I want users to redirect to log in each time they open Angular 6 SPA that is secured with identity sever as authorization server with angular-oauth-oidc.
I am using OAuth 2.0 implicit flow for users to log in with Angular SPA.
I tried with clearing sessionStorage or localStorage but It is not working.
How can I implement above using this library ?
this.oauthService.configure(authConfig);
this.oauthService.tokenValidationHandler = new JwksValidationHandler();
this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
// If there is a valid access token
if (this.oauthService.hasValidAccessToken()) {
}
});
Related
I was able to connect and upload videos using the library but when I deleted the app connection on Vimeo.com (as a test) the app didn't authorize again.
the upload looks like it's working but nothing is uploaded as the app is no longer connected.
I deleted the app on the phone and restarted but it still won't re-authorize the app.
This comes up in the output:
Vimeo upload state : Executing
Vimeo upload state : Finished
Invalid http status code for download task.
And this is in OldVimeoUpload.swift: ( didn't include the actual access code!)
import Foundation
class OldVimeoUpload: VimeoUpload
{
static var VIMEO_ACCESS_TOKEN :String! // = "there's a string of numbers here"
static let sharedInstance = OldVimeoUpload(backgroundSessionIdentifier: "") { () -> String? in
return VIMEO_ACCESS_TOKEN // See README for details on how to obtain and OAuth token
}
// MARK: - Initialization
override init(backgroundSessionIdentifier: String, authTokenBlock: AuthTokenBlock)
{
super.init(backgroundSessionIdentifier: backgroundSessionIdentifier, authTokenBlock: authTokenBlock)
}
}
It looks like the access token number is commented out. I deleted the 2 forward slashes to see if that would fix it but it didn't.
I spoke too soon.
It sounds like you went to developer.vimeo.com and created an auth token. Used it to upload videos. And then went back to developer.vimeo.com and deleted the auth token.
The app / VimeoUpload will not automatically re-authenticated in this situation. You've killed the token and the app cannot request a new one for you. You'll need to create a new auth token and plug it into the app.
If this is not accurate and you're describing a different issue let us know.
If you inspect the error that's thrown from the failing request I'm guessing you'll see it's a 401 unauthorized related to using an invalid token.
Edit:
Disconnecting your app (as described in your comment below) has the same effect as deleting your auth token from developer.vimeo.com.
Also, VimeoUpload accepts a hardcoded auth token (as you see from the README and your code sample). It will not automatically re-authenticate, probably ever.
If you'd like to handle authentication in your app check out VimeoNetworking or VIMNetworking. Either of those libraries can be used to create a variety of authentication flows / scenarios. Still, if a logged in user disconnects or deletes their token, you will need them to deliberately re-authenticate (i.e. you will need to build that flow yourself). In that case, the user has explicitly stated that they don't want the app to be able to access information on their behalf. It would go against our security contract with them to automatically re-authenticate somehow.
Does that make sense?
I need to access infusionsoft api without user interaction. I do not want let user to click on a click so I can get a tocken. Is it possible?
$infusionsoft = new Infusionsoft\Infusionsoft(array(
'clientId' => '...',
'clientSecret' => '...',
'redirectUri' => '...',
));
// If the serialized token is available in the session storage, we tell the SDK
// to use that token for subsequent requests.
if (isset($_SESSION['token'])) {
$infusionsoft->setToken(unserialize($_SESSION['token']));
}
// If we are returning from Infusionsoft we need to exchange the code for an
// access token.
if (isset($_GET['code']) and !$infusionsoft->getToken()) {
$infusionsoft->requestAccessToken($_GET['code']);
}
if ($infusionsoft->getToken()) {
// Save the serialized token to the current session for subsequent requests
$_SESSION['token'] = serialize($infusionsoft->getToken());
// MAKE INFUSIONSOFT REQUEST
} else {
echo 'Click here to authorize';
}
Make 3 files
Request_new_token.php. It is similar to your code(Need to run one time only), but you will have to save the token to database or txt file.
//Convert object to string
$token = serialize($infusionsoft->requestAccessToken($_GET['code']));
//Update the token in database.
$update = new Update("systemsettings");
$update->addColumn('systemsettings_strvalue', $token);
$update->run(1);
exit;
Refresh_token.php. With saved token, you will need to refresh it within 21 hours. I suggest to use cronjob to auto run it on server back-end.
General_request.php(Up to your system preference). Whenever you need to make single request to GET/PUT/POST, you just need to initiate infusionsoft object and set token to the new object from database.
Good luck!
If you're looking to interact with the API and not get access via the newer oAuth methods, you'll need to use the depreciated legacy API which uses an API key from the actual Infusionsoft application. The upside is that unless the user changes their API key, you don't need to "renew" or "refresh" the token and you don't need the user to click through an authorize their app.
The big downside, of course, is that this older API has been depreciated and all new applications need to use oAuth.
What is the use case where you can't walk the users through an oAuth authentication flow?
I'm trying to get dojo to show Json data that comes from a remote web service. I need to be clear though - the web server hosting the html/dojo page I access isn't the same server as the one that's running the web service that returns the json data - the web service server just can't serve html pages reliably (don't ask!!).
As a test I move the page into the same web server as the web service and the below works. As soon as I move it back so that the html/dojo is served from Apache (//myhost.nodomain:82 say) and the web service sending the json is "{target:http://myhost.nodomain:8181}", then it stops working.
I've used FFox to look at the network & I see the web service being called ok, the json data is returned too & looks correct (I know it is from the previous test), but the fields are no longer set. I've tried this with DataGrid and the plain page below with the same effects.
Am I tripping up over something obvious???
Thanks
require([
"dojo/store/JsonRest",
"dojo/store/Memory",
"dojo/store/Cache",
"dojox/grid/DataGrid",
"dojo/data/ObjectStore",
"dojo/query",
"dojo/domReady!"
],
function(JsonRest, Memory, Cache, DataGrid, ObjectStore, query) {
var myStore, dataStore, grid;
myStore = JsonRest(
{
target: "http://localhost:8181/ws/job/definition/",
idProperty: "JOB_NAME"
}
);
myStore.query("JOB00001"
).then(function(results) {
var theJobDef = results[0];
dojo.byId("JOB_NAME").innerHTML = theJobDef.JOB_NAME;
dojo.byId("SCHEDULED_DAYS").innerHTML = theJobDef.SCHEDULED_DAYS;
});
}
);
Its true what Frans said about the cross domain restriction but dojo has this link to work around the problem.
require(["dojo/request/iframe"], function(iframe){
iframe("something.xml", {
handleAs: "json"
}).then(function(xmldoc){
// Do something with the XML document
}, function(err){
// Handle the error condition
});
// Progress events are not supported using the iframe provider
});
you can simply use this and the returned data can be inserted into a store and then into the grid.
Are you familiar with the Same Origin Policy:
http://en.wikipedia.org/wiki/Same-origin_policy
Basically it restricts websites to do AJAX requests to other domains than the html page was loaded from. Common solutions to overcome this are CORS and JSON-P. However, remember that these restrictions are made for security reasons.
Im building a small todo app in html5. Works fine so far but i have a problem: If the user visits http://www.mydomain.com/ he is prompted to login. If he is logged in on / a different template is served -> my main application template. Plus a cookie is set for session handling.
Now he can add/delete/edit his todos. While he is online the todos are saved on the server.
I also added a cache manifest for my site and use local storage to save his todos when he's offline. This works fine so far.
My Problem: If the user is online and logs himself out of the site, and the server isn't serving the main application template anymore, the browser uses the offline version of the site. But he should only use it if the browser is offline, not when the server is sending another template on the same path.
Someone a hint for me? Thanks in advance!
Use this function to get the cookie that is stored on your client machine. In case it returns null then that means the user is logged out. This should be done every time the page is loaded. You could also redirect the user to the login page.
var function getCookie(c_name)
{
var i,x,y,ARRcookies=document.cookie.split(";");
for (i=0;i<ARRcookies.length;i++)
{
x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
x=x.replace(/^\s+|\s+$/g,"");
if (x==c_name)
{
return unescape(y);
}
}
}
var cookie = getCookie("myDomainAuthenticationCookie");
if(cookie == null)
{
window.location.href = "/myDomain.com/Accounts/Login"
}
I really need help with this... is it doable? Is it possible to add a Tab to a Company's Page programatically (like FBML, where the users writes their own HTML code)? Such as the C# SDK or through some other SDK? How would I do it?
Facebook Graph API allows it with permission "manage_pages".
http://developers.facebook.com/docs/reference/api/page/#tabs
You can install a profile_tab at the end of the current list of
installed tabs for a page by issuing an HTTP POST request to
PAGE_ID/tabs with a Page Access Token.
Javascript SDK:
FB.api('/' + PAGE_ID + '/tabs','post',
{ app_id: APP_ID, access_token: PAGE_TOKEN }, function (response) { });
Otherwise you could POST the same data via C# and a valid page access token. You get the page access token from /user/accounts: http://developers.facebook.com/docs/reference/api/user/
From the research I've done, I don't think there's a way to do it programmatically directly. However, you can use the following link:
http://facebook.com/add.php?pi_key=YOUR_APP_KEY&pages=1&page=YOUR_PAGE_ID