Why isn't my LinkedIn API authorization method working? - linkedin

I'm following the authorization instructions but I can't figure out how it's supposed to work. I'm sending a request to https://www.linkedin.com/uas/oauth2/authorization, and passing the required fields. The call succeeds and returns some authorization html, which I display, and it looks like this:
But the form containing the Allow Access button has an action of /uas/oauth2/authorizedialog/submit, and so clicking it fails, because there's no domain specified. Clearly it's supposed to be displaying some sort of authorization on the LinkedIn site, not my own. What am I doing wrong?

Argh, what I was doing wrong was trying to download the contents of the authorization url page, instead of simply redirecting to it. Redirecting to it does open the page on their site, and I can authorize, and then be redirected back to my own callback.

Related

Get Jwt Payload from Google Sign-In without default Google popup

I'm trying to use Google Sign-In from my web application (asp.net vb.net).
Following the tutorial that Google provides, and using Google API libraries for .NET this is an easy task.
https://developers.google.com/identity/sign-in/web/sign-in
Now the result of this approach is that I check on the client for a googleUser.getAuthResponse().id_token which is a JWT and send this to my server side code with ajax for validation and to get the payload with the Google unique user Id and other infos.
All this happens on the same page, with a popup from Google, triggered by the default button they provide in the tutorial.
What I'm trying to accomplish is to obtain the same JWT (id_token) without the popup, but actually issuing a redirect to Google, when the user clicks on a custom "Log in with Google" button.
Sadly all the example I found, even from Google itself, involve a much more complex interaction where you get a code from the server, that you then have to exchange for temporary and refresh tokens, and so on.
While the client side approach with the popup window they provide, gives you immediatly the JWT token in response, not that code to request the token, that you have to validate then (I do this with Google .Net APIs with GoogleJsonWebSignature.ValidateAsync(externalToken) and retrieve the payload that way).
Looking at the urls in the popup, what I noticed that differs from all the examples I found that serve you the "code" for token exchange, are those parameters: flowName=GeneralOAuthFlow and response_type=permission%20id_token
While the examples you find for server to server transaction all include calling Google with response_type=code
I tried tampering a bit with the popup url to let it open in a new full window, copying and modifying the url but with not much success. I'm redirected but without the id_token parameter.
Any hint would be much appreciated since I'm not able to find any documentation on response_type=permission%20id_token to query Google service.
Thanks in advance
For anyone interested... I found a solution. The url to redirect to is:
https://accounts.google.com/o/oauth2/auth?response_type=id_token&redirect_uri={0}&scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile&client_id={1}&state={2}
Where
{0} is the redirect url on your server, registered inside google console for this client_id
{1} is your Google client_id
{2} is some querystring or variable you want back to your server when the redirect happens
It works... it gives you back directly the id_token that you can verify with Google .NET APi with GoogleJsonWebSignature.ValidateAsync(id_token) and get as a result a payload (you have the payload class in Google Api .NET as well).
Only issue is that when Google comes back to your redirect url with the id_token in the querystring, it uses hash (url fragment #) so nothing is passed to the server.
There are workarounds with js to get the value and send to the server with ajax or redirect to the same page replacing the hash with ? but this is very annoying.
I imagine there are serious security reason for google to do this but from a dev standpoint is really a pain.
Instead of all those hacks i resorted to the longer way requesting response_type=code instead of the id_token, which returns a canonical querystring with ?code=...
If anyone knows how to get beck the id_token without the hash in the url it would be great.

Callback URL - Social Logins

Can someone explain what the Callback URL is and what exactly it's used for?
I'm setting up Social login for my WordPress website and in Facebook and Twitter it asks for a callback URL.
At the moment i have left these blank and it works fine but was wondering what exactly are they used for?
I've read on other websites that it should be set like this:
http://mywebsite.com/user/facebook/login
But I don't understand what to use it for.
Is it to redirect the user to your site after they login via their social accounts? If that's the case, doesn't it do that without a callback URL?
Is it to redirect the user to your site after they login via their social accounts?
Yes.
If that's the case, doesn't it do that without a callback URL?
How would it know where to redirect back to, if that information wasn’t passed to it in the first place?
The callback URL is passed as a parameter in the login dialog call. That allows the login provider to a) redirect back to the app, and b) check if the app is even allowed to perform login under that URL.

Redirection not working with JQuery Mobile

I am running a DNN7.1 website. I have a regular website. I added a page which acts as login page for mobile users. I am using JQuery Mobile 1.3.2 on the mobile pages including this mobile login page. If the user navigates to that page and enters username and password, it works correctly and redirects them to the correct page sent on the url using a querystring, example:
http://localhost/Mobilelogin?url=http://localhost/somePage
it correctly redirects to
http://localhost/somePage
Now I want to add capability where user can directly send his username and password along with the url that he wants to navigate, the login page should authenticate using the username and password provided and once successful redirect it to the url (using asp.net Response.Redirect method), in the format
http://localhost/Mobilelogin?u=username&p=password&url=http://localhost/somePage
The issue is, it works fine if the user is not logged in but if he is already logged in and then uses the same url, (which has username and password) redirection doesn't work. I tried disabling the ajax using following code, as I read redirection and JQM doesn't work well.
$(document).on("mobileinit", function () {
$.extend($.mobile, {
linkBindingEnabled: false,
ajaxEnabled: false
});
});
But it still is not working. Can anyone please let me know what I need to do to make this work.
I tried debugging the login module, which is written in c#, when the user enters the url when not logged in, it calls the page load and hits the break point but when logged in and enters the url the break point is never hit. It looks like browser is not even contacting the server. I am new to JQM, I thought disabling the ajax globally will always hit the server to get the information. Is that not how it works? How can I make the redirection work in my case. Any help is greatly appreciated.
You need to be aware that by default, jQuery Mobile uses AJAX to load page content and does not "redirect" as per normal.
You should read the FAQ's as these provide useful information: -
http://view.jquerymobile.com/1.3.2/dist/demos/faq/
Specifically: -
.. it will only inject the contents of the response's body element (or
more specifically the data-role="page" element, if it's provided),
meaning nothing in the head of the page will be used
http://view.jquerymobile.com/1.3.2/dist/demos/faq/scripts-and-styles-not-loading.html
This might explain why your script doesn't execute, as if it's in the <head> it's not being loaded.

c# Facebook SDK, get token to write to my Page Wall

I need to write from my site to my Facebook page.
I am using this c# SDK: enter link description here
I found the Facebook documentation : enter link description here
To make this operations, i need to get a token before, like documented here (Page login section) enter link description here
If i try to type the url in the browser, like in the example and using my application data, the token will be give me back in the URL.
This is the sample url that will return my token in the url:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=manage_pages&
response_type=token
My question is: i'm using asp.net MVC, how can i call this url and get the returned token (from url); WebResponse method does not let me to have the returned url.
which class and method should i use into my controller?
tks
i solved bypassing this step.
I manually get the token for the admininistrator of the page and after i can obtain the token of every page administrated by the user.
Then i store it into web.config (application settings).
With this token i can publish to my wall from my server when i want.
See FB Page Section

Global routing parameter in ASP.NET MVC

When a user clicks on a link, I want to log some information. I can't do an AJAX request because if they clicked on a link, the page will unload (since they're going to a new page), and I don't want to force them to stay on the page until a synchronous event finishes.
So one idea I had was to add a parameter to the url. I.e. the urls would be actual/action?actualParams&infoIWantToLog=data. Then I could strip off the info I want to log, log that, and then pass off their URL to the action which they actually wanted to go to. Is this possible to do with MVC routing?
Typically tracking URLs send the user to a specific page (or action, in this case), say, /Track, and then pass the parameters to log (including the URL to send the user to) through the querystring.
For instance, go to Google and search on a term. Right click on a result and copy the URL. Now paste it into Notepad. You'll see that it's not a direct link to the search result, but rather to a Google tracking page. For instance, when I search for asp.net and click on the first result (for www.asp.net), this is the actual URL Google sends me to:
http://www.google.com/url?sa=t&source=web&cd=2&ved=0CDcQFjAB&url=http%3A%2F%2Fwww.asp.net%2Fget-started&rct=j&q=asp.net&ei=BauTTIuCDIaWsgOHgo3ACg&usg=AFQjCNGR6cOBKtUWIKZs9jnpz0vYRDu_EA&sig2=r2q31zniuxHQ4Y6BIoudow&cad=rja
That page logs my click and then redirects me to the www.asp.net website.
Your Track action would do the same thing. You'd create a Track controller with an Index action and then in there you'd parse the querystring, log the information, and then return a RedirectResult to the URL you want to send the user.
Make sense?

Resources