My site uses the oAuth2 authentication to let users register/login via their Linkedin account.
Implementation is done using PHP.
The problem is: the oAuth2 authentication always opens in the webbrowser.
It seems this has to be implemented by LinkedIn.
Is there a way to force LinkedIn oAuth to open the app in stead of the browser if the app is available?
Not sure if you got your answer after all these years, but generally it would open in the browser to get the user's consent, and then redirect to the URL you provided with an authorization code that you can use to call the API.
Related
linkedin authentication is looping back and not allowing you to login via app - any ideas if something has changed as I get the following logged in the API in Linkedin but nothing else... OAUTH2 APP AUTHORIZATION CODE REQUEST
Same here, this may be related to the changes they are applying to their API, here
I am using facebook/twitter logged in user to authenticate my web api. i followed this
Okay that was most likely what I what. But my view page will be differently hosted. That is user will be logging in with a different page and they will send an ajax request get values from api controller.
I would authorize the web api only to user who is logged in.
If by "differently hosted" you mean on separate domains, then you won't be able to share a cookie between the two. If you mean that the client is a iOS app or Windows Phone app running on a device, the general pattern is to use a "Browser Control" and build a little UI as part of your API site. You can show your users this UI in the browser control and then scrape the token out. If you use Azure ACS, this is much easier with the "javascriptnotify" protocol that enables the token to be pushed out of the browser control.
The best article I've seen on this is http://www.cloudidentity.com/blog/2012/04/04/authenticating-users-from-passive-ips-in-rich-client-apps-via-acs-2
I have an issue with one of our clients.
We developed an app, that apparently works fine.
We tested with various accounts.
The issue is that our client can't use the app.
Accessing the client's account, I tried this FB access token tool:
https://developers.facebook.com/tools/access_token/
I tried to use various apps with the client's account, from various vendors.
This is the result (screenshot):
screenshot
What can be the cause? It seems that this account cannot store any access token from any app.
Thank you!
The Access Token tool will only show tokens for apps that the user is an admin or developer of - if they are just a regular user, this will not show up here.
I am looking for a good example for the Facebook C# SDK authorization flow. I am upgrading to version 6 of the SDK and I am having trouble understanding the new flow. I am using the following components:
Asp.net MVC3 Web application
Facebook C# SDK v6
FB Javascript SDK
I am trying to pass the access_token from the FB Javascript SDK to the server for further use.
This flow is outlined in the new documentation at:
http://csharpsdk.org/docs/web/getting-started
I have a the following questions:
Why are they passing the access token in a post vs parsing it out of the cookie.
Don't we need to verify the signed request at the server side before trusting the access token?
First you to have to Follow the conventions that Facebook Javascript SDK is giving to work it with C# SDK.
Answers.
1. Javascript SDK need post back of the page after login in to Facebook. You thoughts are right about getting token from cookie but think what if cookie is disable on browser? Posting access token is the best choice in both cases.
2.Access token already encrypted by Facebook so you dont need to worry about them. If you want more security then you enable encrypted access token in you app settings.
See http://developers.facebook.com/blog/post/572/.
Another thing is that if somehow somebody pass the invalid access token(XSS attack) in post back then also you don't need to worry because access token is validated on Graph API servers, so there less possibilities to effect your Facebook account. You can also enable HTTPS of site to make it more secure.
That's all what I have.
Thanks
Happy Socializing.. ;)
Dharmendra.
I am trying to implement OpenId for an internal web app. Our college is on Google Apps for Edu, so we have the suite of Google OpenID and OAuth exposed to us.
I would like my login page to have the standard username and password, and additionally a button on the side that will authenticate internal users to our app domain.
I have followed the example here http://www.dotnetopenauth.net/developers/code-snippets/programmatic-openid-relying-party/ but it seems that the rules are different for the google apps id than a general google id.
Any help or further documentation would be helpful.
I have the same problem as you.
For your Google Apps login, your relying party URL is https://www.google.com/accounts/o8/site-xrds?hd=example.comsite-xrds?hd=example.com
Where you replace example.com with your URL.
However, As far as I can tell, dotnetopenauth does not handle the protocol extensions google uses when it returns.
However, using https://www.google.com/accounts/o8/id works perfectly fine.
Using this url, you pass off users to Google to login. Google will check for cookies and prompt for a login if required. if not it'll just confirm with the user that they want to associate their authentication with this site and pass you back.
Still trying to get dotnetopenauth to accept the new url: https://www.google.com/accounts/o8/site-xrds?hd=example.com