I'm using Phonegap Build.
First of all, I need to say that this error doesn't happen if I try it with an administrator account of the app.
It only happen if a normal user tries to login in my app.
This is my code so far.
var facebookPermissions = ['public_profile', 'email', 'user_about_me', 'user_website'];
$(document).on('click', '#btnFacebook', function() { //click
facebookConnectPlugin.login(facebookPermissions, onFacebookLoginSuccess, onFacebookLoginError)
});
function onFacebookLoginSuccess(userData) {
alert("userData: " + JSON.stringify(userData));
facebookConnectPlugin.api('me', facebookPermissions,
function(result) {
alert("Result: " + JSON.stringify(result));
});
};
I'm the app's administrator and every work as expected... no trouble at all.
But if another user tries to login, the login works well, but there is no response for the api request.
Only the first alert is displayed
I also tried with this parameters
facebookConnectPlugin.api("/?fields=id,email",facebookPermissions,
facebookConnectPlugin.api("",facebookPermissions,
But nothing changes
I'm kinda lost here, and I dont know what else to try.
Your App may be in sandbox mode, activate it in the "Settings & Review" section
user_website needs to get reviewed. Without Login Review, it will only work for users with a role in the App.
Related
I have an Android application in which I'm using Azure AD B2C to authenticate users. Users login and logout of the application as needed. I would like to give the user the option to delete their own account.
I understand that I need to use the Azure AD Graph API to delete the user. This is what I have so far:
According to this link, it looks like deleting a user from a personal account (which is what the B2C users are using) is not possible. Is that correct?
Here's my code snippet for the Graph API call. Feel free to ignore it if I'm off track and there is a better way to solve this.
I believe I need a separate access token than what my app currently has (as the graph API requires other API consent). So, I'm getting the access token as follows:
AcquireTokenParameters parameters = new AcquireTokenParameters.Builder()
.startAuthorizationFromActivity(getActivity())
.fromAuthority(B2CConfiguration.getAuthorityFromPolicyName(B2CConfiguration.Policies.get("SignUpSignIn")))
.withScopes(B2CConfiguration.getGraphAPIScopes())
.withPrompt(Prompt.CONSENT)
.withCallback(getGraphAPIAuthCallback())
.build();
taxApp.acquireToken(parameters);
In the getGraphAPIAuthCallback() method, I'm calling the Graph API using a separate thread (in the background):
boolean resp = new DeleteUser().execute(authenticationResult.getAccessToken()).get();
Finally, in my DeleterUser() AsyncTask, I'm doing the following:
#Override
protected Boolean doInBackground(String... aToken) {
final String asToken = aToken[0];
//this method will be running on background thread so don't update UI from here
//do your long running http tasks here,you dont want to pass argument and u can access the parent class' variable url over here
IAuthenticationProvider mAuthenticationProvider = new IAuthenticationProvider() {
#Override
public void authenticateRequest(final IHttpRequest request) {
request.addHeader("Authorization",
"Bearer " + asToken);
}
};
final IClientConfig mClientConfig = DefaultClientConfig
.createWithAuthenticationProvider(mAuthenticationProvider);
final IGraphServiceClient graphClient = new GraphServiceClient.Builder()
.fromConfig(mClientConfig)
.buildClient();
try {
graphClient.getMe().buildRequest().delete();
} catch (Exception e) {
Log.d(AccountSettingFragment.class.toString(), "Error deleting user. Error Details: " + e.getStackTrace());
}
return true;
}
Currently, my app fails when trying to get an access token with a null pointer exception:
com.microsoft.identity.client.exception.MsalClientException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
Any idea what I need to do to provide the user the option to users to delete their own account? Thank you!
Thanks for the help, #allen-wu. Due to his help, this azure feedback request and this azure doc, I was able to figure out how to get and delete users silently (without needing intervention).
As #allen-wu stated, you cannot have a user delete itself. So, I decided to have the mobile app call my server-side NodeJS API when the user clicks the 'Delete Account' button (as I do not want to store the client secret in the android app) and have the NodeJS API call the Azure AD endpoint to delete the user silently. The one caveat is that admin consent is needed the first time you try to auth. Also, I have only tested this for Graph API. I'm not a 100% sure if it works for other APIs as well.
Here are the steps:
Create your application in your AAD B2C tenant. Create a client secret and give it the following API permissions: Directory.ReadWrite.All ;
AuditLog.Read.All (I'm not a 100% sure if we need the AuditLog permission. I haven't tested without it yet).
In a browser, paste the following link:
GET https://login.microsoftonline.com/{tenant}/adminconsent?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
Login using an existing admin account and provide the consent to the app.
Once you've given admin consent, you do not have to repeat steps 1-3 again. Next, make the following call to get an access token:
POST https://login.microsoftonline.com/{B2c_tenant_name}.onmicrosoft.com/oauth2/v2.0/token
In the body, include your client_id, client_secret, grant_type (the value for which should be client_credentials) and scope (value should be 'https://graph.microsoft.com/.default')
Finally, you can call the Graph API to manage your users, including deleting them:
DELETE https://graph.microsoft.com/v1.0/users/{upn}
Don't forget to include the access token in the header. I noticed that in Postman, the graph api had a bug and returned an error if I include the word 'Bearer' at the start of the Authorization header. Try without it and it works. I haven't tried it in my NodeJS API yet, so, can't comment on it so far.
#allen-wu also suggested using the ROPC flow, which I have not tried yet, so, cannot compare the two approaches.
I hope this helps!
There is a line of code: graphClient.getUsers("").buildRequest().delete();
It seems that you didn't put the user object id in it.
However, we can ignore this problem because Microsoft Graph doesn't allow a user to delete itself.
Here is the error when I try to do it.
{
"error": {
"code": "Request_BadRequest",
"message": "The principal performing this request cannot delete itself.",
"innerError": {
"request-id": "8f44118f-0e49-431f-a0a0-80bdd954a7f0",
"date": "2020-06-04T06:41:14"
}
}
}
I have an issue with react-native-firebase (or firebase) in which my app does not receive a trigger after the auth token refreshes. It's pretty much the same issue as [1], but they never posted a solution.
So, what happens is that both on an Android phone and on the Android emulator (no idea about iOS), signing up, logging in and logging out works perfectly, meaning the listeners correctly see when I do a logout() etc. But the listeners never fire when the token refreshes.
My first question is: Am I correct to assume that the onIdTokenChanged-listener should automatically fire after 60 minutes without having to do anything else, e.g. call any firebase function, such that the app just sits there doing nothing for 60 minutes and then receiving the event and replacing the token?
My main component which contains the listeners looks like this:
class ReduxAppWrapper extends Component {
componentDidMount() {
firebase.auth().onAuthStateChanged((user) => {
console.log('COMP DID MOUNT: AUTH STATE CHANGED! ' + JSON.stringify(user));
});
firebase.auth().onIdTokenChanged((user) => {
console.log('COMP DID MOUNT: TOKEN CHANGED! ' + JSON.stringify(user));
});
firebase.auth().onUserChanged((user) => {
console.log('COMP DID MOUNT: USER CHANGED! ' + JSON.stringify(user));
});
};
render() {
return (
<ReduxProvider store={store}>
<MenuProvider>
<PaperProvider>
<AppContainer />
</PaperProvider>
</MenuProvider>
</ReduxProvider>);
}
}
Normally inside the listener I have a function that dispatches a redux-action such that the authentication information is broadcast across my components. Inside those components I use the jwt token for http-requests to my backend.
Now the backend of course uses firebase to validate that token (and this is where the problem occurs after the 60 minutes since it retrieves an outdated jwt), but I think I am right to assume that the problem lies within the app since the refresh does not happen.
I'd be really glad if someone could point me to where to look, I also tried to find out in the firebase console whether a token refresh event was sent, but I could not find anything about that.
So basically:
1) Am I right to assume that the firebase.auth().onIdTokenChanged() function should be called without me doing anything else? Or is it not enough to define the listener once in the main component (also regarding the fact that other screens will be rendered on top of that due to the stack-nvigation).
2) If the code is fine, do you have any hints for where to look?
Thanks so much!
[1] https://github.com/invertase/react-native-firebase/issues/531
For anyone with the same issue, I ended up asking firebase asking for the token everytime I needed it. I still think this should not be necessary but I did not want to spend any more time analyzing why the refresh did not work automatically. So what I am doing in the app is
firebase.auth().currentUser.getIdToken().then((token) => {
fetch(url, {
method: 'GET',
headers: { Authorization: token }
})
}
¯\_(ツ)_/¯
Apparently, with getIdToken, Firebase only makes a call to its server to get a new token if the current token has expired; it does not create unnecessary requests if it does not have to.
Quite a crucial detail which can be confusing if you are not aware of it and makes you (rightfully) assume that onIdTokenChanged is a listener which you would need to use to automatically update the token ...
https://firebase.google.com/docs/reference/js/firebase.User.html#getidtoken
Returns the current token if it has not expired. Otherwise, this will refresh the token and return a new one.
I have an issue with my ionic v2 app, I have subscribed to platform.resume on app.component.ts where I have an redirection, based on user status, every time a picture is taken and app returns from camera platform.resume is called and the redirection breaks my app flow. Is there a way to identify resume event called by cordova-plugin-camera?
Token validation, redirects back to login page
I suggest you use Events for triggering redirection based on login/logout
events.publish('token:received', token);
and in your app.component.ts
events.subscribe('token:received',(token)=>{
//redirect
});
An internal function like platform.resume may be used internally by any number of plugins or components.
If i got it right, you can use the returned promise and then redirect to another page.
Camera.getPicture(options).then((imageData) => {
let base64Image = 'data:image/jpeg;base64,' + imageData;
this.NavCtrl.push(TheRedirectPage, ParamsYouDLikeToPass);
// i think you can also call platform.resume here, if you want, but i'd stick with the promise return.
}, (err) => {
// Handle error
});
There's no need to check with the platform.resume, since when it returns from camera it's all ready for you to do your stuff.
I am working with titanium platform, when i implement SSO in iOS, it works great whether i do it for one time or many times, it works smoothly and perfect. but when i come to Android, it work for the first time but not after that.
For example, i installed the test app on android and click on facebook login, it works for first time, but when i logged out and try to login with facebook again then it just shows the redirection to facebook app but app login doesn't happen, i tried many times and try many ways but its not working.
I have placed facebook login event listener in app.js and in somewindow.js i have facebook login button. i am doing some work after logging in facebook, means redirecting to some other window.
thanks in advance.
Actually the problem persist due to cache . we need to clear cache when you log out use below code it works fine
Titanium.Facebook.appid = "XXXXXXXXXXXXXXXXXX";
Titanium.Facebook.permissions = ['publish_stream', 'read_stream'];
var fbButton = Ti.UI.createButton({
top: 68,
width:290,
height:52,
backgroundImage:"images/login/facebook.png"
});
fbButton.addEventListener('click', function() {
if(Titanium.Facebook.loggedIn){
Titanium.Facebook.logout()
return
}
Titanium.Facebook.authorize();
});
Ti.Facebook.addEventListener('login', function(e) {
if (e.success) {
win.close()
} else if (e.error) {
alert(e.error);
} else if (e.cancelled) {
alert("Canceled");
}
});
Titanium.Facebook.addEventListener('logout', function(e) {
var url = 'https://login.facebook.com';
var client = Titanium.Network.createHTTPClient();
client.clearCookies(url);
});
Use this flag Ti.Facebook.forceDialogAuth=false;
seriously going insane here....
I'm trying to get the phonegap facebook plugin for android to work, but it's really driving me up the wall (no pun intented).
I am using the code from https://github.com/irnc/phonegap-plugin-facebook-connect/tree/oauth-2.0+irnc, at least I think I am.
I appear to have two problems:
the following callback in the login (from pg-plugin-fb-connect) gives an error because "FB.Auth.setAuthResponse(response.authResponse, response.status);" cannot be found. Am I using an incorrect facebook sdk? Apparently no, see edit below
PhoneGap.exec(function (response) {
console.log('PG.FB.login.success: ' + JSON.stringify(response) + ', store into localStorage ...');
localStorage.setItem(key, JSON.stringify(response));
FB.Auth.setAuthResponse(response.authResponse, response.status);
if (cb) {
cb(response);
}
}, null, service, 'login', ['publish_stream', 'read_stream']);
},
When I comment the FB.Auth.setAuthResponse(response.authResponse, response.status); statement, my login returns successfull! I get an authresponse with an accesstoken and status set to connected. When I try to execute the following code (on success callback)
FB.api('/me/feed', 'post', { message: body }, function(response) {
if (!response || response.error) {
console.log(JSON.stringify(response.error, null, 4));
alert('We are very sorry, but somthing went wrong');
} else {
alert('Message was successfully posted to your wall!');
}
});
it gives me an oauthexception message: "An active access token must be used to query information about the current user."
I authenticated with 'read_stream, publish_stream' permissions.
These two are probably related, but I can't find anything about the setAuthReponse call in the facebook api.
EDIT help is apparently not on it's way, but i've continued my quest to get this to work.
The facebook js sdk I got from the github repo's are all using the 'old' auth methods. I've downloaded the new facebook js sdk and FB.Auth.setAuthResponse is there. I copied the code to my existing js sdk and changed all calls to setSession to setAuthRepsonse. Everything is working fine, except that the access token doesn't appear to be posted when I make above FB.api calls. After these changes, the error remains exactly the same!
Oh yeah, I also changed the check in the login callback to check for authResponse instead of session (it's in the example).
Help is more than welcome,
rinze
I think I fixed this. Basically the ConnectPlugin.java is still returning a "session" response object instead of the "authResponse" that the new SDK expects.
See https://github.com/odbol/phonegap-plugin-facebook-connect/commit/0ef84e29603338930ff82fc6d6ef8525b668077d for details.