Session Expired when using Passportjs Facebook from Facebook App in IOS - passport.js

I tried using passportjs facebook on my website and tested on different browser but there’s a little bit problem when the link is from the facebook app itself specifically on IOS.
Package used: http://www.passportjs.org/packages/passport-facebook/
The scenario is:
Share your login url to post in your facebook timeline
Open facebook app on ipad
Click the link that was posted on facebook timeline to open the login url and a popup browser from facebook app should appear.
Click your facebook login using passportjs
Result:
Session Expired popup appear and you’ll be sign out and ask to login again but not from your url but from the app itself so I’m not getting the response login from it since it is not from passportjs login anymore. Any idea how to solve this or why is this happening?

So after some trial & error reading I found out I just need to turn on the "Force Web OAuth Reauthentication" inside Facebook Developer dashboard and now it continue login from IOS Facebook app when the link is from their.

Related

Swagger Logout button does not clear user session from browser ( Azure B2C in ASP.Net 6 web api)

I Implemented Authentication and authorization on ASP.net 6 with Azure B2C,and everything works fine except the Logout button on the authorization modal provided by Swagger, as it appears to log the user out, but after "logging out" the user can click "Authorize" and be logged in again without being required to enter their username and password. It's not clearing out the user session from the browser. On the client side developed in vueJs , the logout works fine , the issue is happening only with swagger, I tried to track the flow of the HTTP requests and it appears that clicking the logout button does not trigger any http calls in order to logout the user or clear his session.
Am using the nuget package Swashbuckle.AspNetCore 6.3.0 , any suggestions ?Thanks
Clearing Cookies session during logout button having issues in ASP .NET Core and still it is in open state on GitHub Issues Repo.
Same it is not possible to do external logout using OAuth
Please keep trace of this issue in the GitHub. Also, if possible, contact the technical support of Microsoft Azure on azcommunity#microsoft.com

How to handle the authentication flow when using Google sign in in my Chrome extension

I am planning to use Google sign in for my Chrome extension. I came across the following docs:
https://developers.google.com/identity/sign-in/web/sign-in
From what I understand, clicking on the auth button opens up another webpage, and then if the user authenticates the app, then they are redirected back to the page. Now, what if I want to do this from my Chrome extension that can run on my webpage/domain. What would be the workflow for authenticating then using Google sign in?

Spotify App redirects to wrong browser on iOS after authentication - bug

During a browser based authentication (oauth) some iOS users experience the flow as their Spotify app opening to authenticate rather than in the browser.
When this happens the redirection back to the site uses the default browser rather than the browser that started the flow.
So for example a user may start to authenticate in Chrome or in the Facebook Browser, but is then redirected after authentication to Safari.
If you are maintaining session or states to check against CSRF then this will breaks that.
I also think it would be more consistent for the user to send them back to their original browser.

Get the same user token in different accounts of Gmail in chrome extension

I have an google chrome extension write in JS which comes into play when the user is inside Gmail.
I am using chrome.identity.getAuthToken to get the token of user but the problem is that I get always same user token for who install the extension ,for example:
The chrome user profile is a...#gmail.com. So when I login to the gmail as a..#gmail.com, and go to the event page, and make a chrome.identity. getAuthToken, I get the token for a...#gmail.com, that is fine.
Now I login into the Gmail as b...#gmail.com. Now if I make a chrome.identity.getAuthToken, I still get the token for a...#gmail.com and I can't create request to Gmail API.
So,I try another way and success to get the id token using this Is it possible to get an Id token with Chrome App Indentity Api? qustion , but it's still the same problem that it's on the user who install the extnsion.
I try to follow this 2 similiar question here:
Get access to multiple gmail accounts in a chrome extension
Login to Chrome extension with a Google user other than the one in use by Chrome
But i am not really understand it , I need to create my own OAuth2 ?but how I can do it with chrome extension? I think maybe I need to send some request to 'https://accounts.google.com/o/oauth2/auth' + ..... to get the token but I am not sure about the parameters , and if it's right...
Hope you could help me , Thanks !

Facebook authentication with Express using a custom login page

Currently I am trying to create a login page that would allow a user to authenticate through his facebook account. All the tutorials I found explain how to implement it, but in all implementations their websites take a user to Facebook's login window. I wonder if it is possible to use my own login page to provide a username and password using my own form and then authenticate the user on the server side without any Facebook pages popping up?
Thank you in advance

Resources