I encountered a very strange error when signing up a user using android 6 on a specific device.
The signup process works perfectly and the user is registered on Parse database. The code checks and if ParseUser.getCurrentUser() != null then the app sends the user to the main page and this all works till here.
However, I noticed that user is not able to send any requests to the server and it all rejects in the main activity and user can't even logout. The error I receive when logging out is:
com.parse.ParseRequest $ParseRequestException: This user is not allowed to add a field to _User. You can change this setting in the Data Browser.
It seems like the authenticated user object is not matched with the original user's token on server and that is why this user get ACL errors.
I am using Parse default signup and login functions and this has happened only on one device using android 6 so far. Any guess on what could cause this issue and how can I resolve this issue?
ParseACL roleACL = new ParseACL();
roleACL.setPublicReadAccess(true);
Add these lines after the user Parse.initialize() function. It allow user to create column in the table from mobile. Make sure the user is logged in otherwise it gives error.
Related
I create a Firebase Auth user with an email and password
User logs in
User decides to add a phone number to their profile
I call verifyPhoneNumber with an intent to receive a code, call PhoneAuthProvider.getCredential(...) and link resulting AuthCredential to the email and password.
Instead, Android auto retrieves the code, user automatically sign-ins with phone number, their UID changes (it's a new user) and there's no way to link phone credentials back to the original email/password user. To perform a successful link I need to see the SMS code, which is nowhere to be found in case of successful auto sign-in.
????
NO PROFIT.
Any ideas? I tried to set the timeout to 0 for verifyPhoneNumber but auto login still works. Accepting defeat and just link EmailAndPassword credentials to phone number instead of vice versa is not an option, because it will require a massive copying of data from old user record into new, changing all references to this UID everywhere, etc.
verifyPhoneNumber resolves with a PhoneAuthCredential.
It doesn't matter whether the code is auto-retrieved or instant validation occurs. A PhoneAuthCredential is outputted on verifyPhoneNumber completion.
That credential can either be used to signInWithCredential for sign-in or to link to an existing user via linkWithCredential.
Hi I'm trying to implement a new app using Parse login with facebook feature.
I followed the Guide to use facebook login feature and all went ok.
Documentation states
Sessions represent an instance of a user logged into a device. Sessions are automatically created when users log in or sign up.
The problem is that I never get a valid session token when ParseFacebookUtils.logInWithReadPermissionsInBackground(...) returns (and signs up) a User which is newly created on the Parse platform (thus User.isNew() is true).
Inspecting the Data dashboard I can see correctly the new _User entry but there's no entry for _Session class, whereas I should find the one with createdWith="signup" for my _User.
As a side effect when trying to logout a newly created user i get a com.parse.ParseException: Parse::UserCannotBeAlteredWithoutSessionError because, obviously, the newly created user doesn't get any session token.
If instead I perform the same operation for the same user after its creation (and therefore the User only logs in into Parse) I get a valid session token and everything's ok (which means there's a _Session object with createdWith="login" associated with the _user object).
Is this a bug or something not expected to occur? Or am I missing something?
Thanks!
Currently using:
facebook-android-sdk:4.0.1 +
ParseFacebookUtilsV4-1.9.1.jar +
Parse 1.9.0 jar
I am developping an android app based on firebase that connects to the Nest API. While it worked for some time, it now rejects authentification.
I get the folowing error "The active or pending auth credentials were superseded by another call to auth" when I'm pretty sure firebaseRef.auth() method is only called once...
EDIT : I'm getting close to the 1000 Users limitation after wich we should request more users from Nest.
Any idea where this is comming from ? Can it be comming from the online service I am calling or is this necessarilly due to my code ?
thanks.
P.
We discovered that every time the user is passed through the Works with Nest web sign up dialog, it generates a new auth token. Is it possible you've run through the process on multiple devices and generated a new auth token, invalidating your previous one?
I was successfully making an FQL query earlier today. Now when I try to make the same query I am getting the following message.
"error_code":190,"error_msg":"Error validating access token: The session has been invalidated because the user has changed the password."
I am making the query on my own account, and my password has not been changed. Any suggestions for why this may be happening?
Now I am getting this error.
"Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons."
Based on above comments, this will be this issue.
The Single Sign On (SSO) in Android allows a user to authorise your app, and once they have done that they will be signed straight in on subsequent visits if they've signed in to Facebook for any application on the phone/tablet.
The downside of this is that the SSO remembers the token and if the token becomes invalidated (by a user de-authorising the app or by them changing password or other details), it will try to use it anyway. You MUST check for those two errors specifically as "isSessionValid() will return true, even though it's not. If you catch one of those two errors, you call the authorize method again.
So, in your case, trap that error, and call authorize().
Documentation from Facebook: http://developers.facebook.com/docs/mobile/android/build/#sso
I am writing an Android 2.2 app for my company. The app simply sends http get/put/post requests to perform certain operations. There is no real login procedure as the username and password have to be included in each http request.
I could see that there is AccountManager in Android. But since the username and password (instead of some auth token) are needed for each http request, how can it fit in? Obviously, I want to make it similar to other Android apps so that the user only needs to login once for the very first time and it won't prompt for username/password again when the app is re-launched.
Any suggestion is appreciated. Thanks!
I have developed an application like that, so here is how I solved it, in psuedocode.
But since the username and password
(instead of some auth token) are
needed for each http request, how can
it fit in?
1#: Make a first page, a login page. Let this View include two EditTexts (username and password) and one Button (login button).
2#: Make a login request on the Button click to see if you're getting a correct Cookie with HTTP header names that is corresponding with the values you are getting when you're logged in. Locate valid information via a network tool, like WireShark. For more information about the login procedure, check out my other answer here.
3#: If the username and password resulted in correct Cookie information, save the username and password in a SharedPreferences and make their values available through your application by assigning it into an Application class, read this for more info regarding global variables. If the values were incorrect and you did not get a valid Cookie, show it to the user via a message (Toast?).
4#: When you are trying to reach the authorized information, make a request by using the saved information in the Application class.
5#: Next time you're starting your application, make a check in onCreate() where you are checking if SharedPreferences contains user information, if so: see step 6#, otherwise wait for the user to start entering information.
6#: If the login page has determined user information, assign the SharedPreferences to the global Application state, finish the login Activity and start the authorized Activity instead. This will happen very fast, so the user wouldn't notice that the "login page" was displayed.
7# (extra step): In the authorized Activity, make sure to grab the user information from the Application instance. When doing the first request towards authorized content, validate the task as you did in step #3 in order to control if the user has changed the password on the website. If the user hasn't changed any information, start grabbing the response and you are free to do whatever you want.