::UPDATE:: LINKS DO NOT EXIST ANYMORE!
Very strange indeed, this is definitely a bug! I did a test with app_id from another application and it worked.
See for yourself:
https://apps.megalopes.com/megabraziltv/test.php (app_id correct)
https://apps.megalopes.com/megabraziltv/test2.php (app_id from another application)
---/---
I found several people with the same question and all the answers are equal:
Site URL is not same as REQUEST_URI (Redirecting URL)
My app setting are:
Secure Page Tab URL: apps.megalopes.com/megabraziltv/...
App Domain: megalopes.com
code:
<div id="fb-root"></div>
<script src="http://connect.facebook.net/pt_BR/all.js">
</script>
<script>
FB.init({
appId:'123456789', cookie:true,
status:true, xfbml:true
});
FB.ui({ method: 'apprequests',
message: 'Here is a new Requests dialog...'});
</script>
This simple code is not redirecting to any other url. I tested on the js console getting the same results. Sometimes works and sometimes I get this error message:
API Error Code: 191 API Error Description: The specified URL is not
owned by the application Error Message: redirect_uri is not owned by
the application.
Regardless of being page tab or canvas, you must identify the website Site URL in https://developers.facebook.com/apps
How I fixed:
App Domain: megalopes.com (domain)
Site URL: / Secure Canvas URL: / Secure Page Tab URL: https://www.megalopes.com (subdomain)
I think I have run into something similar before.
In the summary page of your app ensure both the Secure Canvas URL and Page Tab URL are populated.
The URL in my redirect_uri should have "http://" in the beginning. It was missing the protocol information, thus leading Facebook not to recognize my website and throw this annoying 191 error. I finally found out after one hour pulling the hair I (still) have left.
You have to create a channel page, which allows "cross domain communication in certain browsers"
This is an html page (saying /channel.html) on your server, which only contains :
<script src="//connect.facebook.net/en_US/all.js"></script>
And make the Javascript SDK aware of it :
FB.init({
appId: 'xxxxxx',
cookie: true,
channelUrl: location.protocol + '//' + location.host + '/channel.html'
});
More about this :
https://developers.facebook.com/docs/reference/javascript/FB.init/
https://developers.facebook.com/docs/reference/javascript/
It's because of domain URL that you mentioned in facebook's mistake. Domain URL wont be like www.site.com
Update your domain url like subdomain.site.com.
Now it surely work.
Related
I am sorry i have much trouble understanding Firebase Dynamic links.
My use case is : a user wants to reset his password from the mobile app (or send an email verification).
The request is made using Firebase Authentication with a custom handler (with custom domain : https://example.com/auth)
The ActionCodeSettings looks like :
final ActionCodeSettings codeSettings = ActionCodeSettings(
url: 'https://links.example.com/auth?email=$email',
iOSBundleId: Constants.iosBundleID,
androidPackageName: Constants.androidBundleID,
androidInstallApp: true,
dynamicLinkDomain: "links.example.com",
);
The user clicks on the link he received by email and gets redirected to the website (hosted by Firebase Hosting under : example.com)
When the user has finished resetting his password, i would expect to redirect him by "launching" the continueUrl that should take him back to the mobile app. continueUrl : 'https://links.example.com/auth?email=$email'
However this doesn't work so i am guessing that i am doing something wrong somewhere.
In my iOS config, i have added the Associated Domains as : applinks:links.example.com.
In the Info.plist file i have added :
<key>FirebaseDynamicLinksCustomDomains</key>
<array>
<string>https://links.example.com/auth</string>
</array>
(and have also tried with : <string>https://links.example.com</string>)
In my Android config I have added this to my AndroidManifest.xml :
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:host="links.example.com" android:scheme="https"/>
</intent-filter>
Fun fact, on Android after the above steps are completed (on website from the smartphone), if i launch the continueUrl it prompts the user whether to redirect back to the app or stay on the browser to open the URL.
I have of course created a sub-domain : links.example.com in the Firebase Dynamic links console as an URL prefix.
Here are my questions :
Is the continueUrl supposed to redirect back to the app ?
In the ActionCodeSettings continueUrl described above is correct? I see in the documentation always using example.com as the continueUrl, but it would be in conflict with the custom domain used for hosting right ? So i have put links.example.com as the continueUrl and the custom Firebase auth handler is example.com/auth to indeed redirect to the correct web page in my website.
What is the Hosting firebase.json configuration for such case ?
The final link looks like this :
https://example.com/auth?mode=resetPassword&oobCode=T0qn8aj_p7TJBWyE5eUh7_7ZwIqwtJ7Q-i8LDf4QrIsAAAF_u6Bi6Q&apiKey=AIzaSyAzPqhZFKAyfQDeN4DGGjI9VCTEBe_mLc4&continueUrl=https%3A%2F%2Flinks.example.com%3Flink%3Dhttps%3A%2F%2Flinks.example.com%2Fauth%3Femail%253Dtestmail12%40gmail.com%26apn%3Dcom.example.android%26amv%26ibi%3Dcom.example.ios%26ifl%3Dhttps%3A%2F%2Flinks.example.com%2Fauth%3Femail%253Dtestmail12%40gmail.com&lang=fr
Do you see anything wrong or missing ? Something that would prevent the mobile app redirection after the operation completes ?
What should I do with the continueUrl param to gets redirected to the app ? Is it automatically done after some event or should the developer writes code to "push" a new web page containing this link and it will see automatically that's not a link to handle in a web page, thus redirect to the mobile app ?
Thanks a lot in advance for any explanations on how this works !
I have finally understood how this works :
The continueUrl must be the one used to handle back in the mobile app so if you use :
url: 'https://links.example.com/auth?email=$email',
This means you have to create a dynamic link prefix URL : https://links.example.com/auth in the firebase console.
You must also add it to your iOS Info.plist file as stated in the question.
Also, when you use a custom domain you need to make sure as stated in the documentation that the URL prefix and the domain are different such as :
https://link.example.com/?link=https://example.com/my-resource
And not :
https://example.com/?link=https://example.com/my-resource
This means that by using https://links.example.com/auth as URL prefix, you need to use another domain to deal with the link.
In my case, i have built the url this way :
https://links.example.com/?link=https://redirect.example.com/auth
And added https://redirect.example.com/auth as URL prefix.
This prevent both conflicts between example.com at the hosting level and links.example.com from having both link domain name AND Url prefix identical.
Also, don't forget to add new dynamic links domain as whitelisted domains in the Firebase Authentication Sign-In methods in Firebase console or you will get a domain-denied error.
Hope this will help others to understand better how this works.
I am using Auth0 NextJs SDK for authentication in my NextJS App. I am following this tutorial https://auth0.com/blog/introducing-the-auth0-next-js-sdk/. In my local machine, everything works fine.
The configuration for Auth0 in my local server:
AUTH0_SECRET=XXXXX
AUTH0_BASE_URL=http://localhost:3000
AUTH0_ISSUER_BASE_URL=https://myappfakename.us.auth0.com
AUTH0_CLIENT_ID=XXXX
AUTH0_CLIENT_SECRET=XXXX
In the Auth0 Dashboard, I added the following URLs :
Allowed Callback URLs: http://localhost:3000/api/auth/callback
Allowed Logout URLs: http://localhost:3000/
My local app works locally fine.
I uploaded the app on Vercel. And changed the
AUTH0_BASE_URL=https://mysitefakename.vercel.app/
In Auth0 Dashboard, updated the following information:
Allowed Callback URLs: https://mysitefakename.vercel.app/api/auth/callback
Allowed Logout URLs: https://mysitefakename.vercel.app
I am getting the following error:
Oops!, something went wrong
Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.
Please go to the Application Settings page and make sure you are sending a valid callback url from your application
What changes I should make it works from Vercel as well?
You can try to check if vercel isn't changing the url when redirecting to auth0. Your configurations seems good to me. The error is very explicit though. I think a good option should be to verify that the redirect (if handled by vercel) is doing with the same url as auth0 expects.
And don't forget to add the url you're currently on when performing the callback. Are you in https://mysitefakename.vercel.app/api/auth/callback when the callback is executed? (call auth0).
you have to change your base url in the env.local file
AUTH0_BASE_URL=https://mysitefakename.vercel.app/
you can also make two more env files namely env.development and env.production and set different base urls for different cases so that the correct base url is automatically loaded depending on how ur web app is running.
You need to add handleLogin under api/auth/[...auth0].js and that will solve it:
import { handleAuth, handleLogin } from '#auth0/nextjs-auth0';
export default handleAuth({
async login(request, response) {
await handleLogin(request, response, {
returnTo: '/profile',
});
},
});
Don't forget to also add allowed callback url in [Auth0 Dashboard]: https://manage.auth0.com/dashboard for your hosted app for both local and hosted instance:
http://localhost:3000/api/auth/callback, https://*.vercel.app/api/auth/callback
I'm logging-in Wordpress account from google app script.
This is my try:
var url='http://www...it/wp-login.php';
var options = {
"method": "post",
"payload": {
"log": "user",
"pwd": "password",
"wp-submit": "Login",
"testcookie":'1',
},
"followRedirects": false,
};
var response = UrlFetchApp.fetch(url,options);
I get 200 code, instead of expected 302 code.
Where I get wrong?
Other solutions, such as this, give me 404 error code.
The 200 response code indicates that your request to fetch the desired URL was performed succesfully, while the 302 code means that you are redirected.
The Wordpress login page will redirect you, if your log-in credentials are correct.
In other words - your request is not correct. The sample you are referring to is valid for an ADMIN logging into the ADMIN log-in URL. Is this also your case? Can you log-in manually if you open the URL and use the same credentials as in your Apps Script code?
Just went through this in case someone else stumbles upon this question.
Things to check:
wp-submit: "Log In" or "Log+In"
Might need redirect_to field
It didn't work without passing Referer: header (doesn't seem t validate this)
Also you need to handle cookies, wp-login sets wordpress_test_cookie=WP+Cookie+check
EDIT: I was able to resolve the original error here when I realized my ROOT URL was set to my IP address rather than my domain. However, I now have a new issue. My client ID is the same as the original post below. This works fine in the local app, but in production, the popup flashes for a second and then the login box displays "Internal Server Error". I can't see any other messages that would explain it.
I am using the service-configuration package to load the settings, as follows:
ServiceConfiguration.configurations.upsert(
{ service: "google" },
{
$set: {
clientId: "************",
loginStyle: "popup",
secret: "***********"
}
}
);
If I add ?close to the end of my Authorized redirect URI, the Google popup comes up with a redirect_uri_mismatch error, showing the URI without ?close. I think there was an issue resolved here but it at least shows me that my project in Google is being recognized.
ORIGINAL POST
I am setting up an OAuth 2.0 client ID for accounts-google in Meteor and am seeing the following error:
400. That’s an error.
Error: invalid_request
Invalid parameter value for redirect_uri: Raw IP addresses not allowed:
http://***.***.***.***/_oauth/google
My Client ID in Google:
Authorized Javascript Origins
http://localhost:3000
http://myApp.com
Authorized redirect URIs
http://localhost:3000/_oauth/google
http://myApp.com/_oauth/google
I understand I must not be properly pointing the domain to the IP address. I have already set up an A record and the site works fine in other regards though, so not sure what step I missed.
I am very new to sencha touch 2.
I want to make a http request. basically I want to connect to google (http://www.google.com) and then check the http response if it's ok or not.
I have checked this code but I always get failure...
Ext.Ajax.request({
url : 'http://www.google.com',
success : function(response, options) {
Ext.Msg.alert("Success");
},
failure : function(response, options) {
Ext.Msg.alert("Failure" + response.responseText + " "
+ options.responseText);
}
});
Later on, I want to use this functionality to implement log-in for the application.
I appreciate your help in advance.
You can switch on Chrome with params --disable-web-security. Next you have to possibility to make Ajax request ( without cross domain policy). On device you use web container not the browser to make a request.
whene I try your code it's give me success alert.
but in console I get this error
XMLHttpRequest cannot load http://www.google.com/?_dc=1330926850434. Origin http://localhost is not allowed by Access-Control-Allow-Origin.
This error is because of that google sever not allowed ajax request from domin localhost.
If you want to send requset on this url you have to use Jsonp .
There is a Cross Domain policy which restricts user to fetch data by AJAX requests directly. So, from javascript if you want to do that, you have to use a ScriptTagProxy here.
If you are going to make a login mechanism and the data resides in same server (localhost for your case), you will not get any issue because you will be making the AJAX request from "localhost" to "localhost" ie, to same domain and then there will be no issue like this.
Otherwise, if you really want it to be cross domain, you can just write a server side code (I am showing in php - you should use cURL) to connect and get data - which doesn't require JSONP.
Filename: action.php
<?php
print file_get_contents(http://www.google.com);
?>
File name: Your js file
Ext.Ajax.request({
url : 'action.php',
success : function(response, options) {
console.log(response);
Ext.Msg.alert("Success");
},
failure : function(response, options) {
Ext.Msg.alert("Failure" + response.responseText + " "
+ options.responseText);
}
});