I'm trying to make an app when user can schedule meeting with customer and sends the link to meeting by email. We encountered case when customer is logged on his Teams account in browser and he is joining with this account instead of as guest (anonymously). We want to force customer as unlogged. What we have tried:
Force open links in InCognito mode - we cannot due browser limitations.
Logout user from current logged account - it is not user friendly behavior and it is connected with some hacks
Open Teams in iFrame - we cannot do this due X-Frame-Options: SAMEORIGIN in launcher page
Schedule meeting as online meeting does not work too
Have you any ideas how to achieve this?
Related
My user tries to access Microsoft Power Automate (Flow) approvals via email notifications that the Flow sends to them. When clicking on the approval, they get an error "Something went wrong. The requested approval is not accessible to the caller." When directly accessing their approvals at us.flow.microsoft.com > Action items > Approvals, they only see approvals up to January. The same approvals are working for other users. How do I fix approval access?
I tried having the user login via an incognito tab. I also checked whether the user still has MS PA licenses assigned to them, and they seem to be correct (the user has MS 365 E1, MS 365 Business Premium, and MS Power Automate Free).
Figured out the what was causing the issue for our user. The user had a duplicate enterprise microsoft account, so both were being sent the email notification about the approvals, but only the duplicate account was being given access to them. Removing the duplicate account fixed the issue.
If we had had two users with the same name & neither can be deleted, another solution would've been to change how the approvals are routed (ie. by email instead of name.)
When I go to Authorize?Login, A user in the desktop outlook Web-Add-In I get this image above. This is happening in my desktop app not in the web version. It is asking me to do I want do this.
I think this is happening becuase I have a javascript timer set in the background to check to see a authenticated cookie is present before asking the user to login again.
I tried using Office Authorization dialog boxes but they are not working correctly.
Outlook 2016, Exchange 2016
ALso 1 more question in the outlook desk top is there a way to see a console so I can see some of my logging I have created?
So the what I am working on is the ability for a user to login into our system, store a valid token, and the user can then record email messages into our system to track communications between them and the person doing the email.
So I ask them to log into our OAuth server, Outlook would store that token, and every time the user wanted to recorded a message they would simple press a button.
I made a members-only site that uses Google oauth2 to authorise users. The site is built with the Laravel framework and Artdarek's oath library.
When the authorization callback comes from Google, I lookup the user record in the DB by email and proceed to the protected page if the record exists, otherwise to a register page.
The problem is some of our members use two Google accounts. One user registered via his primary account (e.ge. a#gmail.com). The next day he returned and mistakenly tried to login with b#gmail.com. Naturally the system showed him the registration page. From that time on each time he visits the site the authentication mechanism sees him using his second (unwanted) set of credentials.
To resolve this one case I instructed him to logout of all accounts (on both sides), clear cookies and start from scratch but this is not a practical solution for all users. In same cases even this measure does not seem to correct the problem.
How can I solve this case? What is the right way to request oauth authentication and get them back from the right account? Can I force Google to ask the user with which account to proceed?
Google will automatically ask the user which account they want on an oauth request if they enable the account chooser.
I have logged into my Google Apps and my Google account, so for me on an oauth request, I get the following prompt:
In order to do the same for your user, they have to click "Stay signed in", but of course this is not advisable for public computers.
Beyond the above, I'm afraid not much can be done. - if they logged in with a#gmail.com at that time, these are the credentials you will receive.
They way I solve this problem is to have a field where the customer can add additional emails, and select one that is primary. I will then inspect against these emails when a request comes in to avoid duplicate user accounts.
I need to add the new embed Yammer Widget to a page. I managed it by simply adding the embed code to my page, but the yammer login seems to appear all the time.
I have to say that I don't have any experience with Yammer but I've read the Yammer Embed Installation Guide as well as other documents. Still, I am not able to find whether or not it is possible to pass some kind of credentials (mail, etc.) in order to prevent the embed yammer to display the login to the user or at least have the login display only once.
Can anyone help me?
From Yammer support: "A user would still need to log in to both your intranet and Yammer embed instance even with Single Sign On enabled. There is an open project for our Product team to allow for just a single log in so that when a user is logged into SSO for your intranet, they would also be auto-logged into embed."
If you add both the Host site and Yammer (https://.yammer.com & https://.assets-yammer.com) to the trusted zone in IE, it should pass the OAuth token after the first login and authorisation. I've tested this in IE8 and IE10 successfully.
Regards,
Chris
I am using DotNetOpenAuth to log in users with FB and Google.
When a user visits the website, is there a way to detect that he/she has already logged in to FB or Google and log them automatically?
Thank you
Yes, if your user has already explicitly logged into your web site using Google or Facebook before. For privacy reasons neither provider will allow you to implicitly log their users in without each user explicitly signing into your web site at least once (and clicking "remember me" at their login page while doing so).
Once the user has approved that, it becomes possible but still isn't very simple. The approach involves creating a hidden iframe on your page (perhaps when the user session is first created, you add the iframe to whatever page the user is viewing, or just your popular landing page). This iframe is pointed at a URL on your site that does nothing but initiate the no-user-interaction login flow. For Google, this means your server makes an OpenIdRelyingParty.CreateRequest call with the Google OP Identifier, and you set IAuthenticationRequest.Mode = AuthenticationRequestMode.Immediate on the returned object before calling IAuthenticationRequest.RedirectToProvider. The Immediate bit tells the Provider to not expect to interact with the user (since your iframe is invisible) and to either give an immediate yes or no response. Then in the redirect back to your site (still in the hidden iframe) you'll see the user is logged into Google (or not) and get their Claimed Identifier and log them into your site.
For Facebook which uses an old draft of OAuth 2, the process may be similar, but use the OAuth 2 classes. I haven't done this one though, so I can't really give an overview.