I currently have a Javascript that enables me to identify the three states of the user visiting my site:-
Not logged in to Facebook
Logged in to Facebook but not connected to my app
Logged in to Facebook and connected to my app
This is great and works wonderfully, except that I have three different bits of content to be displayed for the three types of status and currently we load all three states into the DOM and use jQuery to display the correct version as soon as the status of the user is understood.
Loading three different content types only to ever display one is not a very good way of doing things. I have two options:-
Use the Facebook SDK to get the same information server side
Use AJAX to load the correct content
So, my question: Is it possible to determine the three states that I've listed above using the Facebook PHP SDK?
FB.getLoginStatus(function(response) {
if (response.authResponse) {
FB.api('/me', {accessToken: response.authResponse.accessToken}, function(user) {
//connected to the app
});
} else {
if (response.status == "not_authorized") {
// logged in but not connected
} else {
// not connected to Facebook
}
}
});
Any help on this much appreciated because I'm a bit stumped after many hours of trying.
Take a look at the session variables.
I seem to remember that if the user is logged in but hasn't authorized your app that the access token will be your app's access token instead of a user access token.
Also take a look at the example from Facebook's PHP SDK on how to use it along with the JS SDK making sure you have cookie:true set for the JS SDK.
Related
I am currently trying to implement an oauth flow within a Teams Messaging Extension. I use ASP.NET and I managed to make the sign in process work, by using the sign in card recommended by Teams.
ComposeExtension = new MessagingExtensionResult
{
Type = "auth",
SuggestedActions = new MessagingExtensionSuggestedAction
{
Actions = new List<CardAction>
{
new CardAction
{
Type = ActionTypes.OpenUrl,
Value = authUrl,
Title = "OAuth"
}
}
}
}
This card has a button that opens a specific popup window (a Teams webview) which I can relocate to the oauth authentication page of a third party site.
All this goes very well, but when the user tries to log out, in my case it is not enough to just revert the tokens I got from the server, I also need to navigate the user to the third party site's /forcelogout subpage in the exact same webview which I used in the sign in process, to make sure the cookies related to the previous login session are getting deleted. By this I can prevent the login form getting auto filled and submitted when the user tries to sign in the next time they use my Messaging Extension.
My problem is that I can not find any way to open that exact webview from the Messaging Extension (this problem only occurs on the Teams Desktop Client, since the web version of Teams uses browser tabs instead of webviews and iframes). I tried using Task Modules, the dialog module, adaptive cards but none of them could open that specific webview that has the cookies for the login form.
Do you have any solution for this?
Authentication provider could receive an optional parameter to always prompt the auth-form by neglecting the cookies.
Using this way there is no need to open any webview when the user logs out.
I have create an app to achieve login-with-linked-in functionality. Previously it worked fine, but all of a sudden it stopped working.
Previously if user already logged-in to LinkedIn, clicking the login-in-with-linkedIn button will lead user to there corresponding dashboard, otherwise login-popup open and user details get saved in db and user redirects to corresponding dashboard,But now nothing happening.
Note:- I have used my custom button to use this functionality. not the linked-in provided button code.
Here is my code and app creation steps:-
Button code:-
<?php echo Labels::getLabel('LBL_Linkedin',$siteLangId);?>
Javascript sdk code:-
<script type="text/javascript" src="//platform.linkedin.com/in.js">
api_key:*********
authorize:true
</script>
<script>
function doLinkedInLoginForBuyer(){
IN.User.authorize(function(){
onLinkedInAuth();
});
}
function onLinkedInAuth() {
IN.API.Profile("me").fields("email-address","first-name","id").result(function (data) {
processLinkedInUserDetails(data);
}).error(function (data) {
$.systemMessage('There was some problem in authenticating your account with LinkedIn,Please try with different login option','alert alert--danger');
});
}
processLinkedInUserDetails = function(data){
data = data.values[0];
fcom.ajax(fcom.makeUrl('LinkedIn', 'loginLinkedIn'), data, function(t) {
var response = JSON.parse(t);
if(response.status ==0){
$.systemMessage(response.msg,'alert alert--danger');
}
if(response.status ==1){
location.href = response.msg;
}
});
};
</script>
Note:- It seems that onLinkedInAuth() as well as processLinkedInUserDetails() functions are not called at all now. Previously they worked fine.
Let me know if any other details are required. Thanks!
After a long discussion with LinkedIn Customer Support they just said that they didn't support API-related issues. They asked to buy a premium account for any kind of technical support
Also I come to know that they stopped giving support for Javascript SDK.
Check here:- JavaScript SDK is not currently supported
Solution:- Now I followed the below post and make it work:
https://www.codexworld.com/login-with-linkedin-using-php/
Visit LinkedIn Developers page and log in with your LinkedIn account credentials.
Click the Create app button to create a new LinkedIn app.
Provide the information about your app and click Create an app to submit the app registration form.
App name – Name of the application.
Company – Name of your company.
App description – Workflow of the application.
App logo – Logo to display on the OAuth dialog.
Privacy policy URL – URL of the Privacy Policy page.
Business email – Your email address.
Products – Select the products that you’d like to add to your app.
On successful app creation, the page will be redirected to the App settings screen.
Switch to the Auth tab » Scroll down to OAuth 2.0 settings section.
Specify the redirect URL in the Redirect URLs fields and Update the App settings.
Note: The Redirect URLs must be matched with the Redirect URL that is specified in the script.
In the Application credentials section, you will see the Client ID and Client Secret of your LinkedIn App. The App ID and App secret need to be specified in the script at the time of the LinkedIn API call.
Now you have to create PHP code that will call linked-in API with the help of Client ID and Client Secret.
Kindly check Php code of thread for example.
I have seen the recommended method of
Meteor.users.update({}, {$set: { "services.resume.loginTokens" : [] }});
to logout a user, but that only works when the page is refreshed.
I'm looking for a way that when I remove the user from the database, it logs out the user. I need the following code to force a logout on the client IF the client was logged in for that user. I cannot wait for the user to refresh the page.
Meteor.users.remove({_id: this.userId})
EDIT:
I have verified that this behavior in on my angular pages and not when I'm on a Meteor template. When I am on a Meteor template, it seems to work, but when I move to an angular route it stops behaving as required.
You need to be using something reactive that is tied in to checking who the current user is.
If your using iron router, there is examples of using login mappers to redirect users to login pages when the user is unauthorized.
Something akin to
if(!Meteor.user()) { window.location = '/login'; };
If you delete the user from the users table, that will invalidate and redirect you.
Obviously you would need to have conditions that protect certain areas from invalidating this - but the general idea is in just using reactive variables.
I wanted to implement a LinkedIn sign in button and came across with below URL with a simple guide how to implement it.
https://developer.linkedin.com/documents/sign-linkedin
<script type="text/javascript">
function onLinkedInAuth() {
IN.API.Profile("me")
.result( function(me) {
var id = me.values[0].id;
// AJAX call to pass back id to your server
});
}
</script>
From the guideline given, it mentioned that after user has successfully signed in to their linked in account a JS callback function can be executed and profile details of the user can be retrieved.
It did mentioned as well that basically you can pass the linkedin id of the user to the server and it can be used to identify the user and eventually authenticate.
For this method, i find it less secure since anyone can probably get someone else linked in ID. How do you guys enhance the login flow to make it secure?
I really appreciate any input.
Thanks!
Even if someone was able to retrieve the ID, it would be useless to them.
User IDs via the API are different from the IDs you see on the linkedin website, as they differ from application to another. So even if the user had access to the ID, they will still need to have access to your application's keys (Consumer key and Consumer secret)
I hope this helps.
I'd like to use the Meteor.loginWithGoogle() tool to authenticate users, but is there any way to limit it to a specific (Google Apps) domain?
I could check after the user is authenticated using the returned email, but is there a way to do this at the login stage with some parameter for Google login?
I dont think its possible right now.
There is a pull resquest to partly add that functionality: https://github.com/meteor/meteor/pull/1332
The issue with that pull request seems to be that it only fixes the client side of thinges (ie. it only shows accounts from the selected domain when the user logs in).
But it does not add any server side checks.
Im using the following workaround:
In a .js file in the sever folder I have the following code:
Accounts.validateNewUser(function (user) {
if(user.services.google.email.match(/example\.org$/)) {
return true;
}
throw new Meteor.Error(403, "You must sign in using a example.org account");
});
This prevents accounts from being made for domains different from example.org.
If you want to only allow certain users from your domain, you could also add a whitelist collection that defines user ids from your Google Apps account. This way you can restrict access to only certain users, get single sign-on functionality, and can pre-set user roles and properties for your app before users even create their accounts.
Use the Accounts.onCreateUser(function(options, user){}) callback for that since it allows you to define additional user properties.