today I'm developing an app for Firefox OS, but I have a problem. I would use the OAuth2 method for receiving the access token, but I don't know where redirect the page after the Authorization.
What is the path? There is any browser api that I can use?
If it's a hosted app, then redirect to a URL on your domain just like you would in a browser. If it's a packaged app, declare redirects in your manifest. Your app must be privileged to use this field.
Related
I am serving the react application through Apache. For SSO (Single Sign On) , I am using Apache based authentication. So the flow is whenever a user hitting the application URL , Apache will take care of getting the user information from SSO server and then it will redirect to home page. now I am having user information's in Apache response headers. Is there a way we can access these information in react js.
Note : I am not using any middleware application layer. Only React Js application.
I am using Iframe inside one of my templates, for authentication.
For Example: If a user completes a training, he has to verify his identity by authenticating with a ping identity server which will redirect to some other url depending upon the credentials added.
Ping Identity is hosted on other domain, and app is on some other domain. I know about the cross origin issues. But i have a server in-front of our app which has same domain as the app and which calls ping identity from within. So i am using that server for authentication.
The thing is i still get CORS errors in console. What is the best way to go for such authentication, considering user experience and security as well in mind?
Then just get CORS configured in PingFederate by managing the headers:
https://documentation.pingidentity.com/pingfederate/pf80/index.shtml#concept_addingCustomHttpResponseHeaders.html
You do this by editing: /pingfederate/server/default/data/config-store/response-header-runtime-config.xml.
Use http://www.html5rocks.com/en/tutorials/cors/ to help guide you through CORS.
I'm using the Google signin Javascript API (that is, the gapi-signin-button) on a webapp. The app is served by a gulp server, binding to 0.0.0.0. The login process works when I develop locally, but when I run on a remote server and access the page via the public IP, I get the following signin error:
Error: invalid_request
Permission denied to generate login hint for target domain.
I have both localhost:PORT and SERVER_IP:PORT in my Authorized JavaScript origins. Other SO answers have said I should be binding to localhost instead of other interfaces, but that doesn't apply here since if I bind to localhost the server can't be accessed remotely. What do?
I had this same problem and just figured it out. You can't use numerical ip addresses (like http://0.0.0.0) as redirect uris in Google. It has to be an actual url, like http://mycompany.com.
Right now I am integrating a meteor.js app with the stocktwits API. Since I have not decided on a domain name yet and may be far off from this process, is there anyway test the stocktwits api locally (localhost, port 3000) ? Ideally I would like localhost:3000 for my "Website URL" and "Site Domain." However when I try to set these under the ST API create an app dashboard, I am getting errors about invalid website url and site domain. Any workarounds here ??
Also I would like my redirect_uri to be http://localhost:3000/_oauth/stocktwits
When I try to authorize the user the stocktwits popup window does appear - however I get the following error: Error: invalid_request redirect_uri must be absolute with http or https scheme I am assuming that is because my redirect_uri is not a live domain name.
I have tried this myself, but was unable to do it. The call has to travel from the server to StockTwits, then back but http://localhost is not available outside of your network.
I setup a testing domain on a live web server to test and it worked just fine. Good luck!
My java/javascript web application is in development, and I hava a javascript application that communicates with my database (where I maintain my own userids) using ajax POST commands to a servlet container running on localhost, within a vmware machine. I want to be able to login using Google, Yahoo, and Facebook authentication, on this development setup, but in studying Facebook's OAuth 2.0 method, it looks like your web application has to hava a link to the facebook site, and provide a redirect link back to your own site when authentication is finished. This method won't work because facebook can't redirect to a localhost address and reach my machine, which doesn't have a web presence.
Do I have the same issues with OpenID and Google/Yahoo authentication?
Andy
Facebook OAuth works with localhost apps. This is because Facebook redirects the browser to the redirect_uri you supply in oauth, your browser knows where http://localhost is (I actually used a virtual host in apache & windows vhosts, don't know if you can enter localhost as website url in your app settings). Works perfectly
Google Oauth however, in my experience, doesn't work on local version. Somehow the site needed to be accessible from Google itself (not just the browser) for this to work, and it didn't, so it doesn't (I don't remember the exact details, sorry)
Don't know about the others
You could add DNS entries on your local machine so that mysite.com resolves to your local computer.
By doing this, you will be able to login from your local machine to do your tests.
In Windows, you can do this by editing the file:
C:\Windows\System32\drivers\etc\hosts
Add a new line:
127.0.0.1 mysite.com
Regarding OpenID, I am not sure if would accept logins from localhost URLs, but it will surely work after adding the entry in the hosts file and having a proper domain (even though it RESOLVES only on your computer).
The trick is that after login, Facebook or Google responds to your application with something like this: redirect the user to mysite.com as authenticated. Your browser then will resolve mysite.com as your machine and it is all working.