Scenario:
User signs in with Google Plus button on Page 1.
The app creates a session and renders Page 2, which has a hidden G+ signin button.
The app waits for the signin callback to be fired before accessing some Google resources.
This works fine if the user is only signed-in to one Google account, but if the user is signed in to more than one account, the callback is fired with 'immediate_failed' error, meaning that the user needs to press the button again. I don't want the user to have to sign-in again, or run the risk that he uses two different accounts for the two sign-ins.
Is there a way to persist the Google user chosen in step 1 to step 3?
Related
In android user can google sign in into android app with Firebase Authentication.
But if app using WebView, logged user data does not affect it.
Is there a way to log in specific url of Webview ( or accounts.gooogle.com ) with signed user data ?
Example : www.example.com has Sign In with Google Button
In webview.loadurl(example.com) -> when click Sign In Button sending user to new page wants write email then password then two factor auth with user phone wants approve etc.. This is cancer for user.
But after one time login user can login other websites with one click to google signin button.
But, if user load same url with their mobile chrome -> when click log in button then select already added account and finish.
Or any way to log in with this url https://accounts.google.com/o/oauth2/v2/auth/... url ( most of websites redirect to this url when google log in button clicked ) contains form method=post. Can we login with user id_token inside javascript code?
So here two times user needs to log in
Here not
I tried to login with javascript code because we run that code on webview too. But I dont know js much.
How do I track the number of people who have used my app using Firebase Analytics? I have tried looking in the documentation for Firebase Analytics: firebase.google.com/docs/analytics but couldn't find anything related to that statistic.
I think it is possible because in the Firebase Dashboard, there is a "User activity over time" graph even though I can't find any documentation.
My app is made with JavaScript, React Native and Expo.
The User activity over time graph shows the metric of active user that has engaged with your app in the device foreground, and has logged a user_engagement event. This event is automatically sent by Google Analytics when a user navigates off the page, which happens when a user closes their tab or window or when they navigate to another page or screen. The event includes the session engagement status and user engagement duration. Though, note that the event isn't sent when an event was already sent less than 1 second before the event would have occurred. You could check out this blog post for more information about Google Analytics sessions and User Engagement.
I have used the Google Identity API to sign in to the user. It works perfectly while signing in.
But the sign-out doesn't work I don't know why.
This is the sign-out code:
const button = document.getElementById('signout_button');
button.onclick = () => {
google.accounts.id.disableAutoSelect();
console.log('logged out');
};
But it doesn't work even if press the button.
I want this google box to turn into the button sign in after I sign out but it doesnt work:
You're doing the right thing by calling disableAutoSelect() in your sign-out onclick handler, but it only applies to and controls the behavior for the automatic sign-in button. It doesn't affect One Tap or the Sign In With Google button.
To further clarify what it means to be signed in... there are two user sessions:
between the user and their Google Account
between the user and your app
You'll manage 2, but 1 is not managed by you. For 1 users may be signed into their Google Account from a tab, the browser, or a device/OS. This establishes which Google Account has an active session. The state of this session is independent from 2 where you're managing sign-in or sign-out status for your app.
For case 2: sign-in to your site you'll receive a JWT from Google after user consent and can proceed with changing the sign in state for your app. One means of track sign-in state is using cookies. To make this easier to manage in HTML, the data-skip_prompt_cookie attribute is available to enable you to use a cookie to control if the One Tap popup, automatic sign-in option will be displayed, or not. You'd normally want to suppress the popup if the user is signed-in... and the cookie value tracks signed-in status. If you're using JavaScript your simply skip calling google.accounts.id.prompt to not force the user to sign-in again if they're already signed into your site.
OK. Now that we've gone over a couple methods to establish 2. we can get to what it means to be signed out of your site...
To sign-out, from your button.onclick handler either clear the data-skip_prompt_cookie or change the status if you are using JavaScript to tracking session state using your back end. This then will enable you to display One Tap popup or Automatic sign-in prompt to signed-out users on their return visit to your site. The absence of the cookie means the sign-in prompts will be displayed, or your JS code will call google.accounts.id.prompt to display the sign-in prompts.
Now to be really thorough there is one more scenario to be aware of. If a user wants to delete their account from your site you'll want to use google.accounts.id.revoke to revoke consent to share their profile. Doing this will stop the JWT from being shared when One Tap, automatic sign-in or Sign In With Google buttons are used. Instead, the flow will restart and the user will be prompted to choose a Google Account and consent--effectively restarting your sign-in flow for 2.
I integrated Google Sign-In on my website.
However, if I visit my website again without cleaning the history of the browser, it automatically signs in the website and moves to the redirected page.
If I sign out and go back to the sign in page, it does not automatically signs in, however, if I click the Google Sign-In button, it does not ask me my account and password and send me to the redirected page.
I want to make the browser stay at the sign-in page until a user clicks the Google Sign-In button. Also, I want it to ask a user her/his account and password every time.
How can I do that?
Thank you.
Last Part: I want it to ask a user her/his account and password every time. :
If user has authenticated the app (Give permission on first time), then it will not ask for username or password from next time that is 'Allow Access' page will not come. (Given User is also SignedIn in browser with same google account)
However if user is not signed in, then Google will ask to Sign in through pop up window.
First Part : Only cleaning the history will not help. Try clearing Cache of the browser (Ctl-Shft-Del shortcut).
I have ASP.NET web application that
Runs on public computers
Allows users to register by using their Facebook accounts.
Must always logout a user from the Facebook after registration has been completed.
Registration process contains the following steps:
Registration page is shown with the Facebook icon.
When user clicks on the Facebook icon, he is redirected to the Facebook web site.
On the Facebook site user enters his email and password and clicks login.
On the Facebook site user clicks Allow to authorize my application.
User is redirected to my application.
The application registers used in the database.
The application calls FB.logout in order to logout from the Facebook. So when new user starts registration he cannot use account of previous user.
The application works perfect until user clicks Cancel at step 4.
When this happens, the browser is redirected to my application, the user remains signed into the Facebook but the application is not authorized by this user. This means that the application cannot logout this user from the Facebook by using the FB.logout method because the application does not have access token.
How to logout from the Facebook in this case?
Thank you.
How to logout from the Facebook in this case?
Not possible at all.
If logging a user out without a valid access token was possible, then every website I’m visiting could do that if they liked – I’m sure you can see how annoying that’d be to users, and that it’s therefor not possible.