Let me first start with saying I've searched for an answer to this question for quite some time...
I'm trying to setup Facebook OAuth to work with my application that is being developed locally on my machine. Everything was working perfect with Facebook authorization UNTIL I moved from using localhost to another domain name (still local to my machine.) Now I'm getting the following error.
Can't Load URL: The domain of this URL isn't included in the app's
domains. To be able to load this URL, add all domains and subdomains
of your app to the App Domains field in your app settings.
My hosts file contains 127.0.0.1 domain.dev (works perfect)
My redirect in my app (using Socialite) is http://domain.dev/auth/facebook/callback
In my Facebook App Settings...
my App Domain is domain.dev
my Site URL is http://domain.dev/
my Valid OAuth redirect URIs is
http://domain.dev/auth/facebook/callback
The URL at the time of the error message is..
https://www.facebook.com/v2.5/dialog/oauth?client_id=XXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Fdomain.dev%2Fauth%2Ffacebook%2Fcallback&scope=email&response_type=code&state=0ztcKhmWwFLtj72TWE8uOKTcf65JmePtG95MZLDD
I'm at a loss of what the problem is...
Screen Shot 1
Screen Shot 2
In case someone comes across this and is looking for these settings (like I was)
You have to
On the left hand side, click "+Add Product" and select "Facebook Login" (it was at
the top for me)
See the new settings available on the left hand side
You will now have these OAuth settings on that "Product Settings"
Additional Info: Make sure to add the Callback URL like http://localhost:3000 to the Valid OAuth redirect URIs field on the settings page of Facebook Login
This usually happens if you have entered the wrong details when you created the App in Facebook. Or have you changed a URL's of an existing App?
Can you please recheck the settings of your APP in this page?
https://developers.facebook.com/apps
Select the correct App and click in the edit button;
Check the URLs & paths are correctly entered and are pointing to the site where you have installed Ultimate Facebook plugin.
I had the same problem. I solved it by adding my OAuth redirect URI as a argument to the getAccessToken function call:
$redirectLoginHelper->getAccessToken("https://www.example.com/myfacebookcallback")
If no argument is sent into that function the SDK generates the redirect URI by itself which should work but in my case it didn't.
Hope this helps someone.
Make sure your app is public.
Click on + Add product
Now go to products => Facebook Login
Now do the following:
Valid OAuth redirect URIs : example.com/
Deauthorize Callback URL : https://example.com/facebookapp
Can't Load URL: The domain of this URL isn't included in the app's
domains. To be able to load this URL, add all domains and subdomains
of your app to the App Domains field in your app settings.
I had this issue today, I find the Facebook documentation and SDK disrespectful and arogant towards other developers to say the least.
Besides having the "app domains" in two different locations without much information (3 if you add a "web" platform), you also need to go to app products / facebook login / settings and add your redirect URL under Valid OAuth Redirect URIs
The error says NOTHING about the oauth settings.
Here's what I did to solve this issue:
Basically:
1) Enable "Embedded Browser OAuth Login"
2) Disable "Use Strict Mode for Redirect URIs" and enter a redirect
URI like the way I did.
3) Leave all the rest of the options as they are.
4) Save your changes.
5) Enjoy :)
Facebook has recently disabled the toggle button for 'Use Strict Mode for Redirect URIs', so you need to add exact URI what's being called when you hit login button. For my case it was as shown in screenshot.
It solved the issue for me :)
I had the same problem, and it came from a wrong client_id / Facebook App ID.
Did you switch your Facebook app to "public" or "online ? When you do so, Facebook creates a new app with a new App ID.
You can compare the "client_id" parameter value in the url with the one in your Facebook dashboard.
In my case, things i had to do is only enabling the Embedded Browser OAuth Login
As of 2017-10.
Solution that solved my issue.
Currently that FB renders this surprise.
...app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on...
The settings to adjust are located here https://developers.facebook.com/apps/[your_app_itentifier]/fb-login/.
The trailing slash is important. They must match in your app code and in FB admin settings. So this is a config somewhere in your code (see below how to get any domain name for a dev app):
{
callbackURL: `http://my_local_app.com:3000/callback/`, // trailing slash
}
and here
To get any domain name for an app on a local Windows machine, edit host file. Custom names are good in order to get rid of all those localhost:8080, 0.0.0.0:30303, 127.0.0.0:8000, so forth. Because some third party services like FB sometimes fail to let you use 127.0.0.0 names.
On Windows 10 hosts file is here:
C:\Windows\System32\drivers\etc\hosts
Backup initial file, create a copy with different name (Doesn't work in native Windows CMD. I use Git for Windows, it has many Unix commands)
$ cp hosts hosts.bak
Add this in hosts
127.0.0.1 myfbapp.com # you can access it in a browser http://myfbapp.com:3000
127.0.0.1 www.myotherapp.io # In a browser http://www.myotherapp.io:2020
In order to get rid of port part :3000 set up NGINX, for example.
The way I fixed it: I went to the Valid OAuth Redirect URIs textbox and set the exact URL, not just the domain:
before: https://my-website.com
after: https://my-website.com/facebookoauth/facebooklogin
(the url may be different in your case, check it in the address bar of the browser).
This was caused by the setting Use Strict Mode for Redirect URIs, which was locked in the Yes position.
Most of the time its happen with not insert proper valid OAuth redirect URL in the product section of the FB dashboard.I suggest follow my bellow steps
01.Check the basic setting of the app is okay with bellow picture with you
02.check whether you have add a product
If not you can easily add log in product by clicking + sine as I show in the bellow.
If Yes just got to inside of the product setting.
03.The check whether you have provide valid OAuth redirect URL
Its simple mean what should after login.It is not other than that your call back URl.You can see in my bellow picture I have added several redirect URLs.
have any problem further Watch my video-- >
https://www.youtube.com/watch?v=mdhubrzV5y8&t=3s
Click here Code Project!
Its Code project example. Its working to me
I had the same problem,
I just added the link of my local adress http://localhost/Facebook%20Login%20Test.html to Site URL in my application setting https://developers.facebook.com/apps.
Now it works fine :) I hope this was useful ;)
Nothing really worked for me, until I updated the SDK version I was using. I started with 5.0. Not even 5.4.0 would not work either. When I updated to 5.6.2, it worked flawlessly, despite there being nothing in the changelogs that was relevant!
This option should be enabled in portal:
In case this helps anyone else, this started happening for me on an older site when "Valid OAuth Redirect URIs" became mandatory. The site was still using the V4 PHP SDK and the problem was resolved for me by upgrading to the V5 SDK.
In the App domain section, you are writing your app domain but you also need to add your login domain i.e. the name of html page where you ask user to login. In my case, I was testing it on localhost and the login route was localhost/login, If I only put http://localhost.com in App domain section, I get this error. But after adding http://localhost/login.com, the error was fixed.
and also the App settings has changed in newer version of SDK, in which there is no option for OAuth redirect route. You've to assign the redirect route directly from server side, after successfully getting OAuth token.
This worked for me:
Here's the main thing to understand: Facebook will always check for the "WWW" domain. So make sure www.your_domain.dev is working on your browser first.
It is possible that if you have multiple virtual hosts on your local server, some other virtual host overrides "www.your_domain.dev". So please check that.
Apache will pick the FIRST definition of domain (or ports, or something in these terms - I'm no expert on this, but learned by mistakes).
An easy quick fix for this virtual host overriding is to put "www.your_domain.dev virtual host definition on the very top of the file "httpd-vhosts.conf".
Go to "/apache/conf/https-vhosts.conf" and put this on the very top of the file:
<VirtualHost *:80>
<Directory "C:/your_app_folder_path/">
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>
ServerName your_domain.dev
ServerAlias your_domain.dev
DocumentRoot "C:/your_app_folder_path/"
</VirtualHost>
###### FOR SSL #####
<VirtualHost *:443>
DocumentRoot "C:/your_app_folder_path/"
ServerName your_domain.dev
ServerAlias www.your_domain.dev
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:/your_app_folder_path/">
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Next: If you are using Windows system, edit your "hosts" file in "C:\Windows\System32\drivers\etc" by adding two lines:
127.0.0.1 your_domain.dev
127.0.0.1 www.your_domain.dev
Next: Restart your Apache server and everything should work now.
I hope this will help you and save your time.
I wasted almost a whole day searching around the web and was pulling my hair out and couldn't find anything helpful until I found this.
The problem, and the answers, keep changing as FB tightens up the login procedure. Today, I started getting this horror message "The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
The answer was: now FB wants the full redirect uri. So for me, where it used to be just https://www.example.com it now wants https://www.example.com/auth/facebook/callback. This has to go in the "Valid OAuth redirect URIs" field (Developer/Facebook login->setting)
Facebook Login -> Settings -> Valid OAuth redirect URIs -> insert the domains of your redirect url, remember you should add 'https' or http.
eg: if your redirect url is https://xxx.xxx.com/path/callback.do, you only need to enter https://xxx.xxx.com/, it's ok for me.
I had the same problem.....the issu is in the version PHP SDK 5.6.2 and the fix was editing the following file:
facebook\src\Facebook\Helpers\FacebookRedirectLoginHelper.php
change this line
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl,['state','code']);
to
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl,['state','code','enforce_https']);
This same Facebook error happened to me in the Production environment. The reason was I had 2 apps registered with Facebook (Local, Production) but I hardcoded the Local app ID into the source code and forgot to switch it out for the Production app ID before deployment.
Best practice dictates you shouldn't have the app ID hardcoded into the source code but if you do, do not mismatch your various Facebook app IDs like I mistakenly did.
Using my own local server.
Simply adding http://localhost/my-site as a URL in:
https://developers.facebook.com/apps/YOUR-APP-ID/fb-login/
worked for me.
first step:
use all https://example.in or ssl certificate URL ,
dont use http://example.in
second step:
faceboook application setting->basic setting->add your domain or subdomain
third step:
faceboook application login setting->Valid OAuth Redirect URIs->add your all redirect url after login
fourth step:
faceboook application setting->advance setting->Domain Manager->add your domain name
do all this step then use your application id, application version ,app secret for setup
on Magento 2 Social Login extension, you have to copy Valid OAuth redirect URIs from the panel and add the link to Valid OAuth Redirect URIs field in Client OAuth Settings page at developers.facebook.com
If your game has no server/site (e.g. if you develop for Gameroom like me) - add "https://apps.facebook.com/xxxxxxxxxxxxxxxxx" (put your app ID instead of "xxxxxxxxxxxx") to "Valid OAuth Redirect URIs".
in my case, i solved this issue by adding the full URL and not only the domain as facebook ask. i hope that they will rename it for more clarification.
so the Valid OAuth Redirect URIs should be like so:
Before: https://www.mobile-battles.com
After: https://www.mobile-battles.com/register
The Meta for Developers interface currently provides two places where you can enter the domains for your app: the Basic settings under "App domains", and the Advanced settings under "Domain Manager". The SDK might not recognize your domain if it is listed in just the Domain Manager.
If you are using AWS Cognito then add the URL https://<your-user-pool-domain>/oauth2/idpresponse to the Valid OAuth Redirect URIs in Facebook Login -> Settings
Related
I have a VueJs application in localhost that use the oidc-client.js library to do the login to an IdentityServer4 server in production, in another domain.
After login, the IdentityServer redirects me to the VueJs app, than I call the method signinRedirectCallback(), but the oidc-client method getUser() does not give to me the user information.
If I check the LocalStorage I can see the oidc.user:IdentityServer4Url value where I can see all the information of the user (access_token, id_token, profile ecc...), and I've the Cookies 'idsrv', 'idsrv.session', 'ARRAffinity'.
If I try the application in the same domain, it works.
Is it possible to have a localhost app and do the login to another domain?
Thanks
you can absolutely have your Identity server in a different domain and pretty much most of the big IDP's (Identity Provider) will live in a different domain.
When you said, you have information on the local storage, did u make sure, the access token is the same as the one you have received in the singin response url? in the local storage you would see a property called "expires_at" I guess, see if that value is valid.
https://github.com/IdentityModel/oidc-client-js/blob/dev/src/UserManager.js#L595
If all things are right, I can't think of any other reason why it should not retrieve.
One other debug technique which could help you is? Go to your node_modules folder, look for oidc-cient-js folder, and modify the main property in package.json file from oidc-client.min.js to oidc-client.js, this way you can keep breakpoint and debug step by step and find out what is going on.
Hope this helps.
I'm throwing together a simple POC for a client that wants to use LiveId (now Microsoft Account or MSA) for users to sign in. I've done this with FaceBook, Google and Twitter and they were all a walk in the park. For whatever reason MSA is a royal PITA.
I've created a MVC5 application using Visual Studio 2015. I went to the MSA developer center to create my app and get the client id and secret. The redirect URL I'm using is http://localtest.me/membersweb/signin-microsoft
The client id and secret go in Start.Auth.cs just like usual.
I've setup IIS and have my app in a virtual directory. When I run my application it comes up like usual. I click Log In and it goes to the login page as expected and the Microsoft button appears in the right hand column as expected. When you click the Microsoft button you are redirected to the MSA sign in page. B/c I'm already signed in I should be taken to the authorization page where I give my application permission to access my info. Instead I'm taken to an error page. The title says "We're unable to complete your request" and the rest of the message says "Microsoft account is experiencing technical problems. Please try again later.". Pretty useless.
The url is a tiny bit more helpful with the following error message:
invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
This isn't rocket science. I do this w/ FaceBook all the time. What the blazes am I doing wrong?
No other coding, configuring or customization has been performed.
TIA
Go to https://account.live.com/developers/applications
Choose your application
Go to Edit Settings
Go to API Settings
Edit the Redirect URLs: add "/signin-microsoft" to the end of your redirect_uri
Go to your code and set the same redirect_uri for the API call
Go to drink a beer or two or more
This worked for me :)
PS: If it is still not working, try to add "/Account/ExternalLoginCallback" at the end of your redirect_uri, but this is not confirmed as working solution
For more info here: http://www.benday.com/2014/02/25/walkthrough-asp-net-mvc-identity-with-microsoft-account-authentication/
In case anyone is having this problem....
I ran into this issue recently and adding "/signin-microsof" or "/Account/ExternalLoginCallback" did not help.
What I ended up doing is adding the following redirect URIs to all app registrations (Microsoft, Google and Facebook in my case).
https://YOUR-DOMAIN.b2clogin.com/YOUR-DOMAIN.onmicrosoft.com/oauth2/authresp
https://login.microsoftonline.com/te/YOUR-DOMAIN.onmicrosoft.com/oauth2/authresp
I asked few people in work, but noone could help me. So here it is.
I'm on domain. Windows authentication. Deny anonymous.
I start my app on local webdev server. Then try to access it. So...
<%= Page.User.Identity.Name %>
<%= HttpContext.Current.User.Identity.Name %>
in my .aspx page..
When I access this (in this example I just want to see my name of logged user), I get my username, just like expected. But when I want to "test" my app - still running in first account - and I access it in another browser (no, I'm not stupid, ofcourse under another windows accout, made for testing) I'm getting the first username still. So the problem is: User.Identity.Name returns name of user where I started the app, not name of user who accessed it via browser.
Any tips? :)
Have a nice day
The accepted answer (as suggested by comments above the question) would be:
The integrated web server doesn't handle Windows authentication properly. IIS should do better and recognize different users. The source of the problem is then the integrated web server.
Output Caching is a common cause: user B might be getting a cached copy of the page generated for user A.
Question:
I'm using a DropBox csharp API from here:
https://github.com/dkarzon/DropNet
From the Unit tests, and the only working sample from here
https://github.com/dkarzon/DropNet/blob/master/DropNet.Samples/DropNet.Samples.Web/Default.aspx.cs
I figured that it works like this:
DropNet.DropNetClient client = new DropNet.DropNetClient(strApiKey, strAppSecret);
DropNet.Models.UserLogin login = client.GetToken();
client.UserLogin = login;
var accountInfo = client.AccountInfo();
str = accountInfo.quota_info.quota.ToString();
The probem is, it throws an exception on accountinfo. (System.Net.HttpStatusCode.Unauthorized)
Everything before works fine, I get the login (usertoken & usersecret) .
I think my problem is this part of the sample application:
var url = _client.BuildAuthorizeUrl(Request.Url.ToString() + "?dropboxcallback=1");
Response.Redirect(url);
Where it redirects to dropbox for a login...
I don't have a web application, so I have no URL...
What I have is a console application, that should make a backup of my database every evening automatically as a service, for which it certainly is very bad requiring a webbrowser and a user which has to type in email/username + password.
How can I do a login by directly supplying the hardcoded username and password ?
If I use the sample application, then it works, but that requires typing in the username and password on the web, and that sucks big time for a console application...
As far as I know from other API's (facebook, google, stack exchange etc.) you'll have to redirect your user to a webpage of Dropbox, where it will grant permissions to you to use it's account to perform things.
So in general it is not possible to achive this without a webbrower. Otherwise you'll have to perform really dirty hacks to hack arround the permission system of dropbox.
Please have a look at "OAuth 2.0 authorization flow" on google.
Here's a diagram I found at Yahoo which show's how it works:
For uisng the DropnetClient's 4 argument constructor also we need to build web based url and allow the user to authenticate his account this is compusory thing, accesstoken will generate after the user hit allow button in authentication process
As GameScripting explained the Dropbox API uses oauth which requires user login through the dropbox website to authenticate the access tokens.
Checkout the documentation here: http://dkdevelopment.net/what-im-doing/dropnet/ for the 3 step process.
What sort of application are you building? Normal process is to load a browser control inside the application and navigate to the login URL with it.
Also have a look at the sample Windows Phone app to give you an idea of how this process works: https://github.com/dkarzon/DropNet/blob/master/DropNet.Samples/DropNet.Samples.WP7/MainPage.xaml.cs
Instead of hardcoding the username and password, you can hardcode the OAuth access token.
First, create a simple program (using the same app key) that follows the standard browser-based authorization flow. Then use it to authorize the app with the desired user. This will give you an OAuth access token (a "token" and "token secret") associated with that user and your app key.
Then, in your service-style application, just hardcode the OAuth access token (using DropNetClient's 4-argument constructor).
It is possible, using SharpBox - tested, works.
One needs to acquire the AccessToken as a one-time-action manually, then after that, one can omit the login page and use the saved AccessToken.
http://www.jayway.com/2012/02/06/unboxing-dropbox-and-sharpbox-2/
The magic line is:
Globals.DropBox.Token = AppLimit.CloudComputing.SharpBox.StorageProvider.DropBox.DropBoxStorageProviderTools
.ExchangeDropBoxRequestTokenIntoAccessToken(
Globals.DropBox.config
, Globals.DropBox.AppKey, Globals.DropBox.AppSec
, Globals.DropBox.requestToken
);
I have a VS 2011 solution file with two projects, each is a project file for a web app. One is an older version of the application and the other is a newer version. When a user signs in to the older version, depending on their membership, they might be redirected to the new version. When they do land on the new website, they should not have to go through authentication, instead go directly to their page within the app.
To handle this, I am using response.redirect from the older application along with a querystring indicating that the user has been authenticated.
code in older version:
Response.Redirect(sURL + "?Auth=" + sAuth, false);
I am checking for the querystring on the page_load event of the login.aspx.cs of the new app (something like "if querystring authentication = true then continue to next page"). However, I still get the login page.
Code on page_load event of new app:
if (Page.IsCrossPagePostBack)
{
string sAuthenticate = Request.QueryString.Get("Auth").ToString();
if (sAuthenticate == "1")
{
ByPassAuthentication();
}
}
How can I bypass the login page?
Assuming that this is a FormsAuthentication site, ASP.Net will automatically return the user to the login page is they have not been logged into FormsAuthentication.
So you will have to, at the very least, pass the user's login name as well.
Since you are passing this on the querystring, you will have to be very careful to ensure that only your response.redirect is processed as a valid request. You don't want any user to be able to login by figuring out what the query string parameter is and logging in as the CEO of the company.
We do this by encrypting a combination of the user name and the current time, then on the receiving end, we decrypt and compare the timestamp. If it is outside the tolerance (say 2 minutes), we deny the login request.
You can debug this by right clicking on your solution, click Properties, then start your two projects. Have a look here Running two projects at once in Visual Studio. Of course put a break point on both projects
Maybe single sign on will help you, check out my question and answer here.
Single Sign On
You could try checking the "IsCrossPagePostBack" property on the new page.. then you'd know if the post back was a redirection.
You need to authenticate the user once you've entered the 'new' site. Assuming your using .NET Forms authentication, you're probably setting an Authentication cookie with code like this,
FormsAuthentication.SetAuthCookie(userLogin, true);
When you do this, it creates a cookie for the user that is used for subsequent requests to the site it was created. In your case, the 'Old' site. So, you either need to create a new auth cookie, or share the auth cookies, which has a few nuances and can be troublesome.