I use OAuth login on my site, and would like to use the Test User API to do testing. However, I've run into a problem where I can't actually log in with a test user account.
One of the requirements is that the user needs to reauthenticate when they log in (passing auth_type=reauthenticate to the OAuth endpoint), so just being logged into Facebook as the test user is not enough.
I create a new test users
I set the password of the test user
I log in using the Developer App and obtain their email address from the Facebook main site
I click on the Login button on my site, and the Facebook login form pops up
I enter the email address and password
I am sent back to the login form without an error message
Is this even possible? This sounds suspiciously like Why can't I login to test Facebook user accounts from the Android native app?, but I'm not 100% sure.
Related
I'm just trying to make a small ecommerce web application by using Django, Django Rest Framework, I completed registration and login views(not used Django inbuilt authentication) just saving the users information in database and validating those details when the user login, now I'm confused that how actually login works, how the user stay connected till he log out, how the server knows that the user is still logged in, how each request knows that the user is already logged in, Once I tried login by using Django OAuth token, also simple JWT tokens, but when I used to login along with the username and password I also send the token from the postman, but users doesn't login through postman in real world, then how the tokens are handled, who passes the tokens along with the parameters while login, how tokens are passed along with the credentials in real projects, how all these handled in real projects, also what happens when user clicks on logout, what will happen in the backend when user clicks on logout, can anyone please clear this question Thanks.
Please help me understanding of this concept
I am developing a Google Assistant app which will be accessible to only registered users. I do not wish to go through the process of account linking. I am prompting the user for account ID and password which authenticates the user from my backend and is working fine while i am testing it. Can it face any guideline issue when i publish it?
This looks like a very bad idea from both a design and a security view point and is indeed prohibited by the Actions on Google policy:
Don't collect authentication data via the conversational interface (text or speech).
Assume I have an Instagram account and a website. I want to display the most recent photos from my Instagram account on website. Something I am not clear in the documentation: in order to get my access_token I need to authenticate myself? I don't get how to do it in backend side. It works fine if I logged in as my account, but in incognito, there is a dialog pops up asking username and password. I don't want user to see that.
Do I need to provide my username and password in backend side and auto login? and I don't want to see the pop up dialog asking authentication. I need everything handled in backend side. How do I achieve it?
You can authenticate and get your access_token using the client implicit Oauth, you just have to open the auth url:
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
setup a redirect-uri in your app settings, it can be http://localhost too.
opening above url in browser will show login page, once u login, you will be redirected to your the redirect-uri, the access_token will be in the redirect-uri:
http://localhost#access_token=ACCESS-TOKEN
copy the access_token
You can then make API call to get your own latest 20 photos and display on your website:
https://api.instagram.com/v1/users/{user-id}/media/recent/?access_token=ACCESS-TOKEN
You dont need to be approved by instagram, u can remain in sandbox mode and get latest 20 pics via API.
Currently I am trying to create a login page that would allow a user to authenticate through his facebook account. All the tutorials I found explain how to implement it, but in all implementations their websites take a user to Facebook's login window. I wonder if it is possible to use my own login page to provide a username and password using my own form and then authenticate the user on the server side without any Facebook pages popping up?
Thank you in advance
I want to integrate Multi-Factor Authentication into my custom built, Azure Hosted website.
I want the user to get an OTP (One Time Password) over SMS and then enter that OTP on the Sign-in page.
How am I supposed to verify the OTP entered by the user on Sign-in page? I was unable to find anything related to that in the SDK and online documentation.
SDK documentation on MSDN http://msdn.microsoft.com/en-us/library/dn422962.aspx tells us that:
"Text messages. Windows Azure Multi-Factor Authentication can send an SMS text message with a one-time passcode to any mobile phone. To complete the sign-in process, the user is prompted to reply with the passcode or passcode and PIN, or to enter the passcode on an application sign-in screen."
but unfortunately it doesn't tell how the sent passcode is verified, either via the SDK itself or some other way.
It's really confusing coz one would think the received token needs to be entered on the comp, but apparently the SMS needs to be replied to the SMS sender. All the docs on the net shows differently, they all show some second login screen for the token to be entered:
http://www2.warwick.ac.uk/services/its/servicessupport/networkservices/vpn/itsvpn/
But no, it's not quite how it works with Azure.
For whatever reason SMS didn't work for me. I did receive the SMSes but even after I replied to the sender number, it still wouldn't authenticate me. Also, it'd have increased the costs even further so I just sticked with the automated phone call.
Now I use it to authenticate VPN users on our Cisco ASA firewall. The authentication process goes like this:
user clicks on connect in the VPN client
user enters user + password, then clicks login, now the client is waiting for a response
credentials are sent to ASA, which asks the Multi-Factor Authentication Server if they're ok
the MFAS verifies that they're ok so it tells Azure to call the user's phone number
user receives call, presses the # key (that's the "standard" method, there's also a PIN method), then Azure hangs up the call and tells the MFAS that it can proceed
MFAS tells the ASA that the user's authenticated
client exits the waiting state and logs in