I'm trying to implement Facebook login in my android app. The problem is that the request to get the access token always gets cancelled when I'm using the native facebook app. When I added this line (forces using a webview):
LoginManager.getInstance().setLoginBehavior(LoginBehavior.WEB_ONLY);
The request is successful. Can anybody tell me how to fix this?
I finally resolved the issue by calling the logOut() of the LoginManager. Apparently if the app is still logged in to Facebook, it will cancel the request.
Related
Apparently the IOS version of this library AppAuth supports logging out using the end_session_endpoint but with the android version you are forced to implement one or find an alternative way of logging the user out.
Currently using the kotlin version of the library
on authorisationRequestBuilder if setPrompt method is not called, then during login you get the KMSI (keep me signed in) checkbox option.
Invalidating authState, persisted tokens and all other resources will not have an effect because hitting the authorise endpoint once again will automatically issue another token. This is because technically they are still logged in the server.
Using only the end_session_endpoint and no postLogoutRedirectUri provided. Is it possible to successfully log the user out and automatically redirect the user by closing the open chrome custom tabs immediately after the endpoint has been a success?
Currently calling the end_session_endpoint using AppAuth will successfully log the user out (You can see this in the open chrome custom tabs) but doesn't redirect or close the custom tabs.
How can this be achieved. I have configured the manifest with LogoutRedirectUriReceiverActivity but not sure how to initiate this. Other examples rely on the postLogoutRedirectUri being present.
Currently postLogoutRedirectUri doesn't exist on the discoveryDoc.
using IdentityServer4 you can include the idToken in the end session request. This way the user is logged out automatically without consent screens and such. Consequently you do not need a redirect after logout.
Your request would look like this:
GET /connect/endsession?id_token_hint=
source: https://identityserver4.readthedocs.io/en/latest/endpoints/endsession.html
Is it clear that the end_session_endpoint is a call to the server to logout? This sample code includes a callback (after end_session_endpoint) that removes any auth tokens stored within the app.
/*
* Do an OpenID Connect end session redirect and remove the SSO cookie
*/
fun getEndSessionRedirectIntent(metadata: AuthorizationServiceConfiguration,
idToken: String?): Intent {
val extraParams = mutableMapOf<String, String>()
val request = EndSessionRequest.Builder(metadata)
.setIdTokenHint(idToken)
.setPostLogoutRedirectUri(this.config.getPostLogoutRedirectUri())
.setAdditionalParameters(extraParams)
.build()
return authService.getEndSessionRequestIntent(request)
}
Please help me for login session issue for Android SDk
Hi,
I have an Android app in which we have to login using Salesforce, we have used https://github.com/forcedotcom/SalesforceMobileSDK-Android SDK (Native) .
Below are the session expired scenario:
1. After successful login on https://ABC.force.com from mobile app.
2. I am able to see this link https://ABC.force.com /customers/one/one.app in android native WebView
3. But after 24 hours I am again seeing login screen.
How can I preserve session until user manually logout from my app.
Please suggest.
User can get the new access token for session as
Using the refresh token authentication flow involves the following steps.
The consumer uses the existing refresh token to request a new access token.
After the request is verified, Salesforce sends a response to client.
POST /services/oauth2/token HTTP/1.1
Host: https://login.salesforce.com/
grant_type=refresh_token&client_id=3MVG9lKcPoNINVBIPJjdw1J9LLM82HnFVVX19KY1uA5mu0
QqEWhqKpoW3svG3XHrXDiCQjK1mdgAvhCscA9GE&client_secret=1955279925675241571
&refresh_token=your token here
use the below link of salseforce sdk to get new acces token
https://help.salesforce.com/articleView?id=remoteaccess_oauth_refresh_token_flow.htm&type=014:20
i have used parse for login with facebook. and it work's properly also with login logout from facebook.
but with some unidentified case getting user=null as well ParseException=null.
any help?
I've got this problem once too. For me, the error was with the facebook authentication. Maybe there's an error with your connection to facebook. For me, my dns wasn't reaching facebook so i got this error.
I am developing an android web app that uses login with facebook functionality. Using the facebook login tutorials I was able to authenticate and create the session on the client side (android). I obtain the access token then forward it to the server so that I can obtain the user profile on the server and start the server session.
The problem is that whenever I try to call the Facebook graph for /me I get that OauthException code 190 that the access token could not be decrypted. I have been reading around and people suggest that this message means the access token is invalid.
I am sure it is not expired because I use it directly after obtaining it.
I also checked the access token debugger. It does not return an error message, it returns the developers.facebook.com url (weird, right?) .
I am lost about where to go from here. I have spent almost 5 days now just reading and trying to debug with no success.
I appreciate any ideas/suggestions.
Thanks
EDIT:
I was able to perform a "/me" request from android, and the response was exactly what I was looking for, when I do it from the server it does not work. I still cannot think of the cause of this issue.
My app uses Facebook SDK to post status updates. ALso there is a logout feature. I can login the first time the app is run. I can post status msg in facebook successfully. But once i logout , the subsequent runs and attempts to update status i encounter error from facebook saying "An error occured. Please try again later". I have noticed that the authorize method on subsequent attempts to login ( after the first logout) tries to use the same accessToken and accessExpires ( although i have set them to null and 0 respectively in the logout method) and in turn isSessionValid() method returns true for me. And hence the facebook server throws me this error.
Can anyone please tell me how to fix this bug/issue?
Facebook android SDK sets authtoken and expires_in in shared preferences, so when you logout you need to delete them from there.
Also, any time your app starts you have to validate the saved token making a call to graph api "me", if there is any exception you have to delete saved token and reauthorize. This is because the token might be invalidated (for example when the user changes their password).
hope this helps