I am using Google+ SignIn in my website, and utilizing server-side SignIn flow, as documented here.
After sending token to my server, i manage the User Session, by my own code and SignIn button or Script, doesn't appear in subsequent pages.
However, i have a logout button, that takes user out, but i don't know how to logout him, from Google+ at same time, preferably on my logut page.
NOTE: I want to logout user from my app, not the Google Services.
We don't think it's a good experience for your site to be able to log the user out of all Google services. Consider how annoying it would be for a user if all of their Google tabs (like GMail and Youtube) stopped working because they clicked a button your site.
We think you should offer a logout button that logs the user out of just your site.
Related
I've recently been seeing this all over the web these days:
Earlier we used to have sign in with Google, Facebook, Twitter, etc., buttons using OAuth and what not but this something new as this is very much aware of all the accounts that you are logged in with on Google in your browser and all you have to do is to just click the click on the one you want to use.
I am curious to know what is this called, What technologies does it use and how can I incorporate this into my own websites?
Google uses OAuth 2.0 only for third-party authentication using its accounts.
But the JS that is responsible for initiating this flow is improvised. It now detects the state of signin, and shows the list of accounts that are already logged-in or were logged-in at this device. The user selects one of the accounts, and from there the sign-in process is the same standard OAuth flow.
Reference:
https://developers.google.com/identity/sign-in/web/sign-in
https://developers.google.com/identity/sign-in/web/session-state
On my website, the user can log in through Facebook.
I have also created a Facebook canvas app which consists of a small part of my website.
Through the Facebook canvas app, the user can access certain features of the site regarding their site account.
It works great when the user accesses the FB app while already being logged into the site.
However, if the user accesses the FB app while NOT being logged into my site - how do I log them into my site through the app?
It would be ideal if I could somehow automatically log them into their account when accessing my site through the FB app.
If that isn't possible, I would like the user to be able to log into my site through the Facebook app.
However right now when I redirect to the oauth login I get the following error:
Refused to display
'https://www.facebook.com/dialog/oauth?response_type=code&client_id=…nLpHx7N5X--Q'
in a frame because it set 'X-Frame-Options' to 'DENY'.
Summary:
Can I auto-login to my site when accessing the site through Facebook canvas
If not, how can the user log into my site through the canvas app?
So basically your problem was just how to call the FB login dialog from within canvas. If you use the URL redirect version, then you have to call it in the top window instance – the login dialog can not be shown in any kind of (i)frame, for security reasons¹
top.location.href=… in JavaScript, or target="_top" for a simple link can achieve that.
¹ User needs to be able to verify via address bar that they are entering their credentials on facebook.com, to prevent phishing attacks.
I need a help or guide on this:
I am making a facebook app and I wish it to make in meteor.
When user opens my app, it automatically authenticates the user with facebook and pop ups dialogue box. And when user is authenticated or connected to facebook I want to save the user to meteor's user collection and set current user to facebook user.
I am new at meteor and didn't find a head point for this. Hope someone will guide me out.
Thank you..
I think automatic authentication is a bad practice both from UI perspective and from user perspective. If i open something, I want to be able to decide for myself if I want to authenticate a third party application with facebook so I'd have a button that promps people to signup with Facebook. You'll need:
accounts-password
accounts-facebook
service-configuration more info
Read through that flow and there is an example of setting a singup event up.
When a user presses on the login button via google or facebook, in ios it transfers the user to a
link in safari where the user should complete the login process.
is there a way to complete the login process with google\facebook within the app,
and not send the user to a safari page?
My ios app was rejected saying the login process should be completed within the app and should not transfer the user to a webpage in safari.
is there a way to open the google/facebook login page in the app itself using gitkit?
I assume login from an external webpage in Safari meaning e.g. the default Facebook fallback option for when a user doesn't have Facebook app installed and/or Facebook account logged in, in the Settings app.
We had the same problem with Apple for one of our app. We sent them a response saying "This is how Facebook's iOS SDK works, here's the link to the Facebook iOS SDK documentation explicitly stating the Facebook uses Safari as a fallback option by doing a quick app switch".
Next day, app was approved. I think the reviewer wasn't familiar with the authentication technology, so I think it's worth mentioning to the reviewer, hopefully it's the same case for you.
To login to Facebook without extra UI, you'd need to expect the user to have Facebook logged in, in the Settings app. From our own experience, this wasn't favourable, a number of users had the actual Facebook app installed on their device but didn't know how to login and at the time, we only offered login via the Social Framework (Facebook/Twitter through the Settings App).
I have an ASP.NET MVC application which uses Google+ sign-in to authenticate the user. The flow is as follows;
User accesses controller action decorated with [Authorize]
attribute, forms authentication is configured so the user is
forwarded to the log in page.
User clicks the Sign In with Google+ button and the server side flow is initiated as per guide
Server receives the Google tokens which are used to authenticate the user, logging them in and returning the standard asp.net auth cookie in the response. The user can then access the site with the cookie.
Now, if I go through the usual asp.net forms log out process of clearing the user's cookie/session there's a problem. If they attempt to access the application after they've logged out but are still signed into a Google product in another tab, they'll be re-directed to my login page. The Google+ sign-in button will automatically sign them back in again initiating the whole sign in process and getting a brand new asp.net cookie!! The only way to truly sign out is to ensure you are not signed into any Google products still and then attempt to sign out. Not exactly user friendly. I guess the same thing happens with all Google products, if I'm signed into Gmail and open Docs, I'll get signed in automagically. The difference being if you sign out of one, you'll sign out of all Google products. I think.
There is currently not a supported means of logging the user out from your site. What you can do is force the user to click the Google+ Sign-In Button before they will be authorized unless you have set a cookie on their client indicating they are signed in (or enrolled, if you want to distinguish between the sign-in action and being signed-in). You can look at this question:
how do i sign user out of my app?
or this question:
Preventing automatic sign-in when using Google+ Sign-In
for discussions on this topic on stack overflow and answers to similar questions.