We're using Google and Facebook SSO allowing our users to sign up and login with these services. However, if a user signs up or logins in with either service (rather than creating a standard email login), we lose the referral source in Google Analytics -- and, instead, sign up and upgrade sources are attributed to accounts.google.com or Facebook.com. Anyone have some thoughts on a workaround?
This requires some backend work. Whenever one of your users clicks on the login button with either services, you backend should 'remember' him using a cookie or any other parameter. In that way whenever he comes back from exactly the url of your Facebook SSO or accounts.google.com you should set the GA tracker referrer parameter to the one of your site's URL. You can do this in basic js code like this
ga('set', 'referrer', 'mydomain.com');
In this way you won't see these invalid referrals anymore.
Related
I want to be able create calendar events in my Action that runs through Google Assistant.
Right now I was able to modify this Quickstart guide (https://developers.google.com/calendar/quickstart/nodejs) and use it in my current Dialogflow fulfillment. However, it's a little tedious to have the user have to copy and paste the authentication code after allowing Google Calendar access. Are there any better ways to do this that doesn't require the copy-paste flow? Thanks in advance!
Use Account linking with Google Sign-In
https://developers.google.com/actions/identity/google-sign-in
Then send a card to the user device with a link to authorise Google Calendar access. Store the authentication code securely against the user. Use the authentication code to make requests.
Broadly speaking, the approach you can take is to use Google Sign-In, as outlined in this SO answer: Google Home Authorization Code and Authentication with Google Account.
With this scheme, you use a website to get the user to authorize your use of the Calendar API scope, and you store the auth token against their UserID. Then you use Google Sign-In with the Assistant to get that ID. This works well if they go to your web page first, but not as well if they go to the Assistant first.
You can also setup an OAuth server that lets users sign-in using Google Sign-In on a web page (or use something like Auth0 and, as part of that sign-in, get authorization for the Calendar scope. Then use OAuth Account Linking in the Google Assistant to get an auth token which you can use to get the user's ID. You can then use this ID to lookup the authorization token.
Referencing this post
, I tried to create an access token for my Google Actions. I enabled Google sign in, and end up with a user-id. The top post says "You can combine this with a web- or app-based Google Sign-In to get their permission to access OAuth scopes if you need to access Google's APIs" but I honestly have no idea how to do that. What I'm trying to do is get an access token from Google Actions/ Dialog flow to send to my server-end code in order to make a successful API POST request to Google Calendar API.
The post you reference that points to another StackOverflow answer that discusses the approach. It basically says that you need to combine two things to do what you want:
You use Google Sign In on a web page to let the user authorize you to access the calendar on their behalf.
You probably should use the hybrid flow so the access/refresh tokens are only handled on the server side - not in your web client.
Your server will store the access/refresh tokens in some way so you can use them as part of your Action later.
You will use Google Sign In for Assistant to authenticate the user when they connect through the Assistant and determine if they have already authorized you to access their calendar. If they have, you'll be able to get their access/refresh tokens out of your store and access their calendar.
You can't do it completely through AoG/Dialogflow because there is no way for the user to grant OAuth permissions to you by voice alone - this is why you need to direct the user to a web page for them to grant you permission to access their calendar.
TL;DR;
Facebook login makes the original referral URL change since and in GA it will look like they originally came from a Facebook.
We have the following problem using Google Analytics (UA) for Facebook (Oauth) login:
user lands on /page/1?utm_campaign=aaa and GA session is created with correct initial referrer, campaign etc.
user visits a few other pages and decides to register using Facebook
Facebook login makes the user's browser to go to facebook and come back which changes the referral and thus creates a new GA session
When user lands back on our callback url we fire an event that is converted to goal in GA
The problem is that all users who register using Oauth have the referral set to Facebook and the landing page to the page where they land after Facebook's callback because that's when GA "resets" the session :( .
Is there a way of joining the two sessions in GA and making it know that it is the same user all the time so that Facebook registers keep the full information on initial referrer, landing page, UTMs etc. ?
Follow FB SDK example and OAuth dialog will open in a popup window.
It will remove the issue with GA.
Most of OAuth providers that I know also support opening a dialog in a popup window.
Can i log in to my Facebook account (Knowing user id and password), in the server using Facebook php-sdk, and without need to click any URL?
If yes, please explain.
It is against Facebook's Terms of Service to use a user's email address and password to login to their account. You should instead use the Facebook API to achieve this, but it requires manual login by a user.
There are ways of achieving automatic login using credentials, but since it's not allowed, I won't go into detail. Facebook also detects and prevents most of the common method of auto-login.
Been searching for an answer for this for a while but nothing that I can find that is useful.
Basically in the organisation I work in we use Shibboleth for user authentication.
We probably have 200+ sites & Shibboleth works effectively for these.
However, one site in particular is protected using Shibboleth (if the user is not a valid user they have to sign up for an account in this process also) which is causing an issue with our Analytics (Google Analytics). The referrer to the site is ALWAYS the shibboleth authenticator.
What we need is a facility to track conversions on this site based on source/campaign the user arrived from. The proposed solution right now is to use a Tag Manager product to fire off specific tags based on a combination the referrer or campaign. This one single site is used for a multitude of things (all prospective leads to EPR) but we need different information based on how the user landed on that page.
We are tracking all the interaction points that lead up to this (i.e. tracking potential leads) but a lot drop out during the signup process and right now we do not have actual conversion data, meaning the Marketing etc is being spent based on highest traffic source rather than which source or campaign is most effective.
The problem is when a user signs in, signs up using Shibboleth, Shibboleth sets a new cookie for that session. In Google Analytics all the referrer to this site are from the authenticator.
Is there some configuration issue with GA that I am overlooking for this scenario or is there something that can be done with Shibboleth so that the initial referrer (rather than the authenticator) being passed as the referrer which in turn would facilitate the rule creation of the Tag Manager to fire off the required tags
If you use Universal Analytics, you might be able to overcome using the new Referral Exclusion:
You can exclude specific domains from being recognized as referral
traffic sources in your Analytics reports. A common use for this
feature is to exclude traffic from a third-party shopping cart to
prevent customers from being counted in new session and as a referral
when they return to your order confirmation page after checking out on
the third-party site.
Google Analytics recognizes the URL you use to set up a new property
in your account and automatically excludes this domain from your
referral traffic, so you won’t see self-referrals in your Analytics
reports.
https://support.google.com/analytics/answer/2795830?hl=en
Another option might be to pass a parameter across the login page when you request an authentication. If you set your fields in the request correctly, you could have Shibboleth send your user back to any page or with any query string, such as adding ?source=original_page_name. After authentication, these parameters should be available to manipulate or pass on to GA. This won't actually spoof your referrers, but it will get you the data you need.