HybridAuth not working - User profile request failed(Google) - wordpress

I'm using SocialLogin plugin for WordPress which relies on HybridAuth for authentication. However, when I try to login with Google, I get "User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again." error. I've tried Googling the solution, unsuccessfully.
Also, when I try to login with StackOverflow or Yahoo! I get Unspecified error!

I came across this issue also ...
Your question is more than an year old but here you go the solution:
Go to https://console.developers.google.com/ and activate Google+ API access.
That worked out for me!

It generally occurs to me in two conditions.
Session lost when you use for example back button or directly visiting the page instead of visiting via link.
Some times you need to clear your cache, logout and login to site but clean logout
generally fix.
I also want you to know that Hybrid Auth is a dead project.

Related

'Token has been expired or revoked' - Google OAuth2 Refresh token gets expired in a few days

I am using Google Analytics API to fetch analytics data. I tried to authenticate it using following steps:
Created OAuth client ID in https://console.developers.google.com/ credentials section.
In consent screen I had set publishing status as testing
In OAuth 2.0 Playground I got the refresh token using above generated client id and client secret
Then I am using it to generate access token through it.
But after a few days, the refresh token expires although it is mentioned that the refresh token's validity is life long.
If your app is in testing mode then user tokens will expire in 7 days. Please find this explanations here: https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting
I needed to send mails from a gmail account that I have access to, using nodemailer. It works for a couple of days before my refresh token is mysteriously revoked, even though the account belongs to me. A google search brought me here and I had been watching for a while hoping someone would help with a solution.
As you mentioned, this seems to happen with only test/unverified apps and I'm guessing google revokes tokens for such applications in your account after a few days. After much trials and errors, here is what I did.
NOTE: This is solution is only applicable to accounts you own, otherwise you must verify your app to access other people's accounts
Generate a new refresh token (existing one is most likely revoked) as described in this SO post
Go to the security tab of your google account dashboard
Under the Recent security activity section, you should see a security alert for your app.
Click on the context menu next to the notification and click DISMISS
At this point you'll be presented with a dialog of options where you indicate the level of trust you have for the app. I just went ahead and said I trusted the developer/app, obviously. And that's it! The refresh token should persist after this.
I could not find anything related anywhere else.
The other answer pointed me in the right direction but for me the option was located somewhere else: security > security checkup/security issues found > context menu next to your app > dismiss
This issue seems to be for unverified apps, Simply delete the token file from your project and rerun the project, it will create a new token.
My problem was when I've added access_token instead of refresh_token.
What I did:
Go to https://console.cloud.google.com/apis/credentials/consent and change from the testing status to published.
Delete the current token file.
Authorize the API again by signing into your gmail account. You will be sent to a warning screen. From there, you can choose to proceed.
When done you'll get a new token file
The solution is to delete your token.json file to force Google to find a new token.
I was able to get it to work WITHOUT a verified app. Perhaps the refresh() method will work once my app is verified. Not sure on that one.

The security token did not match. The request was aborted to prevent any security breach. Please try again

I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:
if I create a new user from the backend, this doesn't appear in the _users table;
a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.
Did my website get hacked? How could I fix it?
".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.
Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.
Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.
Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected
Nothing you say leads me to believe your site is hacked
The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like
mysite.com/index.php/component/users/?view=login&Itemid=yourid
which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password.
Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend.
Went back to the frontend and clicked on login, I was now redirected to a different url that looks like
mysite.com/login
where "login" is the alias that I had chosen for the Login menu item.
After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.

Why is authentication not working on own domain but working on firebase's domain?

If you go to https://wfolly.firebaseapp.com/, you'll be able to log in with Facebook by clicking "Iniciar sesion". You'll then see your name next to the log out text "Cerrar sesion - YOUR FACEBOOK NAME".
However, while auth works on wfolly.firebase.com above, it does not work on https://debatenomasafp.org/, my own domain connected through Firebase Hosting to Firebase's own wfolly.fire(...) URL.
"Does not work" means you won't see your name next to the log out text "Cerrar sesiĆ³n", and generally won't be able to interact with the website as if you were logged in.
What is wrong? Why are they not behaving identically?
I know the deployment version is the same in both sites because the current deployment reflects a late change in both URLs, not just Firebase's.
Authentication also works fine on localhost:8080 pre-deployment.
It may or may not be relevant that I am using Re-Base (github.com/tylermcginnis/re-base) for authentication requests.
Kato, in the comments above, gave me the answer through Slack.
I simply had to authorize the new domain in Firebase's console's "OAuth redirect domains" setting, under "Authentication".
Just adding to the answer above. Thought an image would be helpful ;)

"https://www.google.com/accounts/Logout" clears all the google cookies in browser

I am trying to use Google as OpenID.
Users can successfully login to my site using their Google email.
Problem: They can't sign out successfully from it.
When user clicks sign out button in my website, i can only clear the cookies issued by my site itself but not the cookies issued under Google.
I have googled as well as read many article in stackoverflow. The solution i found is that i can't delete Google cookies myself. In order to delete that cookie i have to redirect my Page to https://www.google.com/accounts/Logout which cleans the Cookies issued by Google in my browser.
Another Problem begins: That url clears all the google cookies in the browser.If the user is login in other sites using Google as OpenID or even gmail at the same time in the same browser, their cookies also get deleted while logging out of my site.
Is there solution to it?
For Demo Try following steps in your own brower:
1- Login Gmail with your own authentication
2. then Click on https://www.google.com/accounts/Logout.
What will happen is your gmail account will be logout automatically.
As far as what I understand from your post, you want to log your users out of Google. For which you can use https://www.google.com/accounts/Logout without a problem.
You can use the following function to do it for you:
var logout = function()
{
document.location.href = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://stackoverflow.com";
}
where you should replace http://stackoverflow.com with your home page.
This should help you get your job done.
Here is a sign-out URL from all Google account, which is working fine for me:
https://accounts.google.com/Logout?continue=https%3A%2F%2Faccounts.google.com%2FServiceLogin%3Fsacu%3D1&il=true&zx=icxpgruz0yao
Hope it will help you.

Get reason for login prompt when using asp.net membership

I have an asp.net website using the SQL ASP.net membership system. When users are logged in to the website and are inactive for 20 minutes, they get sent to the login page on the next page request. I would like to show some text on the login page that says "you were logged out due to inactivity" when this happens. Is there a built-in way to do this? Or any other ways I could distinguish why the user has been sent to the login page (for inactivity or some other reason)? I have scoured SO and Google but haven't been able to come up with anything.
The reason we need to do this is because we recently migrated from a previous version of the website that was lax about security and didn't have auto logout, so we're getting lots of feedback from users thinking there's something wrong with the website when they are prompted to login again.
Thanks in advance.
It is better to use javascript for this and be proactive about it, showing the timeout remaining if possible otherwise just alerting the user with a messagebox showing that his session has timed out and then redirecting him to the login page. Have a look here for a simple example.
To redirect him to the login page add the following to the below line as in the example:
alert("Your current Session is over."); window.location = "YourLoginPage.aspx";
For purposes of closure, I'll answer my own question. I couldn't find a clean way of doing what I'd like, so I ended up setting a cookie with the login time after the user logs in. Then on the login form page, I see if the login time in the cookie is greater than 30 minutes old (my auth timeout in asp.net) and display a "logged out due to inactivity" message. Otherwise it doesn't display the message.
Not great, but it seems to work. Satisfies the requirement for the vast majority of our users.

Resources