I want to send email link to user's email to authenticate user in my extension. How to automatically detect when the user clicked the link in email?
I've configured up to sending email. But my problem is extension popup still shows login form even after user clicked the link.
I'm using React.
How to automatically provision the access to user after he has clicked the email link?
How to automatically detect when the user clicked the link in email?
Firebase will log user on the device on which they clicked the link. Even if it's the same device, it'll most probably in a different tab. Easiest thing to do would be using Firebase Realtime Database.
When use enters email, send the sign in link and listen on a particular node in relatime database.
When use clicks on that link and is redirected to any page after login, update the value that node in RTDB.
When the update is received, do the changes required.
However this won't work is user uses the link on a completely different device so a custom solution might be needed.
Related
In android user can google sign in into android app with Firebase Authentication.
But if app using WebView, logged user data does not affect it.
Is there a way to log in specific url of Webview ( or accounts.gooogle.com ) with signed user data ?
Example : www.example.com has Sign In with Google Button
In webview.loadurl(example.com) -> when click Sign In Button sending user to new page wants write email then password then two factor auth with user phone wants approve etc.. This is cancer for user.
But after one time login user can login other websites with one click to google signin button.
But, if user load same url with their mobile chrome -> when click log in button then select already added account and finish.
Or any way to log in with this url https://accounts.google.com/o/oauth2/v2/auth/... url ( most of websites redirect to this url when google log in button clicked ) contains form method=post. Can we login with user id_token inside javascript code?
So here two times user needs to log in
Here not
I tried to login with javascript code because we run that code on webview too. But I dont know js much.
Using the RadioBoss.fm streaming service and there is a setting to restrict listener access by setting a password. The listener stream URL is played at a website via JPlayer (or any other similar media script) and when the play button is clicked, a javascript login form pops up, which I figure is triggered by a notice sent to the remote radioboss.fm server.
I want to auto fill and submit the form on play button click without user awareness so the action to listen is seamless. The goal is to block other websites and phone apps from using the stream URL for their gain, therefore users must be at this site to listen to the audio stream.
RadioBoss.FM Setting
The website for listening
At the listener source website the javascript form opens on click of the play button. The action desired is to set the password and user (username not required) value in a database table and use an AJAX request to get that value and insert to the fields and submit.
I ran the step with the browser console open but did not see any result which would indicate an ID for targeting.
For testing purposes: The listener site is https://eventsrusonline.com and the stream connect password is eventsrusonline no username required.
Update 7/27/22
I've come to learn that the method triggers the browser's Basic Authentication and I will need to develop a javascript process using execCommand() or send an https://username:password#site.com. I'm not verbose in javascript so I've not achieved the goal.
I am working on an email that will be sent out as a marketing effort.
Within the email there will be a button that will allow people to "save the date" of the event and I want to be able to detect if the email was opened in gmail after the button is clicked, and if it was opened in gmail it would serve a Google Add to Calendar link - else it would serve an ICS file.
There is another email that does exactly this, it does not detect user agent since, regardless of the browser and os and device, if the email was opened in gmail it would redirect to google's add to calendar!
I've been trying to figure this out for a while now and have tried many trick, though none successful, I would love to see what other ideas people have.
Edit: I noticed that gmail will add data-saferedirecturl to all links
I'm wondering if there is a way to detect this?
If you to know the source of the click on your link, you can do so by using a trick with images:
Inside your mail, insert a tiny image pointing to your domain (Preferably with a different identifier for every recipient.
When user first opens your mail, the Gmail proxy server will send your server a request to get the picture.
You can identify the request coming from the Gmail proxy server using any of the indicative elements of the request (Like IP address, User-Agent and such).
Though, note that: If the recipient opens the mail again in Gmail, you won't see a request to your server, since this picture is saved in the proxy server's cache.
You cant pass javascript to mailreader.
But you can add Email Tracking Pixel.
I am sending activation link throught email id which inturn is calling after creating user.These are the steps that I am doing:
Create User Without Credentials.(OKTA API)
Activating user with send email set as false.(OKTA API)
Through my own code I am sending activation link to the user.
After he clicks on activation link it comes to my custom page .
After he enters password when he clicks on submit SET Password of OKTA API is fired and the user becomes activated.
The problem with this approach is this to not able to avoid MITM attack, as if someone gets access to user email he will be able to set his credentials.
What is the best way to avoid this?
I am working on login with facebook into our site. I am using facebook js sdk for this. Now, if I clicked on fb login button (which is placed in our site), it opens a popup window asking for user name and password. If I login here by entering correct username and password, its logging in, after that, it gives the required info to me. so, I am passing that info into our site and logging the user. No issue in this flow. But, if user already logged into facebook directly by opening facebook.com from browser and opened our site in separate tab . Our site will also contains "login with facebook" button. So, when user clicks on this button, it opens a login window and closes immediately without giving any user info. I guess it is because, user already logged into facebook. But here also I need the logged in user info. How do I achieve this?
Please help me out.
Any help would be appreciable.