EDIT: Re-wrote the question to be more general and focus on the core problem.
I've made a chrome extension that allows a user to play a mobile game in chrome. This is possible since the game is web-based.
Essentially what the extension does is:
sends an ajax POST request with the user id
the request returns a session id
open a new tab to a particular url passing the session id as a param
the page is then redirected to the game home page on successful authorization
otherwise, redirects to an error page
When I try to replicate this in Node.js:
I use request to send the POST request with the user id
the request returns a session id
I send a GET request to a particular url passing the session id as a param
the request returns with a status 500 response
It appears that the response body is the error page
I used a cookieJar (request.jar()) to handle the cookies/session, but I can't get it to work the same way the browser does it.
Any ideas?
Related
I have an app which can authorize user through Google provider, and we have api endpoint, to the address of which you need to make a GET request. API answers with 307 code and redirect url, but instead of a redirect, I get a request from the current page:
When i tried to google similar problem, all the answers be like: 'just handle redirect in response', but app call redirect url as GET request from current page immediately, so i can't read response and had error.
I want to achieve the following flow:
User makes a get request to our api
Upon receiving a 307 code, we get just get redirect url, and manualy redirect user from the current page to the page from the response.
I tried to achieve this with Fetch API and Axios
I am trying to do Facebook authentication in same window of my web application's login page.
I am using following code when user clicked login button to go to authentication page.
function loginUsingOAUTH()
{
top.location = 'https://graph.facebook.com/oauth/authorize?client_id=839846246064537&scope=email&redirect_uri=http://www.olcayertas.com/testqa/result.html';
}
1) After authentication Facebook redirects me to my redirect url and returns a parameter "code".
At this point I want to access Facebook user information but I don't know how to do that.
What is this "code" parameter for?
2) Is there any other way to access user information?
3) Do you have any other advice facebook authentication with same window login?
Thank you in advance for your help
When you get the code you should make a server side request to get an access token and than pass the access token to user. It is explained in Facebook Developer page:
Exchanging code for an access token
To get an access token, make an HTTP GET request to the following
OAuth endpoint:
GET https://graph.facebook.com/v2.3/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code={code-parameter}
This endpoint has some required parameters:
client_id. Your app's IDs
redirect_uri. This argument is required and must be the same as the original request_uri that you used when starting the OAuth login
process.
client_secret. Your unique app secret, shown on the App Dashboard. This app secret should never be included in client-side code or in
binaries that could be decompiled. It is extremely important that it
remains completely secret as it is the core of the security of your
app and all the people using it.
code. The parameter received from the Login Dialog redirect above.
Response
The response you will receive from this endpoint will be returned in
JSON format and, if successful, is
{“access_token”: <access-token>, “token_type”:<type>, “expires_in”:<seconds-til-expiration>}
If it is not successful, you will receive an explanatory error
message.
I am trying to redirect to another URL from node js by using response.writeHead method
response.writeHead(301, {Location : <redirecturl>})
I need to have this redirection is being executed by POST method, however it is always executed by GET. What is the way that the redirection can be made as a POST request.
A redirect by default sends a GET request. According to the HTTP spec, a 301 redirection means sending a GET request. If you want to redirect with the same method (POST), you can try doing a 307 redirect instead.
There is no difference between redirection in both GET and POST methods. Both method should work find. Better you can your expressjs framework in which it is
res.redirect('http://example.com');
Be careful, when using status code 301 which means Moved Permanently. Once browser gets 301 status code, it will directly try the redirected URL from the next time.
Without seeing more of your code, I believe this is what you are describing:
The client has made a request to your application using an HTTP method (get, post, etc.) You are responding to that request by sending back a 301 error and a new URL (redirecturl)
The client then decides to implement a get request for the redirecturl.
You can't change how a client responds to a 301. That is out of your control and it is normal for browsers to initiate a get for the redirecturl.
You could initiate a post request from your server to the redirecturl.
You could send back a webpage which would then submit a post request from the client.
What are you trying to achieve?
I have a service url that includes username password like this: http://service.com/token?username=asd&password=123 But I can not send a request from javascript, because username and password is appearing from browser source code. So I created a Proxy page on server that sends request to service and gets token like this: http://mydomain.com/Token/GetToken
I created an index page http://mydomain.com/index.html and javascript code sends request to Proxy page and gets token.
But somebody write a server page that sended request to my Proxy page (http://mydomain.com/Token/GetToken). And can get token.
I want to that only my rendered pages should send request to my Proxy page. Is this possible?
I am using .net mvc Project.
The general approach is to use an existing authentication framework to protect http://mydomain.com/Token/GetToken.
If you're using a PHP backend I suggest uLogin
If user is logged in, then ajax requests work fine. When session is invalidated, ajax returns login screen and user can see login screens as ajax content. Is it possible to add custom code in Ext Js, that would be run every ajax request, to check if session is still valid, if session is not valid, then JavaScript would redirect to login page, otherwise it would continue execution Ajax request normally.
Ext.ajax is a singleton, so you can define a global handler for all request errors.
Your server side code will need to return a HTTP 403 or simmilar if the user is not authorised. Put this somewhere (only once) in your code code:
Ext.Ajax.on('requestexception', function(conn, response, options) {
if (response.status == 403) {
Ext.MessageBox.alert('Authentication', 'You are not logged in.');
/* you can display a login box or something here */
}
};
If an AJAX request fails because the session has expired, you can handle it gracefully in your code.
The options argument contains the AJAX request options, so if you present your user with a login box and reauthenticate them, you can resubmit the original AJAX request they were making automatically. The process should be seamless for all the rest of your existing code thats making AJAX requests.
Checking whether the session is still valid should be done in the server. Not in JavaScript.
We do not trust clients.
You could modify your ajax process in two ways:
1- server end: on receiving a request, check session - if user not logged in or session expired, return an HHTP 403 (=not authorised).
2- client end: as part of your ajax response handler, check for error 403. If it is returned, ask for login and send that to server, then when login has been successful, resend orginal request.
That's easy if you're not using too many ready-made ajax libraries. If you are, look to its functionality.