode=<action>&oobCode=<code>; this is also assuming that the custom domain is correctly configured in Hosting.
Related
So I have email link signin (password less) working for iOS and Android, but if a user requests the email and then opens it on a web browser, they see this message:
Error encountered
{"error":{"code":400,"message":"API key expired. Please renew the API key.","errors":[{"message":"API key expired. Please renew the API key.","domain":"global","reason":"badRequest"}],"status":"INVALID_ARGUMENT"}}
I need them to click the link using their mobile device in order for the authentication to work, but ideally I could provide a more graceful message here that tells them to open the link on the mobile device. Any ideas?
I've now got this redirecting to my own website. Long story short - for some reason my Firebase hosting site was not configured properly and thus this authentication url was not being handled as it should. Fixable by recreating hosting site or just creating an additional site under hosting and using that for the email action url.
What I did was:
Create an Additional Site on Firebase Hosting. I made it additional so I wouldn't have to worry about messing with the Dynamic Link setup that is currently working on the default site.
Then under Authentication > Templates in the Firebase console, I changed the action url to use the new site but still have the (__/auth/action?...) path after the domain.
Now, when this url is accessed via a desktop browser, the user is redirected to the continue url (specified in the action code settings of the mobile app) and I display what I want on this continue url.
I noticed that in my Google API console, Firebase created a new Browser key and that it is being used whenever this auth link is clicked. Perhaps this was the issue all along. I wonder if I somehow restricted the wrong key. Anyways, if you run into a similar issue, check your API keys and their restrictions and/or just create a new additional site in Firebase hosting and use that.
I am building a platform which consists of a public facing 'website' and a PWA which will be on a subdomain on the same server.
Both web apps use the same firebase project and I was wondering if it is possible to share authentication status between the two. i.e. can I redirect a user to the PWA side without them having to login again?
Both apps are written with React, Redux and Node
Store the authentication token in a cookie with the following domain:
.mydomain.com
where mydomain.com is the public site. Now the PWA can access this cookie as a subdomain of mydomain.com.
Subdomains can not access localstorage of the main domain or other subdomains, but can access cookies in the main domain.
If Firebase automatically writes to localstorage, write your own code to delete it from there (or leave it there), and add it as a cookie.
I don't think you need to put the . in front of the domain for your cookie anymore, but you used to and I still do.
I want to add access rights to Wordpress. only allow the users that already login the application on tomcat, can access the Wordpress.
Application(tomcat, not in AWS) ----allow access---> Wordpress (AWS)
External users cannot access Wordpress.
You can achieve this by using WP REST API , After verifying tomcat user authentication, If success redirect ti WordPress site
Finally, I used the JWT(https://jwt.io/) approach with RSA algorithm.
Tomcat side generate the token, and redirect to wordpress url with token
Write a customized Wordpress-plugin to verify the token.
I have an app, and I want enable users log in to the app using my wordpress site's user info. So the user clicks on the sign in button, a new window popsup and opened by wordpress site. And after user input the username and password of my wordpress site, then the user should log in to the mobile app.
So I need my wordpress site behaves like an OAuth server, how could I achieve it, and how to invoke the the OAuth apis?
You need to use WP OAuth server in your Wordpress website and additionally a plugin that enables APIs for your Wordpress site.
For OAuth server plugin, Check below link:
https://wordpress.org/plugins/oauth2-provider/
It works with WP REST API/ JSON API and provides access protected endpoints via OAuth2.
If you want to use WordPress website authentication and users in your application, you need an OAuth server on your WordPress website. This is our product: https://lana.codes/product/lana-passport/
If the user clicks the Single Sign On button (and is not logged in to the WordPress site), the WordPress login interface will appear where the user can authenticate.
Once you have the authentication, you have access to the /resource endpoint, which returns user data according to the scope.
Note: you have to create a Single Sign On solution for your app (it will be an OAuth client), which is connected to the endpoints of the WordPress OAuth server.
So in summary:
the WordPress website needs an OAuth server
the app needs an OAuth client
I am new to wordpress. And I am designing a webvsite that needs the social login buttons.
I have found some plugins, and also used the developers.facebook.com login button, but it is not working with my localhost server. I have also used the Like button from the same site. and
it is working properly.
Same problem is happening with google+. Am I missing something?
Please reply soon..
Thank you!
You can't implement social login w/o appID in it's services, it's public but not transparent.
To enable social login you will need a valid callback URL, so app will know where to redirect user after successful auth. This part is pain in the ass, because you don't have domains at development stage. Plus you will need to configure cookies / sessions to handle authentication at valid domain scope.
If you want to properly configure oAuth or other auth service - do it on isolated production server.