I am attempting to create a Facebook IFrame Application using the Facebook Developer's Toolkit (language I'm using is VB). No matter what I do, I cannot get past this error message from Facebook.
App may not request permissions that
do not apply to all profiles in the
selector
I have tried dropping a CanvasIFrameLoginControl with requirelogin=true
i have also tried inheriting Facebook.Web.CanvasIFrameMasterPage then adding Me.RequireLogin = True to the Page_Init event. Both of these do require login. As soon as I add Required permissions, however, I get the API Error Code 100 - an app may not request permissions that do not apply to all profiles in the selector error from facebook. Does anyone have any idea how I can get past this issue?
You have to get extended permission to access the user's information like email,birthday etc..
Check This
Related
I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:
if I create a new user from the backend, this doesn't appear in the _users table;
a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.
Did my website get hacked? How could I fix it?
".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.
Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.
Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.
Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected
Nothing you say leads me to believe your site is hacked
The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like
mysite.com/index.php/component/users/?view=login&Itemid=yourid
which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password.
Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend.
Went back to the frontend and clicked on login, I was now redirected to a different url that looks like
mysite.com/login
where "login" is the alias that I had chosen for the Login menu item.
After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.
Can't login using Google Auth,
Error 403: org_internal
This client is restricted to users within its organization.
Go to cloud console (https://console.cloud.google.com/apis/)
APIs and services
Credentials
Oath consent screen
Ensure Application type is set to "public" and not internal.
Obviously assuming that you are creating an app that should be accessible outside your org. If this is related to testing and phones, it is possible to create testusers that are excepted from company policy rules.
The reason for this error is indeed because the Application type is set to "internal".
But setting it to public is not always the right answer...
Add "&prompt=select_account" to the authentication url. This will force the user to select the correct (organization-)account.
Without the parameter, Google tries to show the consent screen for the logged in Google-account, but as it is not an organization-account it will just display the 403 page without giving the user this choice.
https://developers.google.com/identity/protocols/OpenIDConnect#prompt
I had an Internal app that I was trying to authenticate with one of our YouTube channels using an organization account, and I was getting the same error:
Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.
After contacting Google Workspace Support, they asked me to Change the restriction on it from Limited to Trusted.
Steps are mentioned in this support thread: https://support.google.com/a/answer/7281227
Open the Google Admin Console.
From the sidebar menu, choose: Security → API Controls.
Click on MANAGE THIRD-PARTY APP ACCESS button.
Hover the cursor over the required app and click on Change access.
Choose the option: Trusted: Can access all Google services
And save the CHANGE.
Once you've done, take note that there will be 24 hours of propagation on it before it gradually takes effect.
Make sure, for the browser you are using, that you have logged out of "All" Google account(s). This should force the "select account" windows to display.
We have almost exactly the same problem while trying to configure WP Mail SMTP for Wordpress.
The OAuth Client's Application Type has to be "Internal" so changing it to "External" was not an option for us.
Hope this helps.
I had the same issue and in my case was because the project didn't had a support email address set it.
I fix it by adding one on the Firebase Console > Project Settings > General under the Public settings section.
This error is most likely due to the configuration of your application in Google Cloud Platform.
Setting your application to "internal" is causing this error. Try making your app "external" in the OAuth consent screen, but make sure it is in a "testing" status. Then, add yourself to the test users. This configuration will work well for an internal, lightweight application.
Once complete, try to authenticate with the channel again.
I had the same issue with a project. The error only appeared if I tried to log in to my app while already logged in with an account outside the organization (worked just fine while logged out of all accounts, or while logged in with an internal organization account). I had to change the OAuth Client's Application Type from Internal to Public in the Google Dev Console.
More info can be found at https://support.google.com/cloud/answer/6158849?hl=en
Maybe you have another google email to login, not the correct one.
I'm trying to implement a web-view web part in sharepoint that will load up a small 'widget'y type thing I've got hosted on our local IIS. I desire to only show this web part to particular users, but cannot use the 'target audiences' feature of Sharepoint as we only use Foundation an the feature isn't present.
I'm currently attempting to use Windows authentication on the page, and it works fine for allowed users seamlessly infact - however, I was hoping there was a way if the user is denied, they don't get a popup asking for credentials, it would just redirect them to a blank page, thus the web part 'doesn't show' for them.
Is this possible using Windows authentication or do I need to use forms authentication against Active Directory and make them use a form to login? Can Forms Authentication be configured to seamlessly use AD groups and only show a login page when 'denied'?
Cheers
After trying about a million different solutions that all basically led back to the problem of..
It's a pain to check if a user is authenticated before the 401 error is sent - as there is an initial 401 sent to the browser which then prompts for it for authentication..
I came up with a quick and dirty solution, as the project is small and not worth investing much more in.
I placed a very simple check in the page_load event like so, that checks for username if it isn't a postback (first load), and redirects if the static user list isn't found. Far far far from prfect, but it'll do.
if (!Page.IsPostBack)
{
var user = Request.LogonUserIdentity.Name.ToLower().ToString();
if (user != "domain\\user")
{
Response.Redirect("/path/to/redirect/to.html");
}
}
First, thank you to those of you who have put in a tremendous amount of work into building and developing Drupal-iOS-SDK. It is an amazing piece of work and I am impressed by its power daily.
Second, as a bit of background, I am writing an iOS app that allows users to login to my Drupal site with their iPhone/iPad and access their inputted data currently stored/displayed in Views.
Now, to my question/problem. So far, I have been able to successfully login to my Drupal site with the iOS app with OAuth and Session Authentication switched to off. However, as soon as I enable Session Authentication, I get a 406 error. I have tried looking online for a solution but, unfortunately, I have been unable to do so. What could be causing this problem and how would you recommend that I go about trying to resolve it?
On a similar note, my hypothesis is that disabling Session Authentication is what is causing me to get a 401 error when trying to get the app to display the views I've created. Could that be the case? Will resolving my issue above so that I can enable Session Authentication then allow me to access the views?
Thank you in advance for your help and have a great day!
Okay--I think I'm making some progress.
For the time being, I've disabled Session Authentication and don't have to deal with the 406 error. Additionally, I adjusted my Drupal views settings and now am no longer getting a 401 error when using DIOSView's viewGet. However, the responseObject for viewGet is a blank set that contains no view information. As a test, I implemented nodeGet that retrieves the node my view is linked to. I then ran the app and observed that the information returned in nodeGet's responseObject doesn't match the information for the user that successfully logged in. This makes me think that the session and/or user information is not getting passed from the app's first view (login view) to the app's second view (view that implements viewGet).
Can anybody help? I know the Drupal community, and Drupal-iOS-SDK community, is quite large and active. As such, I'm hopeful that someone can provide me with some insights and point me in the right direction.
Thanks in advance!
Check the 'sessions' table in the database. Remove any rows that have the 'uid' of the user you are logging in as and/or the 'hostname' (ip address) of the iDevice you are using to log in with. I had the same issue, getting 406 when enabling session authentication in services using drupal-ios-sdk, and this is what resolved the problem for me.
The 401 "Unauthorized" status code is because the request requires authentication. Once you get the session authentication working, check your roles and permissions. Once you are authenticated, the user should be able to access the view if they have the correct roles/permissions.
I found this problem too.
Try following this method here. It works for me
https://github.com/workhabitinc/drupal-ios-sdk/issues/30
I am currently working on the linqtotwitter library.
I am using cookies to store the token and key. My problem isnt with the api as much. It is more with ASP net and page life cycle.
The problem i have with my webform app is the same with the aspnet webform defaultasp sample same at linqtotwitter site.
This is how the api works
You pass the Credentials to Authorize object to Twitter context in a nut shell.
In the sample you authorize and etc. Once the page load the auth.screenname label is changed to your twitter handle because you authenicated and it passed the auth.credentials to the twittercontext.
This is where my problem is. If I hit refresh the label is cleared out but I am still authenicated with twitter so I can post except i can not get values from the auth objects.
How would I keep the state on a refresh so I keep something like the auth.screenname or something else in memory.
I think i would need to preload the twitter authorized context but I have no idea about doing that.
I do not think using a hidden form element is proper because your masking the underlying problem.
If you want to see what linqtotwitter is, it is at http://linqtotwitter.codeplex.com/
You could throw the tokens into Session if you have it enabled, that might solve your issue.