I'm currently working on a project where we want to connect facebook profiles to existing (and logged in) Okta users.
The website is made in ASP.NET using Sitecore 6.5.
We use the "Authorize URL" to do our login and account linking with redirect callouts.
I can register and create an account with the facebook identity provider when the user isn't logged in in Okta. In this case it follows the Callout redirects and we get a tx_id. Hover when you're logged in to Okta and you visit the same "Athorize URL" it follows the redirect_uri where you get a id_token as result. this is an JWT string which I managed to decode (example result).
How can I use the information in the JWT to link a user to the identity provider? Or is there another way to do this? I can't find any methods or API calls to add a user to an identity provider without the tx_id.
I believe you used https://developer.okta.com/docs/api/resources/social_authentication.html to add FB social auth for users. Yes, once you browse the final url
https://example.okta.com/oauth2/v1/authorize?idp=0oa0bcde12fghiJkl3m4&client_id=AbcDE0fGHI1jk2LM34no&scope=openid%20email%20profile&response_type=id_token&response_mode=fragment&state=someState&nonce=someNonce&redirect_uri=https://app.example.com/social_auth
you will be redirected to your app https://app.example.com/social_auth with id token in the url. In the redirected app you can read, decode and create session for user. However, the same user profile is also created in Okta.
Once the social auth user profile is created in Okta, you can use that to get id token next time.
Related
I am building a Next.js application that uses NextAuth for authentication. On my landing page, I have an email input form that users can fill out and submit. When the user submits their email, they are redirected to a createOrSignIn page, and the email is added as a parameter to the URL.
On the createOrSignIn page, I have implemented a reCAPTCHA that verifies whether the user is a human. After the user is redirected, I extract the email from the URL and validate it. Then, I need to make an API request to my backend Next.js API to verify the reCAPTCHA token and sign in the user using email provider.
However, I am having trouble finding a solution to log in the user using the email provider from the backend.
Can anyone provide guidance on how to sign in a user using the email provider from the backend with NextAuth in Next.js?
Thank you in advance for any help you can provide!
I have tried several approaches to log in the user using the email provider from the backend with NextAuth in Next.js
What I expected to happen was to be able to log in the user using the email provider from the backend with NextAuth in Next.js without requiring the user to be redirected.
The flow I expect is as follows:
User fills out and submits the email input form on the landing page.
User is redirected to the createOrSignIn page, and the email is added as a parameter to the URL.
ReCAPTCHA v3 is displayed on the createOrSignIn page.
After validate email, a request is sent to the backend API to verify the reCAPTCHA token.
If the reCAPTCHA token is verified, the user is signed in using the NextAuth email provider, and a response is returned to indicate whether a verification email was sent to the user and whether the user exists or is new.
If the user is new, a new user form is displayed where the user can fill out their username.
Sorry I am newbie in Drupal, I was trying Drupal 8 as my website, I have token generate from SSO base on Oauth2 from another website(not Drupal) which is contains uid, name, and some credential. I want to create user with uid from token automatically if not exist in local user db and automatically login if user exist in db or after creating user.
I have try External Authentication module but because there is no documentation, I don't know what must I do to implement this module.
Hope some master can guide me to implement token
What I want is:
How to create function with specific url contains token
Get uid etc base on token then login automatically
How to logout if we using SSO from other website?
Thanks, for your help
I want to use the Windows Live Id Authenticaiton in my Asp.Net/MVC web application, but I do not want to use the Login screen provided by Microsoft.
I want to have my custom page for login, take username and password from User and then send these credentials to the Windows Live ID, to Authenticate, and I get back the response if the user is authenticated or not.
Is this possible?
I want to have my custom page for login, take username and password from User and then send these credentials to the Windows Live ID, to Authenticate, and I get back the response if the user is authenticated or not.
You missed the point of single sign-on authentication. Using that, the user does not provide their credentials to your site, but to the SSO provider. That provider gives you a token which lets you act on behalf of the authenticated user.
The user's credentials are never received by your site.
So no, you cannot, nor should you want to, do this.
Background: I'm using Open ID authentication in my asp.net website. Here is how it works currently - User would pick an Open ID provider from dropdown (google/yahoo/myopenid/etc..) and then click on Login button. The application would then pass the user to the provider authentication page. On successful authentication and authorization on the open ID provider site, user is directed to my application. So far, so good.
Problem: On the Open ID provider authentication page, if the user chooses/clicks Sign Up, then the provider is following its own workflow and the control never returns to my application.
Question: Is there a way where I can disable the dynamic registration on provider (i.e., the Sign Up)?, so that, the user would then be required to register with the provider and then use my application? Or
Is there a way that I can get the control back once the dynamic registration is done?
No. The OpenID protocol has no such provision and while it would be courteous of a Provider to remember to ultimately redirect their new user back to your site, not all do.
I am using the Facebook login api in my website, currently I am checking if the FB userid exist in my SQL Server database, if it does, the user is allowed to access my website else he will be directed to the Facebook registration plugin page.
The thing is I am also using aspnetdb which in my web.config authorisation, I block all users accept for users who are logged in and authenticated by the aspnetdb membership provider, hence my problem is for users who uses logs in successfully with Facebook gets block by my app's non-fb login page. How should I go about authenticating users who logs in via Facebook? Thanks.
Facebook login/registration API provides you with the FBUserid, it should be stored in your SQL server DB against the user. If a new user comes to your website and registers via FB, you should generate corresponding user in your database too with some default password (random and different for each user) You can provide the functionality that, if a user registered with FB wishes to user your application's login, you should send him the default password via email and ask him/her to change on first login.