The code works properly from dev portal of microsoft. But can anyone please tell me how it should behave in following use case
Consider two apps: App1 and App2
I have developed same code and installed both apps simultaneously
App1 as launched first will ask me credentials for the webview. Thats fine. as I have not cache or already logged in till date.
Once I log in successfully, The apps works properly as auto login
Now when I open App2, it still throws me Login page. Ideally it should take cache of App1 and auto login.
Please note: I have provided same 'shared id' in both apps in manifest
Please let me know about thus as i am stuck with internal Single Sign on issue since long
I see you have tagged the question with ADAL, so I'll assume that's the library you're using. ADAL uses webviews to prompt for sign in. Webviews in Android do not share much state between apps, and are pretty much completely sandboxes (isolated and do not share session cookies, etc).
Now, you most definitely can achieve SSO for Android using ADAL, you have 2 options:
Brokered SSO
Using a broker application, like the Microsoft Authenticator, the end user basically signs in here such that they're able to maintain a session inside the Broker's sandbox. This allows any app that signs in Azure AD users to share state. The article linked above explains how to enable your app to use the broker.
Non-Brokered SSO
You can configure SSO between all of the apps you own. This means an end user will get SSO between App 1, App 2, App N, but not necessarily another App in the Azure AD ecosystem. The article linked above explains how to enable your app to use non-brokered SSO.
Bonus Option: v2 with MSAL
I said earlier ADAL uses webviews for sign in, there's another way to do it that the Microsoft Authentication Library (MSAL) supports using the system's browser. Quite simply, this uses the Chrome or a Chrome custom tab browser on the device rather than the in-app webview. Then, the session cookie is set on the global browser so any app that also uses the browser (or if the end user has used the browser natively to sign in) will get SSO. The stipulation here is MSAL works against the Azure AD v2.0 endpoint which has some limitations, but also supports some sign in with Microsoft Accounts (*.outlook, *.live, etc) out of the box.
If you're interested in trying v2 + MSAL, I recommend trying the Android Guided Walkthrough which walks you through how to build an app that calls the Microsoft Graph.
Related
I am using the cordova-plugin-facebook-connect plugin to launch the share dialogs from Facebook. iOS is working great, and Android is working great when the app is installed.
On Android, if the app is not installed, it tries to share with an embedded web browser. After entering my email and password, I get an error saying that logging into Facebook from an embedded browser is disabled. I am using the latest version of the plugin, which SHOULD mean the latest Facebook Android SDK
I have looked on our business dashboard and made sure that embedded login is allowed:
...but that mentions OAuth so maybe it's not relevant. I have uploaded the debug and production key hashes to the dashboard
I have found nothing on the Facebook docs and I haven't gotten an answer from the Facebook developer community.
To sum up:
If the app is installed, it is all good. Without the app, it uses the embedded browser, but Facebook is blocking the login. I would love to know WHY and how to enable it.
UPDATE: Using a Facebook generated test user worked
Cheers
As Recommended by Facebook please update Dependencies to
implementation 'com.facebook.android:facebook-android-sdk:[8,9)'
Ref :
https://developers.facebook.com/docs/android/componentsdks/
https://developers.facebook.com/blog/post/2021/06/28/deprecating-support-fb-login-authentication-android-embedded-browsers/
Facebook has let everyone know that they are deprecating support for FB Login on Android embedded browsers:
https://developers.facebook.com/blog/post/2021/06/28/deprecating-support-fb-login-authentication-android-embedded-browsers/
As of right now, they are blocking High Risk users with this error and will block everyone starting in August. Their suggestion is to use a later version of the SDK (8.2+) to avoid this
I can't comment (yet) so I'm creating this answer to ask you if you could try and remove all (!) local browser data, i.e. Cookies and local storage, etc. This is the first thing that came to my mind when I read "works with another login".
The issue is resolved if the user has enabled 2-factor authentication via facebook.
I have tested this with multiple real users now and for example enabling sms-2fa does enable the user to login into apps with an embedded browser. The login happens as usual if the user has the facebook app installed on the same device and already logged in on the facebook app with 2fa. Otherwise, facebook will request the 2fa when logging in but a login is possible again.
I have however found out that some apps seem to crash if they had been opened before 2fa had been activated on a phone with a facebook app and those apps need to restarted before trying to login on them again.
From this we can assume facebook blocks out embedded browsers due to their risk assessment. 2fa is specifically presented as an option to login via unsafe browsers within the security options of each user individually and sadly does not seem to be an issue on the side of who ever is using an embedded browser within their app.
This also happened to me but I've fixed it.
I just uninstalled my Facebook application and used my browser instead.
Try installing another browser, like Firefox, and set this the default browser, then login again with your Facebook credentials. It worked to me. I guess the problem is with chrome. For me, it worked when I set Firefox my default browser.
For your account security, logging in to Facebook from an embedded browser is disabled. You may be able to continue by updating the app you're logging in from and trying again.
I'm trying to setup deep links from a Facebook Ad to an app that I do not own (Shopee). Shopee does not provide any facility/guides to deep-link to them at the moment. I've tested that the app has properly setup deep linking on Android, i.e. clicking the link https://shopee.ph/Korean-Mini-Cute-Sling-Bag-i.30650129.2385916193 on Slack or Gmail properly opens the Shopee app.
Is it possible to make deep links work on Facebook for apps that you do not own? So far, I've tried doing the steps detailed in https://developers.facebook.com/docs/app-ads/deep-linking/. However, I don't know where to get some of the platform settings needed by Facebook:
iOS
Bundle ID - where can I get this?
iPhone Store ID - Seems this can be easily taken when visiting the app store. I can get some of the details from https://shopee.ph/apple-app-site-association as well.
iPad Store ID - Similar to iPhone Store ID I guess.
Shared Secret - I'm someone who has no experience with iOS and Android programming. I'm afraid this setting is something that I couldn't get?
Android
Google Play Package Name - Should be com.shopee.ph
Class Name - I think this can be known by going through the app's apk/files
Key Hashes - Can this be taken from the app's apk/files as well?
I tried compromising by linking the Facebook ad to my website that has deeplinks. But clicking the links will just redirect Facebook's webview to the product's web info rather than opening the app.
I guess this question boils down to whether it's possible to get the app's Shared Secret for iOS and the Key Hashes for Android.
Any response will help me go to the right path or end the path altogether. Thanks.
Sorry, but if you don't own the app then you shouldn't possess shared secret and key hash of the app.
Shared Secret and Key hashes both are something that is very specific to the app created. It is mostly controlled by the app owner in case you need it you have to get that transferred from the app owner. But I doubt anybody will do that.
Also, this is some kind of hack that you are doing this should be definitely avoided without permission from the app owner.
If you are the owner then for
- Android you can try this url.
Have you tried with Android Intents? They can directly link to an app (including deeplink information). Of course you wouldn't now if its installed through adds beforehand. Firebase Dynamic Links solves that problem where you can decide to link to website or Play/App Store as fallback. They also open the native app from facebook browser (and others) and use Android Intents under the hood.
Think you can't use Firebase Dynamic Links for an app you don't own. But if redirecting to your own website is an option maybe you can implement a similar mechanic.
Here is the chrome documentation for Android Intents:
https://developer.chrome.com/multidevice/android/intents
Adjust also has a summary article about deep linking, covering Intents and iOS:
https://www.adjust.com/blog/dive-into-deeplinking/
As your expected behavior to open app but now it will just redirect Facebook's web view to the product's web. Unfortunately it is not currently possible to directly launch a third-party app from within the iOS Facebook app. This is a known issue that Facebook has essentially written off as wontfix. This is still possible in the Android Facebook app, but it's unfortunate they haven't been more transparent about the change to the iOS version because there is quite a bit of confusion about it.
But you cna do the same thing using services like Branch.io get around this by implementing a judicious combination of App Links, URI schemes, and iOS Universal Links. Essentially what you need to do is open a page in the webview and then have a button or other user-driven CTA event that launches the app from there. It's an extra step for the user, but currently the best workaround. If you just want to be able to post a link that goes into your app when it is installed and otherwise goes to a webpage (or the App/Play Store), then Branch links are definitely your simplest solution.
Google's decision to disallow oauth via webview is causing me huge amounts of trouble. It's been a long and difficult process migrating to an alternative (I'm using the suggested AppAuth library at the moment) and I'm getting user complaints about not being able to link accounts without also adding them to chrome/their device (which as far as I can tell is now impossible without somehow forcing a private browsing session). My latest problem involves google oauth to sign into another service. Here's the scenario:
A user wants to link a 3rd party service to my application. Their account on the third party service is linked to a google account. To auth with this third party service, they must sign into their google account. The problem is that the 3rd party service only allows http:// scheme redirect URI's for their oauth, so the flow looks something like this:
User is in my app on their android device
User clicks a button to link their thirdparty account with my app
Using the appauth library, I launch a browser or custom tab with the oauth URL's for the 3rd party, let's just call it http://thirdparty.com/oauth
From that page, the user clicks a "sign in to google" button, which triggers the google oauth flow, which they then follow to provide their google account token to thirdparty
User approves access to my app with thirdparty now that thirdparty has validated their google account
thirdparty redirects to the registered redirect_uri which is then opened in the browser tab instead of redirecting back to my application.
The problem is step 6 here. Because I am required to register an http:// scheme redirect URI, the browser tab attempts to load the webpage directly, even if I have registered my app to handle that particular url. Now if it wasn't required for users to be able to sign in with google, I could easily just do this whole flow in a webview and manually trap the redirect, grabbing the token, but because thirdparty allows users to link their google account, I can't use a webview because google will block users from performing google auth in a webview, so I am forced to pass off to an app or browser tab that I don't have control over and am dependent on that behaving properly (which it often doesn't)
I did plenty of searching and it looks like App Links would solve my problem by registering my app as the primary handler for a link, but that only works in Android 6.0+, which is higher than my device minimum, so I'm at a loss as to what I'm supposed to do here.
My constraints are:
oauth redirect must be an HTTP scheme (required by thirdparty)
I cannot auth in a webview (required by google)
I need my auth redirect to launch my application in order to collect the token
I need the solution to work for all devices on android 5.0+
I have not found a single solution to this problem through hours of searching, and I have found no way to get in touch with the google oauth team to learn what their suggestions are.
Has anyone found a way to do have an http:// link launch an application without prompting the user and without requiring android 6.0?
If you have control over the redirect URI, you can set your application to listen for it using a custom Intent Handler. This is essentially a form of Deep Linking, and should work with Android 5+, (in 6 you can even set your app as the default!).
For the data, you will most likely need to use the URI itself. But that shouldn't be too hard assuming you have control of the re-direct.
I am new to using third parties to provide login/sign up for an app I am building. I am just trying to get the email and name of the users via them logging in via Google, Facebook, or LinkedIn. I am also storing which one they signed up with just for the database's sake. I have come to a cross road. Right now the server is run using ruby, but there is an Android and iOS (Swift) app. I am wondering if I need to integrate all the third party SDKs or if I can just use a webview with OmniAuth for Ruby or would that not work? Any hints or direction on this would be appreciated. I am really lost and when I google anything I just get one provider and not a general answer.
Google and Facebook Login SDKs are very easy to implement and would give a richer experience on App compared to WebView also error handling is better after Facebook introduced the edit permissions in their latest update.
Linkedin Mobile SDK on the other hand needs Official Linkedin App to be installed in device. link: https://developer.linkedin.com/docs/android-sdk-auth So it will make user download a 16Mb linkedin app then signin before it can return back to your app. Also there is no iOS SDK for Linkedin yet
If Linkedin in not a necessity go for G+ and FB SDKs else use OmniAuth
PS: i have no experience with OmniAuth
I have seen several flavours of this question going around but nothing exactly specific nor answered so trying it myself.
I am trying to build a Facebook login experience via the browser into my Facebook-based app that will require the users to not remember their passwords as much as possible. This means that if
they log in via their desktop browser and are already logged in, it will only ask them to 'OK' the permissions
they log in from their mobile browser and are logged in via their respective native app (Android/iOS), it will simply redirect them to the native app, ask for the app permissions and redirect them back to the success page on the browser
they log in from any browser and are not currently logged onto Facebook in any form, they have to enter their password and authenticate (whether natively or via browser this does not matter)
I know how the first can be done - that is pretty straightforward using the JS SDK. The second point is the tougher bit.
I am aware of existing custom URL schemes for Android and iOS but nothing specifically really mentions how that can be used for authentication and/or authorisation of Facebook apps. Does anyone have any ideas on how this can be done?
Thanks!
In iOS use iOS facebook SDK. It will handle the login process effectively in different situations depending on the resources available. Check out this answer to know about different login flows
Integrating facebook
You're looking for Single Sign On behavior- in Facebook, use the native SDK, and instructions for setting up SSO. It includes entering your bundle id in the settings and setting up a referring url name (the name of your app usually). So what happens is- if you launch safari mobile, and log into facebook. Then, launch your app, with good integrated SSO. Then, it won't require you to login/pass, because it knows you've authenticated via browser. Same with Android.
I think what you are looking for (at least for Android) is starting an Intent on certain schema that will open Facebook app.
This is answered here Android facebook intent to show profile with class com.facebook.katana.ProfileTabHostActivity doesn't work any more