Google's OAuth has blocked request from web view.
However, most of my user enter my website via QR code scanner app (QR code scanner app in general). Qr code scanner app then open webview to my page. User won't be to login or signup through social network (OAuth authentication). I would like to find a way to work this out. Many users have this problem and call to our support.
I am finding the solution or work around to this. I use Google's Firebase, therefore, I could't use other authentication service.
Here is the list of options I can think of..
launch normal browser if webview is detected.. (I'm not sure if this
is possible, the webview is own by the QR code scanner app, I tried
many ways and it didn't work)
set http request header on client to show that the client is NOT requesting from a webview (not possible due to Google's policy "Do not mislead Google about an application's operating environment.")
Related
In one of my use cases for my react web application, my user will open the application after following a link generated by a chat bot.
In this case, the specific chat application is LINE, and all links parsed by the chat window are opened by default, in LINE's own web browser.
When the user attempts to login, the login process is halted, in what I believe is the intended behavior, as google has said it has depreciated web-app logins from app webviews in 2016.
Is there any way I can detect one of these in-app browsers and prompt the user to re open the web app in their preferred browser?
If not, does anyone know of a workaround I can use? Would having a secondary, server side authentication route be the best bet?
My site uses the oAuth2 authentication to let users register/login via their Linkedin account.
Implementation is done using PHP.
The problem is: the oAuth2 authentication always opens in the webbrowser.
It seems this has to be implemented by LinkedIn.
Is there a way to force LinkedIn oAuth to open the app in stead of the browser if the app is available?
Not sure if you got your answer after all these years, but generally it would open in the browser to get the user's consent, and then redirect to the URL you provided with an authorization code that you can use to call the API.
I have written a multiplayer game using Libgdx and I would like to add a facebook login option. On the server side, I am using NodeJS and PassportJS to validate requests. So far I am able to send and receive HTTP requests using Libgdx's HttpRequest and HttpResponseListener.
My question is, is Libgdx able to display an http response in a way that a browser would? If not, I don't see how user will be able to confirm facebook permissions since I cannot show them the response they get from the facebook. I would greatly appreciate if someone can tell me how this would work. (As far as I know, nodejs redirects user to a facebook page, so I will be getting an http content to my code in Libgdx)
Note: I aim to use the application both in ios android and desktop.
I'm doing an application for android, iOS and Windows Phone using Xamarin.forms.
I need to implement login with most common social for all platforms and I have found on web Restsharp.Portable.
I'm having trouble to understand how to use the library (it was correctly imported) for OAuth2 request.
Does anyone have any example or guide that could be helpful?
I struggled with restsharp.portable due to the lack of documentation.
Instead I used the redirect URL as a way of getting the code generated after the user gives permission needed to request the access token.
I gave the browser the correct adddress for the login/permission screen and for the Redirect I set to a made up address (http://madeupaddress.com) and on the Navigating event of the browser checked if the url started with my made up address, if so, I cancel navigation, closed the browser and take the token from the URI.Query parameters found in the navigating event parameters (or named differently depending on control/platform). I thenapply for the access token using the code via Microsoft HTTP Client.
This was for Windows Phone 8.1.
Thanks go to Vittorio Bertocci
I ended up using Microsoft Httpclient for the access token.
I am using facebook/twitter logged in user to authenticate my web api. i followed this
Okay that was most likely what I what. But my view page will be differently hosted. That is user will be logging in with a different page and they will send an ajax request get values from api controller.
I would authorize the web api only to user who is logged in.
If by "differently hosted" you mean on separate domains, then you won't be able to share a cookie between the two. If you mean that the client is a iOS app or Windows Phone app running on a device, the general pattern is to use a "Browser Control" and build a little UI as part of your API site. You can show your users this UI in the browser control and then scrape the token out. If you use Azure ACS, this is much easier with the "javascriptnotify" protocol that enables the token to be pushed out of the browser control.
The best article I've seen on this is http://www.cloudidentity.com/blog/2012/04/04/authenticating-users-from-passive-ips-in-rich-client-apps-via-acs-2