I was planning to use Facebook Social Login in my Hybrid application ( HTML5/CSS/JS and Cordova) However on going to facebook developer I could not see an option for choosing cordova based app.
So shall I consider www , i.e. Javascript based SDK for implementing facebook social login?
From security point of view, is it good choice to choose JS SDK in hybrid application?
Thanks!
Yes, you can choose www for create app for hybrid platform and you just need to set the App id into application so if someone decompile your app they just get an App Id and nothing else, other all things are saved into your developer facebook account.
So you can create your app with this www without worrying about the security of an app.
Also you can create Facebook login with the simplest use of OpenFB,
You just need to create Facebook API from Facebook Developer Account
And Pass the App ID into javascript file of facebook login function.
Related
I have enabled SSO using Azure Premium AD with Google Apps, i can login to Google apps when I go to browser and click my apps however I need to get data programmatic after I login into O365. Instead of clicking my apps i need to use a programmatic snippets (ex., javascript) query some data from google apps or any configured SaaS based apps.
You can try to use adal for js to authenticate and authorize your users. You can write a initialization functionality in your client application using javascript. When the document is loaded, check whether the user is signed in, if so, call your additional APIs, if not, use adal to login.
I'm working on a windows app using pure JavaScript and try to use AAD for authentication. The issue that I'm facing is aftering calling the "login" function from adal.js which will redirect user to the login page, how shall the app receive the response assuming the user logged in successfully? The page that I'm seeing now after login is saying"This page cannot be displayed. Make sure the web address https://login.microsoftonline.com is correct." I have entered the redirectURI value in azure with the one starting with "ms-app://s-1-15-***".
I've gone through the examples from the AAD developer's guide and I don't see examples of windows app + pure JavaScript. The "Windows Universal" section has example of C# and the "JavaScript" section is for web page application.
As adal for js is designed for web application, the redirect_url parameter requires a web server host location. So the using plain javascript to integrate adal for js is not so suitable in this scenario.
You can try to follow several workarounds:
To use C# lib in your UWP application.
To use Azure Mobile Apps' Authentication feature to authenticate & authorize your users. On sever side, you can refer to https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-windows-store-dotnet-get-started-users. And on your UWP side, you can refer to https://yorkporc.wordpress.com/2014/06/07/winjs-windows-store-app-and-aad-sso-experience-i-e-save-cookies-from-microsoftonlineaad-login-pages/ for similar usage.
Any further concern, please feel free to let me know.
I finally figured out how to perform the AAD authentication in windows app using javascript. So there's the WebAuthenticationBorker from WinRT that can be utilized for the authentication through the OAuth2 endpoint.
A link here is a very helpful example.
I have a login page via WCF restful APIs. I am logging in and now the problem after logging in if user exits in the app and try to re open the app, the app doesn't want to ask the user for credentials by storing the previous credentials. It has to automatically redirect to the another page. Any ideas, suggestions? I'm using JavaScript and HTML & Cordova.
Take a look at this answer
Cordova app with autologin feature
This answer is one of the best ways to implement autologin in hybrid apps, to me.
I've been debating this with my colleagues but we have no clear solution. OAuth gurus, your wisdom is needed please!
Context:
My company "CompanyX" is exposing a set of REST APIs which are protected behind an own OAuth2 service. I have full control over the OAuth implementation.
3rd party developers use the API and OAuth to develop apps.
My company plans to develop a client-side ONLY web application for desktop and mobile browsers. Users of this app log into their account with a username/password. In the spirit of "eating our own dog food", the new web app will use the existing REST APIs and OAuth service.
Instinctively, I would have my app use the OAuth2 password grant-type.
Problem Statement:
Picture this: as a user, you press the Login button on the AppX (my app) developed by CompanyX (my company). It redirects you to a box that reads:
"AppX by CompanyX" wants to access your CompanyX data, do you allow
it?
This doesn't look right: CompanyX shouldn't have to ask the user's permission to access the data it itself manages, right? How should OAuth be used here, which OAuth grant type should be used that doesn't compromise the app secret (this is a client-only "insecure" web app) ?
Thanks
Remi
is it possible to create my FB app in Fb iframe and on pay button it directs to Paypal for payment and returns back to my fb app for further processing without using Fb credits ?
In Facebook payment terms and policies i have read:
NOTE: Per the Facebook Credits Terms, all games on the Facebook Platform (including mobile web apps) must exclusively process payments through Facebook Credits.
Plus if you know any app on FB using payment method without FB credits please specify the names of the apps . thanks
What part of
All games on the Facebook Platform (including mobile web apps) must exclusively process payments through Facebook Credits
is unclear to you?
If the Facebook terms of use say you have to use facebook credits i don't think your app will be enabled if you don't respect that rule.
so even if it might be possible to use paypal directly, it will be a lot of work for nothing.