On my website, the user can log in through Facebook.
I have also created a Facebook canvas app which consists of a small part of my website.
Through the Facebook canvas app, the user can access certain features of the site regarding their site account.
It works great when the user accesses the FB app while already being logged into the site.
However, if the user accesses the FB app while NOT being logged into my site - how do I log them into my site through the app?
It would be ideal if I could somehow automatically log them into their account when accessing my site through the FB app.
If that isn't possible, I would like the user to be able to log into my site through the Facebook app.
However right now when I redirect to the oauth login I get the following error:
Refused to display
'https://www.facebook.com/dialog/oauth?response_type=code&client_id=…nLpHx7N5X--Q'
in a frame because it set 'X-Frame-Options' to 'DENY'.
Summary:
Can I auto-login to my site when accessing the site through Facebook canvas
If not, how can the user log into my site through the canvas app?
So basically your problem was just how to call the FB login dialog from within canvas. If you use the URL redirect version, then you have to call it in the top window instance – the login dialog can not be shown in any kind of (i)frame, for security reasons¹
top.location.href=… in JavaScript, or target="_top" for a simple link can achieve that.
¹ User needs to be able to verify via address bar that they are entering their credentials on facebook.com, to prevent phishing attacks.
Related
[Here's a link to the screen recording of the issue.] (https://drive.google.com/file/d/1vebV3izUTfP1o7NyXUP9irPM_oc89phi/view?usp=sharing).
The problem is not, in general, with accessing or logging into LinkedIn. I'm working on an app that uses the LinkedIn OAuth client to allow users to add their LinkedIn accounts.
My app https://notionsocial.web.app/ redirects the user to https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=77hkxxkjkqzq2n&redirect_uri=https://notionsocial.web.app/auth/callback/linkedin&state=state&scope=r_basicprofile%20w_member_social%20rw_organization_admin%20w_organization_social%20r_organization_social, It opens the LinkedIn authentication screen and was working fine a few days ago.
But now, when a user enters his credentials and clicks "sign in," it does not redirect to my website, with or without an error message. But show this page.
It is not related to my LinkedIn personal account; I have tried with different accounts and different browsers. Even a user of my app has encountered this issue on his computer
I have even tried other social scheduling websites and logged on to them using LinkedIn successfully.
But when I tried creating a new LinkedIn developer app and went to the access URL with the new client ID, the same issue occurred.
I have successfully embedded a live streaming with corresponding chat into my Wordpress website.
I wish my website users are able to interact with the chat embedded, but also if a user log in to my website using #gmail address, the chat remains not activated showing "sign in to chat" message.
is there a way to allow site users, logged in with gmail credentials, to interact with the chat directly from my site? I noticed that this only works if you browse through Chrome with an account, but on other browsers it doesn't work.
I want to allow a login that happened on a parent site to automatically allow the iframed site to be logged in.
Here is the specific situation:
I have a site that is a simple login page. After login the user has menu with a series of URLS (all with the same base domain but with different ports).
main.example.com (main site)
main.example.com:14002 (iframe #1)
main.example.com:14003 (iframe #2)
...
The user selects one of the menu items and the url is loaded into the iframe.
The menu is driven off of a database table.
All the URLs will be loaded from the IIS but they all run on different ports so we have good control of being able to restart them and deploy new ones in the middle of the day.
What I am struggling with is finding a way to allow the login of the main site to allow the secure login of iframe sites.
In other words, how can the iframed site securely know the user id of the user that logged into the main site?
These are not arbitrary sites being iframed. We are in control off all the source code.
Here is what we ended up doing:
The master site places a cookie with a token in it using this technique so it is visible to the module site:
document.cookie = "key=token;domain=mydomain.com"
Then the module.mydomain.com site does a web service call into master.mydomain.com website with the token to retrieve the logged in userid.
If there is no cookie or the token is expired the user is presented with a login screen in the iframe window.
When a user presses on the login button via google or facebook, in ios it transfers the user to a
link in safari where the user should complete the login process.
is there a way to complete the login process with google\facebook within the app,
and not send the user to a safari page?
My ios app was rejected saying the login process should be completed within the app and should not transfer the user to a webpage in safari.
is there a way to open the google/facebook login page in the app itself using gitkit?
I assume login from an external webpage in Safari meaning e.g. the default Facebook fallback option for when a user doesn't have Facebook app installed and/or Facebook account logged in, in the Settings app.
We had the same problem with Apple for one of our app. We sent them a response saying "This is how Facebook's iOS SDK works, here's the link to the Facebook iOS SDK documentation explicitly stating the Facebook uses Safari as a fallback option by doing a quick app switch".
Next day, app was approved. I think the reviewer wasn't familiar with the authentication technology, so I think it's worth mentioning to the reviewer, hopefully it's the same case for you.
To login to Facebook without extra UI, you'd need to expect the user to have Facebook logged in, in the Settings app. From our own experience, this wasn't favourable, a number of users had the actual Facebook app installed on their device but didn't know how to login and at the time, we only offered login via the Social Framework (Facebook/Twitter through the Settings App).
What is the right way to find out if a user has logged in to Flickr? I have an iframe in my application which lets user's download their images from Flickr. But if the user is not logged into flickr, then flickr redirects me OUT of the iframe to the yahoo home page.
I would like to do the following:
- Check if the user has logged into flickr, if he has, then download his images in the iframe.
- Else, open a new browser window which will let the user enter his flickr login credentials.
Any suggestions from the experts?
You should use the Flikr API. You need to setup proper flikr authentication in your app. According to the docs, the authentication should flow like this:
Our web based app has the api key
'1234567890'. It has already
registered a callback url for this key
- 'http://viewr.com/auth.php'.
User visits http://viewr.com/ and clicks on the 'login' link.
This link points to http://flickr.com/services/auth/?api_key=1234567890&perms=read&api_sig=2f3870be274f6c49b3e31a0c6728957f.
The user is already logged in to flickr - they are asked if they wish
to allow the application to have
'read' permissions to their photos.
The user clicks 'yes' and flickr updates it's auth database.
The user is redirected to http://viewr.com/auth.php?frob=abcxyz.
-The app makes a background call to flickr.auth.getToken:
http://flickr.com/services/rest/?method=flickr.auth.getToken&api_key=1234567890&frob=abcxzy&api_sig=3f3870be274f6c49b3e31a0c6728957f.
The call returns an auth token '334455'.
The application stores the auth token and creates a session for the
user with a cookie which points to the
user's auth token.
The application makes a background request to the flickr.people.getInfo
to return information about the user,
by calling
http://flickr.com/services/rest/?method=flickr.people.getInfo&api_key=1234567890&auth_token=334455&api_sig=4f3870be274f6c49b3e31a0c6728957f.