I am using the Google Sign-In JavaScript client and also referencing the Example App
The example app (app.js) tells me that login_hint is a valid option for the signIn method:
// If the user is not signed in with expected account, let sign in.
return auth2.signIn({
// Set `login_hint` to specify an intended user account,
// otherwise user selection dialog will popup.
login_hint: id || ''
});
But the reference manual does not say it does anything there but is only effective with the authorize() method. Elsewhere on the Web I see examples of it being also used with the init() method.
Can someone please clarify any/all places where the login_hint option is functionally active?
From the login_hint
Optional. If your application knows which user is trying to
authenticate, it can use this parameter to provide a hint to the
Google Authentication Server. The server uses the hint to simplify the
login flow either by prefilling the email field in the sign-in form or
by selecting the appropriate multi-login session.
Set the parameter value to an email address or sub identifier, which
is equivalent to the user's Google ID.
To set this value in PHP, call the setLoginHint function:
$client->setLoginHint('user#example.com');
Code for you:
options = new gapi.auth2.SigninOptionsBuilder();
options.setAppPackageName('com.example.app');
options.setFetchBasicProfile(True);
//options.setPrompt('select_account');
options.setLoginHint('user#example.com');
options.setScope('profile').setScope('email');
auth2.signIn(options);
Related
I am using jira-client npm module to make API calls on my jira instance, I want to check that if the user has a valid credentials before doing anything else, depending on that I would either:
Tell the user that they don't have a valid username or token.
or Let the user use the project functionalities
is that possible? I am able to make calls and with invalid credentials I will got response with a special message, but I want to know if there is a specific call for checking username and token.
Using normal fetch we can use
https://myJiraInstance/rest/auth/1/session
but for jira-client module it seems there is no way, however we can use findproject method in this way we can make sure that the user has a valid credentials as well as have access to the project itself.
If there any other solution I would be happy to have it.
There are two sides, Admin and Users. I am using the same database in firebase for both Users and Admin. It means that Users that are registered in my firebase authentication, can login to Admin webpage. How do i allow only specific admin's email to login into the Admin page.
For example:
Admin has an email of admin#admin.com
User has various email like 123#gmail.com, 222#gmail.com and etc.
What i want is only to allow admin#admin.com to be able to login into the Admin page but restrict login for User emails to login to the Admin page.
Using a Javascript, a simple solution would be to split the email String on the #, which will return you an Array of substrings and compare the second part which is the domain. Then, you could condition the rest of your code to work only if the criteria is true.
An example would be:
const allowedEmailDomain = 'admin.com';
const email = 'test#admin.com';
if (email.split('#')[1] === allowedEmailDomain) {
// do something, we accept this email
} else {
// return an error or do nothing
}
I make the assumption that, on the back-end side, your application is correctly secured, i.e. you have security rules in your database that only allow the users with an "admin" profile/role to read or write "admin" data in the database.
If this is not the case you MUST set correct security rules, since securing your Firebase instance only from a front-end perspective is not sufficient, as it is not very difficult to reverse engineer your app code and write some JavaScript code that will interact with your back-end. For that you could use Custom Claims.
So, with this assumption, it means that you need to adapt your front end in such a way the admin screens are only seen by the admin users.
One of the best answer is again to use Custom Claims, as explained here https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client (Section "Access custom claims on the client") and in this official Firebase video: https://firebase.google.com/docs/auth/admin/custom-claims#access_custom_claims_on_the_client
Note that trying to block a user based on his email domain may not be a good solution as it is easy, in few lines of JavaScript code, to register to your Firebase project as a user with a mail like whatever#admin.com or with any other email (using createUserWithEmailAndPassword)
Just block every other domain as #admin.com.
$allowed_domains = array("admin.com");
$email_domain = array_pop(explode("#", $email));
if(!in_array($email_domain, $allowed_domains)) {
// Not an authorised email
}
It's simply. Make an array for allowed domains, explode by #, get the last element of the array and check if it exists in the allowed domains array.
I am not able to find any documentation on how to restrict the login to my web application to only accept authentication requests from users with an email on a specific domain name or set of domain names. I would like to block as opposed to blacklist.
Does anyone have any document or template which how to achieve using jsp,angularjs,javascript, documentation on the officially accepted method of doing so, or an easy, secure work around?
For the record, I do not know any info about the user until they attempt to log in through Google's OAuth authentication. All I receive back is the basic user info and email.
You can use method of string class String. contain("#yourdomain") it will return boolean value true or false
It will go like..
if(request.getParameter("email").contains("#yourDomainName"))
Do something;
I'm using the standard Email + Password auth-provider.
Through certain circumstances I have to create a firebase user manually. The flow would be something like calling a REST api with an defined email + generated password, and if succeeded sending a welcome email to the user with his password. Something like forward user registration.
I read through their docs and couldn't find much. (the new docs don't even offer a REST API section for user management.. well and just to be clear, the new "google" styled docs, pretty much suck anyway :) ).
Is there someone who has already done something similar and can help me out?
BTW: It would also be possible to create them client side through createUserWithEmailAndPassword(), but this function does automatically reauthenticate the new user, which must not happen in my scenario. Is it possible to use createUserWithEmailAndPassword() without automatically logging in the user?
You can create a new Firebase App context in your client and then call createUserWithEmailAndPassword() there:
var authApp = firebase.initializeApp({
// ...
}, 'authApp');
var detachedAuth = authApp.auth();
detachedAuth.createUserWithEmailAndPassword('foo#example.com', 'asuperrandompassword');
By adding a second argument to initializeApp you create a separate context that will not trigger re-authentication upon user creation.
UPDATE It seems that my personnal email address had not been used for years. Facebook marked it as inactive and did not return it as part of the JSON.
I am authenticating a user with Facebook on the client side using this url :
https://www.facebook.com/dialog/oauth?
client_id=xxx&
redirect_uri=https://www.facebook.com/connect/login_success.html&
scope=email
I receive a code I then exchange for a token :
https://graph.facebook.com/oauth/access_token?
code=xxx&
client_id=xxx&
client_secret=xxx&
redirect_uri=xxx
I then send the token to my server and I fetch the Fb Graph in order to get some user info, including the email.
https://graph.facebook.com/me?access_token=xxx
For some reason, I get all the user 'about' info, but not his/her email!
What did I do wrong?
According to the Facebook Documentation:
By default, not all the fields in a node or edge are returned when you
make a query. You can choose the fields (or edges) you want returned
with the "fields" query parameter. This is really useful for making
your API calls more efficient and fast.
This is valid from v2.4, (previous versions retrieved some default fields).
When you register a new app you are entitled automatically (without manual review) to three permissions: email, public_profile and user_friends. In your code "email" is in scope (which is good) so just change your query to:
https://graph.facebook.com/me?access_token=xxx&fields=email
You probably wanted the public_profile fields that you automatically got in previous versions of the API. Do so so, add "public_profile" to your scope:
https://www.facebook.com/dialog/oauth?
client_id=xxx&
redirect_uri=https://www.facebook.com/connect/login_success.html&
scope=email,public_profile
And now add the user name fields to your query:
https://graph.facebook.com/me?access_token=xxx&fields=first_name,last_name,gender,email,timezone,age_range,verified
Good luck