I'm trying to get google sign in working in my web application using their JavaScript api.
var auth2 = gapi.auth2.getAuthInstance();
// Sign the user in, and then retrieve their ID.
auth2.signIn().then(function () {
onGoogleSuccess(auth2.currentUser.get());
});
It works great in safari, but I get a 403 disallowed_useragent if the user has added my app to their home screen (standalone mode).
Is there any way to get around the new security restrictions? this seems like an oversight for web applications
Related
I have a web application that uses firebase UI to sign user in. We have already replaced the auth domain in firebase config to the custom domain where the app is running and have also tried switching to signInWithPopup but the social providers Facebook and Microsoft do not seem to work on certain iOS and macOS devices while working for those in others. While sign in with Google works for everyone.
Like in my application I am able to login comfortably with Microsoft via firebase UI in India, but on the same iOS version I am unable to do so in USA. Where it gets more bizarre is on macOS I am able to log in to application via Facebook in India and Ukraine but not in USA. This might not be related to regions but to specific devices. But for me since all the devices are essentially the same I don't seem to figure out the issue. Also I have verified and the settings of browsers on all the different devices is same.
`<script type="module">
const authorization = firebase.auth();
const uiConfig = {
callbacks: {
signInSuccessWithAuthResult : function(authResult, redirectUrl)
{
document.getElementById('loader').style.display = 'block';
return false;
},
uiShown: function()
{
document.getElementById('loader').style.display = 'none';
}
},
signInOptions: [
firebase.auth.GoogleAuthProvider.PROVIDER_ID,
'microsoft.com',
firebase.auth.FacebookAuthProvider.PROVIDER_ID,
firebase.auth.EmailAuthProvider.PROVIDER_ID,
firebase.auth.PhoneAuthProvider.PROVIDER_ID,
],
};
// Initialize the FirebaseUI Widget using Firebase.
const ui = new firebaseui.auth.AuthUI(authorization);
// The start method will wait until the DOM is loaded.
ui.start('#firebaseui-auth-container', uiConfig);
</script>`
This is my code snippet, that I am using to render firebase UI. For the devices on which it is not working what actually happening is:
The page loads
User selects sign in with Microsoft
User is taken to Microsoft page (either by redirection or by popup, does not matter in our case)
User completes the sign in on Microsoft page
User is taken back to our page but now the login ui disappears and the loader is not visible
I also checked the user in not signed in by looking at firebase user record in local storage.
Note: For other devices(where it is working) on coming back to login page it tries to extract the login token of user and if it gets it, it is added as the cookie and the application works as expected.
firebase.auth().onIdTokenChanged(async (user) => { if (user) { user.getIdToken().then(function (accessToken) { document.cookie = #Json.Serialize(FirebaseAuthConfiguration.CookieName) + "=" + accessToken.toString() + "; path=/"; }); } });
Devices its working fine on:
Windows Machines
Android Devices
IPhones in India
Devices its having issues on:
IPhone, IPad (Microsoft and Facebook not working USA and Ukraine`your text`)
Macbook(Facebook not working Ukraine)
Macbook (Facebook and Microsoft not working USA and Ukranine
Tried replacing the auth domain in firebase config to the custom domain where the app is running also switching to signInWithPopup
I finally found a solution, safari does not allow sub domain of a site to access its internal storage, which in turn affects all the web browsers running on iOS since they all use webkit. Opting for firebase hosting did not help in my case either, the only possible solution I found was to either Self-host the sign-in helper code in my domain or to Proxy auth requests to firebaseapp.com. The issue lies here with cross domain storage access. In my opinion and my findings Proxy auth requests to firebaseapp.com appears to be the only fruitful way to mitigate this issue.
I have been trying now for a while to retrieve Google Calendar information from a google user in Xamarin.Forms.
I started my journey using Xamarin.Auth but I could not get past an issue where after a login the CustomTab in my Android App would not close. Seems to have been an ongoing problem for years now and several people proposed hacks to get around this problem. I gave up on Xamarin.Auth at this point
So I tried to use Xamarin.Forms Web Authenticator to retrieve the calendar information. The documentation does not mention how to authenticate with Google so I tried this
var authResult = await WebAuthenticator.AuthenticateAsync(
new Uri("https://accounts.google.com/o/oauth2/auth"), // auth url
new Uri("packageNameOfMyApp://"); // redirect url
I am getting an invalid request error
How do I have to choose the first parameter of AuthenticateAsync to properly authenticate with Google?
Do I have to somehow encode the ClientId from my app I obtained after configuring my application login via the Google Developer Console?
It is not possible to use WebAuthenticator with Google. Google requires a web browser to do the authentication and does not permit your app to authenticate by itself. For the same reason, an approach where you use WebView in your app to navigate to the Google authentication site will fail
We are using the Microsoft MSAL library to authenticate our users. When a user needs to login, they are shown this dialog each time. Is there a way to disable this prompt so the login experience is more seamless?
This pop-up occurs anytime the app uses SFAuthenticationSession or ASWebAuthenticationSession, MSAL.NET does not control what is displayed there, as that is the point of the pop up, it is to initialize a private dialog with the user, outside of the app. From Apple's developer site: " users are prompted by a dialog to give explicit consent, allowing the application to access the website’s data in Safari. When the webpage is presented, it runs in a separate process, so the user and web service are guaranteed that the app has no way to gain access to the user’s credentials. "
#Jenny has the correct response. However, for using MSAL against Azure AD, using an embedded webview prevents the prompt from displaying.
The key is this line...
.WithUseEmbeddedWebView(true)
Here is a more complete example when acquiring the token interactively.
var authResult = await PCA.AcquireTokenInteractive(Constants.B2CConstants.Scopes)
.WithAccount(GetAccountByUsername(accounts, username))
.WithUseEmbeddedWebView(true)
.ExecuteAsync();
I am working with a previously working Angular 8 project. The Auth module is not working as expected. When you click "login with google" the google account picker window pops up but then dissapears immediately.
Basically 403: Requests to this API identitytoolkit method google.cloud.identitytoolkit.v1.ProjectConfigService.GetProjectConfig are blocked
In the debug window I get the following error chunk:
{"error":{"code":403,"message":"Requests to this API identitytoolkit
method
google.cloud.identitytoolkit.v1.ProjectConfigService.GetProjectConfig
are blocked.","errors":[{"message":"Requests to this API
identitytoolkit method
google.cloud.identitytoolkit.v1.ProjectConfigService.GetProjectConfig
are
blocked.","domain":"global","reason":"forbidden"}],"status":"PERMISSION_DENIED"}
}
I have tried this on a couple of enviornements and it is still happening.
Make sure that your apiKey has access to the Identity Toolkit API. The security policy configuration may have been updated.
See Firebase auth internal error “SignUp are blocked” on web
I have create an app to achieve login-with-linked-in functionality. Previously it worked fine, but all of a sudden it stopped working.
Previously if user already logged-in to LinkedIn, clicking the login-in-with-linkedIn button will lead user to there corresponding dashboard, otherwise login-popup open and user details get saved in db and user redirects to corresponding dashboard,But now nothing happening.
Note:- I have used my custom button to use this functionality. not the linked-in provided button code.
Here is my code and app creation steps:-
Button code:-
<?php echo Labels::getLabel('LBL_Linkedin',$siteLangId);?>
Javascript sdk code:-
<script type="text/javascript" src="//platform.linkedin.com/in.js">
api_key:*********
authorize:true
</script>
<script>
function doLinkedInLoginForBuyer(){
IN.User.authorize(function(){
onLinkedInAuth();
});
}
function onLinkedInAuth() {
IN.API.Profile("me").fields("email-address","first-name","id").result(function (data) {
processLinkedInUserDetails(data);
}).error(function (data) {
$.systemMessage('There was some problem in authenticating your account with LinkedIn,Please try with different login option','alert alert--danger');
});
}
processLinkedInUserDetails = function(data){
data = data.values[0];
fcom.ajax(fcom.makeUrl('LinkedIn', 'loginLinkedIn'), data, function(t) {
var response = JSON.parse(t);
if(response.status ==0){
$.systemMessage(response.msg,'alert alert--danger');
}
if(response.status ==1){
location.href = response.msg;
}
});
};
</script>
Note:- It seems that onLinkedInAuth() as well as processLinkedInUserDetails() functions are not called at all now. Previously they worked fine.
Let me know if any other details are required. Thanks!
After a long discussion with LinkedIn Customer Support they just said that they didn't support API-related issues. They asked to buy a premium account for any kind of technical support
Also I come to know that they stopped giving support for Javascript SDK.
Check here:- JavaScript SDK is not currently supported
Solution:- Now I followed the below post and make it work:
https://www.codexworld.com/login-with-linkedin-using-php/
Visit LinkedIn Developers page and log in with your LinkedIn account credentials.
Click the Create app button to create a new LinkedIn app.
Provide the information about your app and click Create an app to submit the app registration form.
App name – Name of the application.
Company – Name of your company.
App description – Workflow of the application.
App logo – Logo to display on the OAuth dialog.
Privacy policy URL – URL of the Privacy Policy page.
Business email – Your email address.
Products – Select the products that you’d like to add to your app.
On successful app creation, the page will be redirected to the App settings screen.
Switch to the Auth tab » Scroll down to OAuth 2.0 settings section.
Specify the redirect URL in the Redirect URLs fields and Update the App settings.
Note: The Redirect URLs must be matched with the Redirect URL that is specified in the script.
In the Application credentials section, you will see the Client ID and Client Secret of your LinkedIn App. The App ID and App secret need to be specified in the script at the time of the LinkedIn API call.
Now you have to create PHP code that will call linked-in API with the help of Client ID and Client Secret.
Kindly check Php code of thread for example.