I've installed an Android application. The first time I ran it
an OAuth2 window showed up asking me whether I wanted to grant
the application access to some scope within my user account.
However now I've gone to https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en
and revoked access, but my application still runs normally without asking me the
question of whether to allow it access to my account or not.
The application is the sample Auth activity that comes with Google Play extras.
What can I do to get the application to display the question in a popup window again?
I've tried uninstalling and reinstalling but I cannot get that window back and I need
it for testing purposes.
Thanks.
Try to programmatically revoke the token by making a request to - https://accounts.google.com/o/oauth2/revoke and include the token as a parameter. Something like this ::
curl https://accounts.google.com/o/oauth2/revoke?token={token}
The token can be an access token or a refresh token. If the token is an access token and it has a corresponding refresh token, the refresh token will also be revoked.
If the revocation is successfully processed, then the status code of
the response is 200. For error conditions, a status code 400 is
returned along with an error code.
The error code will give you an idea if the revocation was successful or not.
Related
I have an issue using the the information at the following blog post
https://cgillum.tech/2016/03/07/app-service-token-store/
I have an app that can login using windows or Google account.
With windows account all is well.
I am able to login and receive a refresh token.
This will then refresh with no issues.
With Google account I do not get the refresh token and google account does not ask my permission to have the offline scope.
Here is the code I use to login:
return await client.LoginAsync(myView, MobileServiceAuthenticationProvider.Google, new Dictionary<string, string>() {
{ "access_type", "offline" } });
I think what the problem could be this (from Google's OAuth documentation):
Important: When your application receives a refresh token, it is important to store that refresh token for future use. If your application loses the refresh token, it will have to re-prompt the user for consent before obtaining another refresh token. If you need to re-prompt the user for consent, include the prompt parameter in the authorization code request, and set the value to consent.
Basically, if you've already received a refresh token for a particular request, it sounds like Google won't give you new ones unless you explicitly prompt the user for consent for the offline scope. You can do this by adding a prompt=consent query string parameter to your login. For example:
/.auth/login/google?access_type=offline&prompt=consent
I've seen this work for others. Give it a try and see if it resolves your issue too.
I am using the Facebook SDK to connect my native Android app to Facebook. I am able to show the login page and make users login into my application through their facebook account. But according to: https://developers.facebook.com/docs/mobile/android/build/#sso
I have to watch out for two activities, such as revoke of access and password change. The response parameter will return the following results:
User revoked access to your app:
{"error":{"type":"OAuthException","message":"Error validating access token: User 1053947411 has not authorized application 157111564357680."}}
OR when password changed:
{"error":{"type":"OAuthException","message":"Error validating access token: The session is invalid because the user logged out."}}
Now, my question is, how do I handle or catch the following errors? Thanks.
There's an official guide for that: Handling Invalid and Expired Access Tokens.
For android it states:
Android native applications
You may detect access token errors by inspecting the response
parameter of the onComplete method. In this case, you will again need
to call facebook.authorize() to re-authenticate the user and generate
a fresh access token.
An odd question, but hopefully someone has an answer.
I am developing a mobile app that will connect with Facebook. Everything was working fine and had been for about a week. I could authorize and remove authorization and post to a user's feed.
On Saturday or Sunday I modified my request to add offline_access. Around that time (unfortunately I cannot be sure exactly when) I started receiving failures coming back saying the access token was invalid ("Error validating access token: The session has been invalidated because the user has changed the password.").
I know this to be false because I haven't changed my password and I just received the access token and the responses were all fine. In fact, I post to the feed immediately after getting authorized ("Hey, I'm using TheApp") and that post fails with the above error.
Here's where it escalates: I went to the mobile Facebook app to verify access and connectivity. Suddenly the official FB app starts giving me the same problems. It starts popping up login dialogs. I enter my password, it shows a toast saying login succeeded and then asks for the login again a few seconds later. After a try or two of this it ends up displaying another toast with the invalid token message from above.
I clear my app, uninstall it, logout and clear all FB data (using Manage Apps in the device settings), and force stop the app. I can't uninstall FB so that's the most I can do. I also go to the FB site and change my FB password. I go back to the FB app, login again, and before the feed activity even finishes loading it's prompting me for my password again and we're back into that old cycle. I try my app and it's in the same bucket (no surprise there).
Two more data points:
I can sometimes get this same behaviour to occur using the Graph API Exlorer web app. I can do it consistently with a token for the Graph API Explorer itself and I can get it inconsistently with an access token from my app.
I fired up an emulator (one without the FB app) and ran my app there. Logging in as me I can get an access token and everything works. My app posts to my feed with no complaints.
At this point, FB (and apparently any FB-connecting app) is hosed on my real device. It is either just the device or a combination of the device plus my account (I haven't any other FB account to try).
Can anyone shed some light on what I need to do to either debug this further or clear it up?
I am developing an app which uses facebook integration. I am trying to receive the access_token and expires_in tokens from the facebook library classes. Once i am logged in I get the access_token correctly but i always get expires_in token always 0. And because of that I isSessionValid() method always returns false. Kindly let me know if anyone has faced this issue and solved it.
My code runs perfectly fine when i do not have the Facebook app installed in the emulator. I get the webview and I can log in and update status. But when I install Facebook app, clicking on the update status menu option opens the Facebook app, I get redirected to the permissions page and then I get an error saying " Failed to receive access token". This is infact because of the expires_in token being 0.
i do not want to ask the users of the app to uninstall the Facebook app if they have installed. kindly let me the solution to this problem.
Thanks,
Punit
If you put permission offline_access, the token expiry is 0.
For any one else having this issue (if you had put offline_access permission and later removed) follow the steps:
Go to your facebook profile setting and remove your app.
and then do login again.
Give permission to your app again.
Alternately you can do this:
Go to your facebook profile setting > Apps > Your_App and remove "Access my data any time" permission.
Save changes made.
Re-run Your_App(i.e. with no offline_access permission now).
Have you mentioned Key Hash in the app that you created on facebook? If not, create a valid one and mention it. This usually occurs because of the new update features of facebook, However, older versions of facebook work well each time. You can check this by uninstalling updates on your facebook app, and run your code. It still works fine. Learn more from here
Hello I am using the facebook sdk for android on my android phone and using single sign on. It works fine when I logged into the facebook application, my application also signed in.
For logout I encountered a confusion.
The way I implemented was restore the access token and expired date from the user preferences of the application and check the validity of the session. If expired the application calls the facebook.authorized function and once authorized the access token and expired date will update again.
There are few things I find a bit confusion when dealing with the logout.
1) When I logged out from facebook application, my application still can get through and request the user details. Although, my saved access token on my application has no relationship with the facebook application, I thought it will at least giving me an error when requesting the data. But it hasn't given me the error.
Does it suppose to be actting like that. Signing out from facebook apps will not affect the access token I have stored on my application.
2) When I logged out from my application and not the facebook application, the facebook application won't automatically logout.
The Facebook access token and your app access token are separate and distinct, so it is entirely possible that one can be valid and allow access while the other is not valid and will require re-authorisation.
If the Facebook app is logged in but your app is not, then the Facebook SDK will use the existing Facebook app login to obtain a new access token for your app without authenticating, but this is still not linked to the Facebook app login token in any way.
If the Facebook app is not installed, or not logged in, then the Facebook SDK will take you to the Facebook website to do the initial authentication, but this does not log the Facebook app in because there is no connection between your access token and the Facebook access token.
So, in summary - your understanding is correct. There's no interaction between the two apps except for when your app tries to authenticate a user, then the Facebook app will act as a proxy, allowing you to gain access without authenticating so long as Facebook is logged in. After that, there is no further interaction and what you've observed is expected and intended behaviour.
I have the same problem. I'm thinking about creating a "isLogged" var and store it so that when someone logout and restart the app it will not even verify if the user is logged bypassing facebook's session verify.