I am using facebook c# sdk in my windows phone 8 app. When I click the login button of the facebook Controls using the loginbutton control it ask for username and password.
After entering the credentials it shows me
"security warning please treat the url above as you would your password and do not share it with any..." page and then I cannot do anything.
It is always showing me the same page.
Also the sandbox mode for the facebook app whose id I am using in wp8 app is disabled.
I filed a bug report to Facebook today on this issue, posted one workaround to the Facebook SDK for .NET - Security Warning Issue thread.
The short answer is that authorization is broken and adds a question mark after the redirect_uri link, and FacebookSDK.NET does direct comparison between actual and expected Uri, and fails.
Related
I know that this question has been asked previously in this link Facebook OAuth "The domain of this URL isn't included in the app's domain" , but the solution is not working for me and it doesn't strictly similar to my issue.
I'm trying to setup Facebook OAuth to work with my application that is being developed locally on my machine.
I followed every steps from facebook guide:
I created my application
I added a web platform with the url http://localhost/
I added Product Facebook Login
I added code for Continue with Facebook button described here in my html page
Facebook button is on my page but it doesn't work when I click on it (Error: Can't Load URL: The domain of this URL isn't included in the app’s domains).
I tried to add a domain (localhost, http://localhost, http://localhost:5000) but it didn't work.
I then added http://localhost:5000/ to the field 'Valid OAuth redirect URIs', but no improvement.
Here my Facebook login settings :
login setting
Thanks for your answers !
Chrome is auto-filling the credentials, but not log me in until I click login. How to automate? (windows, non-google websites).
Using the Chrome Identity API you can have Chrome (on desktop and Android) automatically attempt to log in the user when they hit your page, even if their session has expired.
Following is a workflow diagram of how it works, but the details can be found in the Google Authentication API: Let the user automatically sign back in section:
It is not the browser's responsibility to auto-login to websites. This is the responsibility of the website you are accessing. The browser can remember form data and auto-fill for you, as can various extensions like LastPass.
However, in order to actually auto-login, you must first login to the website you are trying to access and enable the option they provide, often called 'Remember me?'. The website would typically use a cookie to store the credentials (securely with a hash + salt), and if the cookie still exists (not cleared from the browser or expired), and the hash of real password in database matches the one in the cookie, the website will auto-login.
You could force the browser to try and auto-login with extensions, which are essentially macros. You could try Auto Login or iMacros extensions for this. I would generally avoid this though.
Anyone else stumbling into this thread from a google search.... you can do this with autohotkey. If you browse to yourbankhere.com and chrome fills in the user/pass, you can have autohotkey perform a mousemove then a mouseclick to click the login button.
In open shift account i had hosted one word press app
"http://music-logavdm2.rhcloud.com"
I also tried the open shift client tool to list the app
app music but that also tells the app does not exist
Yesterday i update the blog but today that application not displayed on the web console. and also the
"http://music-logavdm2.rhcloud.com"
not found found DNS address error.
It seems your app may have been removed (possibly due to OpenShift ToS infringement).
In that case, you would receive a notification email with a reason of the removal. You can try contacting OpenShift support, if you received no such email.
When I try to log out(both using my own button and the one provided in the SDK) I am "able" to log out. The reason I use the quotation marks is that when I will try to log in again, it is automatically logging me in as the previous logged in user. Thus, I am not able to change user. I'm assuming that this is some cache issues in the web browser or something like that. Anyone know if this will be fixed when the sdk is out of its alpha? Any help appreciated!
The problem is that the FB authentication cookies are still in the WebBrowser data.
Here is the code that clears the WebBrowser cookies (no matter which instance of WebBrowser it's called on):
await new WebBrowser().ClearCookiesAsync();
I'm adding Box support to an iPad app. I tried the official SDK and I don't want to use it for the following reasons:
Login page is too wide for a modal controller with UIModalPresentationFormSheet style on iPad. The SDK hosts UIWebView which loads content of https://m.box.net/api/1.0/auth/, which perhaps returns HTML with min width set to 768px (although I didn't check the HTML, speculating here).
HTML in login page doesn't show Google Apps authentication option. The full desktop version of the page does.
Because the login page is hosted in UIWebView the user cannot be sure that he's supplying the credentials to Box, and not to an app author.
I don't need the whole SDK functionality, just authentication, folder/file listing and content download. Since my app also uses other cloud storage providers I'd prefer to provide uniform file browsing experience.
Here's what I'm going to do:
Add a custom URL scheme for my app, let's say "myapp".
In Box's Application settings for my app set Redirect URL to myapp://RedirFromBoxAuth.
When the user chooses to browse Box from inside my app, I'm going to:
Get a ticket by calling GET https://www.box.com/api/1.0/rest?action=get_ticket&api_key={API_KEY}
Extract the ticket, then call openUrl with https://www.box.com/api/1.0/auth/{TICKET} This will open Safari and let the user enter his credentials. This is the full, desktop version of the login page.
On successful login Box's server will tell Safari to redirect to myapp://RedirFromBoxAuth?ticket={TICKET}&auth_token={TOKEN}, which in turn will tell iOS to yield control to my app.
My app receives handleOpenURL notification and I can extract the authentication token and use REST API from now on.
Please comment, is it a good plan? I created a quick prototype and it seems to work, but maybe I'm missing something?
Box team, could you please tell us will an app using this authentication model be eligible for inclusion in OneCloud?
This seems like a good strategy and will probably make for a better UX/easier implementation than the normal redirect. Please let us know if you run into any weird edge cases by implementing it this way.