I've looked over hundreds of answers for similar issues to this but can't find anything that seems to help.
I'm running the latest version of the PHP SDK and a login to facebook button which has a generated link from getLoginUrl().
Running on my development laptop and logged in as the application developer it passes me back to the redirect url (Both the callback url when calling getLoginUrl() and the URL set in my application settings are exactly the same) I then do a getUser call which will function in these circumstances.
If i try the same process using my Iphone on the same network, logged in as the same user on facebook getUser() returns 0.
It also does the same for any other user trying to login with facebook.
Sandbox mode is disabled.
my app domains seem to be set up correctly.
I'm really unsure of what to do next.
Many thanks for your responses guys - Turns out the issue was i was sending the request from one page and redirecting back to another. This seems to upset facebook (I'm guessing it will only re-direct back to the page it was called from).
That solved the problem anyway - but many thanks for your responses.
First make sure you are maintaining sessions in your scripts with:
session_start();
at the top of your php file.
Next use something like this to test if you have a fb user and if not, redirect them to the oauth, which will just renew their token if they've already authorized by it's expired.
require_once('facebook/fb.inc');
session_start();
if (!$fbUser) {
$loginUrl = $facebook->getLoginUrl(
array(
'scope' => 'email,publish_stream,user_location',
'redirect_uri' => 'http://scubadivinglog.org/php/fblink.php'
)
);
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
exit;
}
Hope this helps. Let us know and if not post the code you are using.
Related
I am implementing discord oauth2 in nextjs and I am having a problem when I deploy to amplify, it works fine in my localhost but it fails in production, my implementation looks like this in the profile page for someone to link their discord account
<a className="text-indigo-800" href={`https://discord.com/api/oauth2/authorize?client_id=${NEXT_PUBLIC_DISCORD_API_ID}&redirect_uri=${NEXT_PUBLIC_DISCORD_REDIRECT_URI}&response_type=code&scope=identify`}>
{" "}{userData.discordUsername || 'Link account'}
</a>
this creates a link that someone can click and they are taken to discord to authenticate, till there everything seem ok, the problem comes now when discord redirects to /api/verify-acount
which looks like this
const discordLink = async (req: NextApiRequest, res: NextApiResponse) => {
console.log("query", req.query);
}
as you can see I ended up knowing the error was here coz I logged req.query which return an object in localhost with the code for user query { code: 'somecode' } but in amplify after going to couldwatch to see the logs then the object is empty
this ends up messing up everything from there as the code is not available to verify and get user details to store in the database.
what I don't know is exactly what caused this error.
I hope someone has idea and will be willing to help thanks
the issue was actually weird and I still don't understand why it had to happen
but my redirect domain was https://subdomain.domain.zyx which amplify accepts and redirects requests to https://www.subdomain.domain.zyx which is the accepted link in the browser (users will always see this even if they enter the first URL) coz of the explained scenario (no www prefix for one of them)
so I was requesting to link discord from https://www.subdomain.domain.zyx and discord would redirect to https://subdomain.domain.zyx and AWS would redirect to https://www.subdomain.domain.zyx so what I still don't understand is where the query params got lost in these steps but after changing redirect URL in discord to https://www.subdomain.domain.zyx then everything works fine now
earlier in 2015 i started creating a website with drupal 7 that imports instagram-content (images, likes, comments etc.) via Drupal Feeds. Everything worked finde, but the projects stopped then.
Now it seems we start that again but suddenly the import is not working anymore. I always get the following error:
{"meta": {"error_type": "OAuthPermissionsException", "code": 400,
"error_message": "This request requires scope=public_content, but this
access token is not authorized with this scope. The user must
re-authorize your application with scope=public_content to be granted
this permissions."}}
I didnt had to send the "public_content" earlier, so i was just sending "basic"-scope access. And as i said, everything worked well.
Now i inserted also the scope for "public_content" along with "basic" within the oauth-Module for feeds. But still getting the error-message above.
Any hints on that?
Thanks in advance and regards,
Fab
This is due to a Instagram Platfrom Update
You'll have to add public_content scope as Joshi has pointed out - and also you'll need to renew your auth token in the settings page.
Then you'll be good to go.
Here is the solution:
Use following code in instagram_social_feed.module
Function: instagram_social_feed_settings()
if (variable_get('instagram_social_feed_client_id', '') != '' && variable_get('instagram_social_feed_redirect_uri', '') != '') {
$form['authenticate'] = array(
'#markup' => l(t('Click here to authenticate via Instagram and create an access token'),
'https://api.instagram.com/oauth/authorize/?client_id=' . variable_get('instagram_social_feed_client_id') . '&redirect_uri=' . variable_get('instagram_social_feed_redirect_uri') . '&response_type=code&scope=public_content'
)
);
}
This will solve the issus
Ok, i'm integrating simpleSAML with symfony as an sp, for my own reasons I don't want to use the sp bundle.
I've setup simplesaml in /simplesaml, as per instructions, and it works a charm.
I'm able to test it with a simple web site test.php, where i do this
$as = new SimpleSAML_Auth_Simple('google');
if($as->isAuthenticated()===false){
$as->requireAuth();
}
$attributes = $as->getAttributes();
print_r($attributes);
and that works fine, but if i flip it over to my symfony site, i can see symfony resetting the php session cookie, so i assume that it is not able to find the one set by simplesaml.
I tried the same above code in my logincontroller to see if i could get my idp supplied data, i can not, it bounces me through my IDP login and lands me on the simplesaml page, which gives me 'State information lost'
Any help appreciated.
'State information lost' is pretty generic. The documentation provides a check list of things that can cause the problem
Hostname changes. If you visit https://www.example.com and your metadata says https://example.com then the cookie created on the initial visit won't be available.
Move between HTTPS and HTTP.
Mismatch between the cookie settings (name, path, domain, etc) for SSP and symfony
The SamlTracer plugin for firefox is useful in deciphering what SAML messages are being exchanged, including what attributes the IdP is sending.
I have a PL/SQL application which has a log out button with following code being executed when log out button is clicked:
-- Open the HTTP header
owa_util.mime_header('text/html', FALSE, NULL);
-- Send a cookie to logout
owa_cookie.send('WDB_GATEWAY_LOGOUT', 'YES', path=>'/');
-- Close the HTTP header
owa_util.http_header_close;
-- Generate the page
htp.p('You have been logged off from the WEBSITE');
htp.p('click here to log in');
htp.p('<BR>bye');
It works perfect when using internet explorer, however when I use mozzila when I log back in I am still logged in as previous user. Has anyone else been in this situation? How can I make this work for mozilla as well?
I got this code from oracle documentation page:
https://docs.oracle.com/cd/B13789_01/server.101/b12303/secure.htm
Thanks in advance!
I've found it best to set and unset your own session cookie. Then use owa_custom to verify the cookie.
In the dad.config file add:
PlsqlAuthenticationMode CustomOwa
Then create a package in your schema: called owa_custom and add one function inside: owa_custom.authorize
owa_custom.authorize will be called before each web invocation. You can check your session cookie and if you want to allow the web call return true. To block, return false and the user will get a 403 forbidden.
Then if you like you can write a custom 403 forbidden page and redirect to your login page.
Just know that in 12C, mod_plsql is going away and you'll need to use the Oracle Rest Listener. The same functionality exists there. Things just have different names.
I'm trying to use WordPress as a website CMS for a kiosk. Each kiosk needs a unique username therefore it must be logged in to WordPress.
I believe WordPress does not use Session ID's therefore how can I ensure the user is never logged out of the site even after X days of inactivity?
Thanks in advance.
How about just simply using the auth_cookie_expiration filter
add_filter('auth_cookie_expiration', function(){
return YEAR_IN_SECONDS * 2;
});
There seems to be mixed accepted answers. First, you should never modify the wordpress core code. Ever. Secondly, per the wordpress developer codex, the "auth_cookie_expiration" filter is what needs to be used here.
add_filter ( 'auth_cookie_expiration', 'wpdev_login_session' );
function wpdev_login_session( $expire ) { // Set login session limit in seconds
return YEAR_IN_SECONDS;
// return MONTH_IN_SECONDS;
// return DAY_IN_SECONDS;
// return HOUR_IN_SECONDS;
}
I've actually created a plugin to deal with this very issue. It uses the idea of persistent login to actually keep users logged into your wordpress website all the time, kind of link how Facebook does it.
Check it out, hope it helps!
WP Persistent Login
You can try configuring the session time for Wordpress. Unfortunately, Wordpress doesn't allow you to easily manipulated this.
You can try out this plugin: http://wordpress.org/extend/plugins/configure-login-timeout/
You can use the plugin "WP Login Timeout Settings" to achieve this. Under "Settings → Login timeout", it then allows you to configure the login timeout for both a normal login and one with the "Remember Me" box ticked.
That's just the same as what the "configure-login-timeout" plugin does, which was already recommended. Just that "WP Login Timeout Settings" seems to be a bit more actively maintained at the moment.