I'm running into a strange problem accessing to User birthday from my site.
The Facebook App is configured to have Birthday access:
From Server Side I get the Token using my AppId & AppSecret and then I call Facebook with:
https://graph.facebook.com/[USER ID]?fields=id,birthday,email,first_name,last_name&access_token=[MY TOKEN HERE]
As response I get all the Fields I'm interested in (email, first name, last name etc) except for BIRTHDAY.
In the App configuration the Birthday field is approved:
If I call it from the facebook console with the App Token:
As suggested by Facebook support, this is NOT working by design.
I was using the "App Token" to access to the personal information instead of the user token. Using the user token everything worked like a charm.
In few words: to access user info, use the user token.
Related
I'm working on chrome extension (provides main functionality) and the complementary website (mostly profile and billing related functionality) both backed with firebase backend.
I'm wondering if it's possible to implement the below scenario:
user logs in with the extension using firebase authentication (with firebaseUI lib)
I store a token that I can use to reauthenticate that user (is there such a token?)
when user opens the website, I login that user automatically with the token.
While both the extension and the website has their login/signup forms I'm wondering if it's possible to login user in the extension and to somehow automatically login that same user on the website so they don't have to enter their credentials twice?
So far I was hoping that I could use something like below:
firebase.auth().currentUser.getIdToken(true).then(function(idToken) {
console.log("idToken = ", idToken)
})
And then to use that idToken like this, since if I understand correctly, it's an AWT:
firebase.auth().signInWithCustomToken(idToken).catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
console.log("signInWithCustomToken: error = ", error)
})
But it gives the following error:
code: "auth/invalid-custom-token"
message: "The custom token format is incorrect. Please check the documentation."
I can parse the token on https://jwt.io/ which shows all the user information but in the end it says "invalid signature"
So I guess this token can be only used to check authentication (like admin.auth().verifyIdToken(idToken)) but not to login user. Am I right?
I know I can create a custom token, but is there any straightforward way to workaround that and to login user from one place only using firebase funstionality? (of course without storing username/password)
You can't sign in with a Firebase ID token. What you can do is the following:
Keep the user session in the chrome extension and run all authenticated requests from there. Use postMessage (with origin verification) to talk with extension from app anytime a request is to be sent. With this you don't have to worry about session synchronization and no Firebase tokens are stored or passed to the web app or every web app that can access the extension.
Add a postMessage API to get an ID token from the extension after verifying the origin of the request. You can then send the request from the web app with the ID token. (less secure than 1 but easier to implement and session is stored in one place).
Create an HTTP endpoint that takes an ID token and returns a custom token. This would verifyIdToken and then create a corresponding custom token for that user using createCustomToken provided by Admin SDK. You then postMessage that from chrome extension to the web page after verifying origin and signInWithCustomToken with that custom token in that web app. This is the least secure as you are providing an endpoint to exchange a short lived ID token with an indefinite session. You will also deal with synchronization issues (user signs out from chrome extension, you have to sign out from websites, etc).
In Paw App, I've managed to retrieve a Facebook OAuth token as described in the documentation but I can't find how to login with another Facebook user.
I had to enter my Facebook credentials the first time I retrieved the access token, and now it doesn't request it anymore. The sessions are empty (created a new one and deleted the default one).
Any suggestion?
I'm currently working on a project where we want to connect facebook profiles to existing (and logged in) Okta users.
The website is made in ASP.NET using Sitecore 6.5.
We use the "Authorize URL" to do our login and account linking with redirect callouts.
I can register and create an account with the facebook identity provider when the user isn't logged in in Okta. In this case it follows the Callout redirects and we get a tx_id. Hover when you're logged in to Okta and you visit the same "Athorize URL" it follows the redirect_uri where you get a id_token as result. this is an JWT string which I managed to decode (example result).
How can I use the information in the JWT to link a user to the identity provider? Or is there another way to do this? I can't find any methods or API calls to add a user to an identity provider without the tx_id.
I believe you used https://developer.okta.com/docs/api/resources/social_authentication.html to add FB social auth for users. Yes, once you browse the final url
https://example.okta.com/oauth2/v1/authorize?idp=0oa0bcde12fghiJkl3m4&client_id=AbcDE0fGHI1jk2LM34no&scope=openid%20email%20profile&response_type=id_token&response_mode=fragment&state=someState&nonce=someNonce&redirect_uri=https://app.example.com/social_auth
you will be redirected to your app https://app.example.com/social_auth with id token in the url. In the redirected app you can read, decode and create session for user. However, the same user profile is also created in Okta.
Once the social auth user profile is created in Okta, you can use that to get id token next time.
We have an ASP.NET application where we need user's email in order to further send them transactional email. We have added Twitter Signup but not getting email address along with access_token.
We have checked twitter documentation and their FAQs for the same but have had no luck so far. The FAQ says that we need to ask for user's email in as a distinct act:
recently I came to a website http://medium.com which asks for email while authentication in it's scope, please refer to the image below:
I'm not sure how do I add email scope to my twitter application. Any help is highly appreciated!
It is not possible to get user's email address from twitter.
This can be made possible by filling out a form to request elevated permissions:
Go to https://support.twitter.com/forms/platform
Select "I need access to special permissions"
Enter Application Name and ID. These can be obtained via
https://apps.twitter.com/ -- the application ID is the numeric part
in the browser's address bar after you click your app.
Permissions Request: "Email address" Submit & wait for response
Anyone can help ,
I have created an api key and and secret key but I am getting an issue regarding to the login section means the api redirect to the https://auth.aweber.com/1.0/oauth/authorize_app/ url and here need a username and password but I am inserting my username and password but its not open and send me a message like
Notice: Invalid credentials - please retry
Make sure that you're using valid AWeber credentials when filling out that form. The username/password are not the API developer account from https://labs.aweber.com, but an actual AWeber account (i.e. what you would use to login to https://aweber.com).