I have written a multiplayer game using Libgdx and I would like to add a facebook login option. On the server side, I am using NodeJS and PassportJS to validate requests. So far I am able to send and receive HTTP requests using Libgdx's HttpRequest and HttpResponseListener.
My question is, is Libgdx able to display an http response in a way that a browser would? If not, I don't see how user will be able to confirm facebook permissions since I cannot show them the response they get from the facebook. I would greatly appreciate if someone can tell me how this would work. (As far as I know, nodejs redirects user to a facebook page, so I will be getting an http content to my code in Libgdx)
Note: I aim to use the application both in ios android and desktop.
Related
I'm developing an app that needs to get info from a third party API. I've been developing it to be a web application with Vuejs. For the requests I tried to use axios, jquery and the fetch API, but I'm having trouble with the preflight requests, it seems that the API is not treating the OPTIONS requests properly and it throws me a 405 error (I made a GET request on the same url through Postman and it worked normally and I also edited a OPTIONS request on firefox network panel to become a GET request and it returned a 200 status).
Now I'm thinking of abandon the idea of the web application and work it as a desktop application, but I need to know if the preflight requests are going to be a default behavior in this kind of app too.
Thanks for your attention!
No, CORS preflight requests are made by browsers, and are necessary due to the browser security model. They would not be used by a desktop application.
You can easily test this with curl, postman, etc. It sounds like you tried this, but the details you've described are off. Don't change anything to GET. Use the actual request you're trying to make, but do it outside the browser context. If the API responds appropriately then it should work in a desktop application.
This might seem like a strange question, but is it possible to detect and reject requests sent to my web server from outside my UI? For example if someone sent a post request to create a resource using the correct authorization token or session info from a tool such as Postman, could it be detected?
I want to prevent someone from using my application as some makeshift API.
Probably the best you can do is to just make sure (or come close to that) it's a human being by using a captcha service such as reCaptcha
Google's OAuth has blocked request from web view.
However, most of my user enter my website via QR code scanner app (QR code scanner app in general). Qr code scanner app then open webview to my page. User won't be to login or signup through social network (OAuth authentication). I would like to find a way to work this out. Many users have this problem and call to our support.
I am finding the solution or work around to this. I use Google's Firebase, therefore, I could't use other authentication service.
Here is the list of options I can think of..
launch normal browser if webview is detected.. (I'm not sure if this
is possible, the webview is own by the QR code scanner app, I tried
many ways and it didn't work)
set http request header on client to show that the client is NOT requesting from a webview (not possible due to Google's policy "Do not mislead Google about an application's operating environment.")
I'm doing an application for android, iOS and Windows Phone using Xamarin.forms.
I need to implement login with most common social for all platforms and I have found on web Restsharp.Portable.
I'm having trouble to understand how to use the library (it was correctly imported) for OAuth2 request.
Does anyone have any example or guide that could be helpful?
I struggled with restsharp.portable due to the lack of documentation.
Instead I used the redirect URL as a way of getting the code generated after the user gives permission needed to request the access token.
I gave the browser the correct adddress for the login/permission screen and for the Redirect I set to a made up address (http://madeupaddress.com) and on the Navigating event of the browser checked if the url started with my made up address, if so, I cancel navigation, closed the browser and take the token from the URI.Query parameters found in the navigating event parameters (or named differently depending on control/platform). I thenapply for the access token using the code via Microsoft HTTP Client.
This was for Windows Phone 8.1.
Thanks go to Vittorio Bertocci
I ended up using Microsoft Httpclient for the access token.
I want to automate logging into a website and retrieving certain data.
I thought the way to do this would be to sniff the HTTP requests so I know where the login form is being POSTed to so I can do the same using NodeJS/Java/Python.
However I can't seem to find the HTTP request that handles it.
The site seems to use some Java-applet and a lot of Javascript.
This is the site: link
Should I have a different approach?
Also also wonder about storing a cookie session, and sending it with each HTTP request after logging in.
I'm sorry if I am not to clear, I will try to explain myself further and edit this post if needed.
You can use the developer console (hit F12) in Chrome (this works also in other browsers) and then click the "Network" tab. There you see all network calls.
To detect what http requests are performed from a mobile device, you can use a proxy like Charles Proxy.
Also be aware that if you post from nodejs the cookies won't be set in the users browser.