I am planning to use Google Identity Toolkit and will integrate only with Google Provider (no other providers and no chance in the future too).
Whatever example I have seen, flow is showing "Email First" option.After providing email based on domain, it takes to identity provider site.
Scenario is, if user is not logged in, user is required to enter his email address twice, first on "Email First" page, then on Google Account Page.
As I have, only Google as provider, question is how can I directly redirect user to Google Account, once he clicks Sign-In button, instead of showing him "Email First" page?
Edited
Now I have little change in the flow, the web site I am working with has been integrated with different companies active directory, so once user enter his email address, based on email domain user would be redirected to required company portal for user verification.
Now web site is planning to allow Google accounts and when user enter email address with Google domain, use should be redirected to Google Account Page. Web site owner, does not want to see "Email First" or "Provider First" screen as this is bad user experiences.
If you specify displayMode: 'providerFirst' in the widget options, it should work as desired.
https://developers.google.com/identity/toolkit/web/setup-frontend#email_first_vs_provider_first_modes
Why not use Google Sign-In for Websites instead? Since Google is your only identity provider, that seems like your best option. You'd also get first and last names on login which Identity Toolkit doesn't provide.
https://developers.google.com/identity/sign-in/web/
Related
If I register with Facebook (x#x.com) and later log in with Google (y#y.com), but I do not have the same email address on both providers, there are 2 users created. How can I handle this situation?
Linking is typically used in three cases:
Automatically requested by the backend for security reasons: when a user signs in to google for example with email x#x and then logs out and tries to sign in with a new facebook account x#x. In this case the backend will not complete the second sign in without verifying that the second user is the same as the first user (since both use the same email). So in this case, the user has to sign to the google account and then link the second facebook account to the initial one.
Manually triggered by the developer: One common case here is that the user signs in to google with email x#x and remains signed in. The developer wants access to the user's facebook friends. So the developer will ask the user to link their facebook account to the already logged in google user.
Upgrading an anonymous user: Developer could automatically sign in users initially as anonymous and then prompt them to upgrade to a registered user. In this case you can call link on the anonymous user.
So auth.currentUser.link can be made on all kinds of users as long as the account you are linking is new and not already linked.
You'll want to use the Account Linking APIs to authenticate multiple providers for the same account. Docs for Web, Android, and iOS are available.
We are partner to another company. We developed an asp.net site with membership as the provider. Our partner company requests the following. The users would log in to their site through their UI. Once the user is logged in, there is a link to our site. They want to bypass our login screen and let the users get into our site after they authenticate the user. Is there any standard for this? I checked openid, but it didn't seem like a quite fit. As far as I understood, in openid, there needs to be a link in our login page saying "Login using Company X". Then when the user clicks that the user is taken to Company X login page. Once the user is authenticated is redirected to the link we provided and the user is authenticated. Our partner company doesn't want the user to come to our login page. I still want to use everything that membership provides such as roles.
You might want to look at Claim Based Authentication.
Basically, you can redirect a user to your Partner Site. The user logins at their site, and then your Partner issues security token.
You can download the book - A Guide to Claims-Based Identity and Access Control, Second Edition - Book Download
Source: about slide is from PluralSight - Identity and Access Control in ASP.NET 4.5
I am developing my site and in my site I want users to login through their
social network credentials like Facebook and Twitter.
How should I track these users whenever they do any event on my site? Suppose a user logs in with Facebook username & password, and now he is redirected to the next page. On that page, we are doing some activity like 'add something'. How to track this?
Is there any procedure for working with this?
The common practice is to associate user's Facebook or Twitter account with your internal account and then track all user activity via your internal account id. If the newly logged in user doesn't have an internal account, then silently create it from Facebook/Twitter data and auto-associate.
Btw, integrating your ASP.Net app with Facebook and Twitter will be easier using Facebook C# SDK for Facebook and Twitterizer for Twitter.
Have a look a the OAuth C# Library
http://www.matlus.com/oauth-c-library/
I am developing an ASP.NET application.
I implemented Facebook API in my application now I want to access email addresses of my friends on Facebook.
I successfully connected Facebook with my application, but when I use FacebookApi.friends.GetList() it will give only friends userids then I will fire a FQL for each friend userid to access email but some time I got blank instead of email address.
Can someone help.
Which is best way facebook rest API or graph API?
The answer is almost certainly that one of the following is true:
The user hasn't shared an email address with Facebook
The user has placed you in a privacy group they deign to share their email address with
The user has set their privacy settings to not share their email address at all
If any of these are true, there's nothing you can do to resolve this short of asking your friends to change their privacy settings.
You need to ask for permission "email" to access email address of any user using your app, the reason why you are getting some email addresses is because few of Facebook users relatively have less restrictive privacy settings.
I want to support the following scenarios on my ASP.NET MVC website:
First time visitor wants to
register, via facebook connect. I'd
like the user to have an entry in my
user membership table - so I have
them enter a username/password
(email gets populated via facebook
connect).
Registered user returns to my
site, logged into facebook already.
I'd like my site to see they're
logged into facebook already and
auto log them into my membership
system.
Registered user returns to my
site, but is not logged into
facebook. I'd like to give them two
options: to log into my site
directly or use facebook connect.
Extra:
After a user has connected their
facebook account to my site, I'd
like to use their facebook profile
photo throughout my site where the
user has participated.
I'd also like to post a bit of text, maybe even a photo, to the user's wall (when they perform an action of course).
Couple questions:
What should I store to tie the user's id in my membership system to their facebook account? I'm assuming it would be their facebook user id.
Can this facebook C# SDK handle these scenarios?
Yes you would store their Facebook Id and Yes the API can support this.