how I can keep my application logged Xamarin.Android with facebook, google, Active Directory etc. Do not ask me to start each time the application runs
Use Xamarin Auth plugin.You can keep user data in AcccounStore which persists between app runs. How often user gets logged out depends on the provider (Facebook, Google, etc) If provider supports not expiring access_token just use it all the time. If provider doesn't support that then use refresh_token
Related
I have followed the following guide to get Sign in with Apple functioning on Android using Firebase: https://firebase.google.com/docs/auth/android/apple
When a user first logs into my app with Sign in with Apple they will be required to enter their login details and authorize my app. However, it seems that if the app is closed and reopened they will also be required to reenter those details each time.
Other Auth providers I have integrated have supported a silent authorization method, checking if the user has already authorized the app on this device or have given access to a refresh token which can be stored and used later. How can I access either of these through Firebase's implementation?
Firebase Auth allows an authorized session to persist on the Firebase side of things, without holding on to or reauthenticating with the other third party Auth providers. The key words to Google are "auth state persistence". Here's a link: https://firebase.google.com/docs/auth/unity/start
When the app successfully logins in via Facebook it begins to save the credentials. This should ask the user if they want to save it with SmartLock or not, but it's being saved automatically.
Inside the save callback I get a success with no resolution. It should not be a success, and it should contain a resolution to allow prompting the user to save.
Is there any reason why this is, or any way to get the functionality I want?
-Thank you
Password-less "credentials" can be saved without needing to prompt the user (i.e., credential built with .setAccountType in place of .setPassword) if the identifier on the credential matches a Google Account on the device.
And in general, when the user returns on another device, user can be immediately signed back in if they are using an account for the app that matches one on the device, since such credentials will come with a token you can use for auth. For example, gmail user whose account is active on a device (and could otherwise receive email, such as for a password reset flow), can be signed in to apps without need extra UI or to trigger a Facebook flow unnecessarily to get a different token.
In the past, the API required prompts to save any information, but we found in user research testing that minimizing the dialogs users encounter reduces confusion, streamlines the user experience, and promotes security best practices (such as using tokens from authoritative issuers when relying on email-based identifiers).
This has been asked before, but since two years have past since the best awnswer so far, and all links to the linkedin documentation are now dead because of their recent redesign, I'm giving it another shot:
How to refresh a linkedIn OAuth2 token without the user being present in the client?
(eg. serverside, or background-thread of an app)
It seems the only option is to trigger the authentication dialog when the user opens your app, it will be skipped, but for Mobile applications this is annoying :(
Obtaining a refresh_token the first time requires the member participation. (e.g. Member logs in, obtains an access_token and a refresh_token if they consent to it). You can then use the refresh_token (that you would store securely somewhere) to renew access_tokens without user intervention.
However, it looks like LinkedIN doesn't support refresh_token. So, you will have to log the user again. Now, their access_tokens expire in 60 days (?!). If you log the user again and the token is not expired (and the user has still a session with LinkedIN), then there will be no prompts. (https://developer.linkedin.com/docs/oauth2)
I'm a bit confused about how facebook.logout(context) works.
Because even after calling log out, I am able to get access to information that requires an auth_token. So how is that even possible? I came across this topic, which let me a bit confused: https://stackoverflow.com/a/6597688/487940
After reading that answer, this is my question: So if the user grants access to [my] application, he will always be authenticated if he is logged into the [official] facebook application? Even if I try to call facebook.logout(context) in [my] application, he will be logged in and my application will be able to make calls to Facebook API?'
Sorry, about I'm not able to understand this behavior.
UPDATE: After reading Torid's reponse, I am confused about facebook.logout() function. What is the purpose of this function if it does not log the user out? Because, I don't see the purpose of calling this purpose anymore. It doesn't log the user out.
There are two independent things going on here: 1) whether your user has authenticated your app (with permissions) to Facebook and 2) whether your user is logged in to Facebook.
Authentication is required the first time your user uses your app and lasts until the user explicitly de-authenticates (e.g. through the Facebook web Account Settings -> Apps -> App Settings).
Log in may be required each time your user starts your app. But if you use the default SDK authorize(), that tries to do a Single Sign On (SSO), where if the Facebook app is logged in, your app is automatically logged in and uses the existing access token.
If you are using SSO, when you do a logout, that has no effect, as a real logout would have to log out the Facebook app - which the user might not like!
You can get around this behavior by doing an authorize of the form
authorize(this, PERMISSIONS, FORCE_DIALOG_AUTH, new LoginDialogListener());
which avoids SSO and forces a dialog login. Of course, that then forces your user to login each time you start your app - unless you save the login details / access token under the
covers (which is what the SDK does - check the source).
Hello I am using the facebook sdk for android on my android phone and using single sign on. It works fine when I logged into the facebook application, my application also signed in.
For logout I encountered a confusion.
The way I implemented was restore the access token and expired date from the user preferences of the application and check the validity of the session. If expired the application calls the facebook.authorized function and once authorized the access token and expired date will update again.
There are few things I find a bit confusion when dealing with the logout.
1) When I logged out from facebook application, my application still can get through and request the user details. Although, my saved access token on my application has no relationship with the facebook application, I thought it will at least giving me an error when requesting the data. But it hasn't given me the error.
Does it suppose to be actting like that. Signing out from facebook apps will not affect the access token I have stored on my application.
2) When I logged out from my application and not the facebook application, the facebook application won't automatically logout.
The Facebook access token and your app access token are separate and distinct, so it is entirely possible that one can be valid and allow access while the other is not valid and will require re-authorisation.
If the Facebook app is logged in but your app is not, then the Facebook SDK will use the existing Facebook app login to obtain a new access token for your app without authenticating, but this is still not linked to the Facebook app login token in any way.
If the Facebook app is not installed, or not logged in, then the Facebook SDK will take you to the Facebook website to do the initial authentication, but this does not log the Facebook app in because there is no connection between your access token and the Facebook access token.
So, in summary - your understanding is correct. There's no interaction between the two apps except for when your app tries to authenticate a user, then the Facebook app will act as a proxy, allowing you to gain access without authenticating so long as Facebook is logged in. After that, there is no further interaction and what you've observed is expected and intended behaviour.
I have the same problem. I'm thinking about creating a "isLogged" var and store it so that when someone logout and restart the app it will not even verify if the user is logged bypassing facebook's session verify.