I am trying to login to instagram and approve my app within my OS X app by opening a web view within my OS X app. I've tried both deleting all cookies and using private browsing independently from each other. I don't intercept requests/responses. First, when I try to open auth URL, I get the following (and correct) page both in my app and in Safari:
However, when I enter my username and password, if Safari, my Instagram account opens, redirects to the app correctly e.g. it logs in. When I enter my (obviously, the same) credentials in my app and click Log in, I'm transferred back to the same screen in a redirect loop of about 10 times:
https://instagram.com/accounts/login/?force_classic_login=&next=/oauth/authorize/%3Fclient_id%3DMY_CLIENT_ID_REMOVED_FOR_SECURITY%26redirect_uri%3Dhttp%3A//my.redirect.url.removed.for.security%26response_type%3Dcode
If I try to visit that URL in Safari, I get to the login screen (if not logged in), and I get redirected to the correct URL afterwards.
I've tried entering invalid credentials, I'm getting a different error, so it's not an incorrect username/password issue:
It appears like a cookies/redirection issue. I've removed all delegates just in case they are intercepting with the login mechanism, but no avail.
Why can't I login to Instagram on Cocoa web view while I perfectly can in Safari? I'm on the latest OS X 10.11.1 and Safari 9.0.1.
It was apparently a bug with Instagram's own cookies, which required a cookie storage reset inside the app's cookie container, which I forgot to clear (I cleared Safari's, but it's different from the app's container).
I've added an option to clear cookies on app startup:
NSHTTPCookieStorage *jar = [NSHTTPCookieStorage sharedHTTPCookieStorage];
NSArray *cookies = jar.cookies;
for (NSHTTPCookie *cookie in cookies) {
[jar deleteCookie:cookie];
}
I've invoked this code and the problem went away.
Related
We are building an electron application using v.4.1.4. Trying to access the browser window's webContents session cookies, but I am getting an empty object or undefined. The browser window is loading our web app's url and in this use case the user has logged in which sets a cookie (to our url). I can inspect the browser window and can see the cookies that exist, so I'm trying to understand why the following code isn't working:
let win = new BrowserWindow({ dimensions });
win.loadURL(ourUrl);
const ses = win.webContents.session;
console.log(win.webContents.session.cookies); <--- empty
I thought I could get the webContents session cookies, but perhaps I have to set a cookie when the user logs in.
The cookies.get API isn't very intuitive, try:
webContents.session.cookies.get({}, (err, cookies) => console.log(cookies))
I am starting to build an app that authenticates to a third party web service, and I'm having problems getting the authentication working. The login page is displayed correctly, but once the user logs in an error message is displayed: "The URL can't be shown".
I'm working on the iOS version of my app first, so I've only tested this on iOS so far using the Simulator. I initially thought that I wasn't registering the URL scheme for the redirect URL correctly, but if I put a breakpoint in AppDelegate.OpenURL(), and enter a URL with my URL scheme in Safari my app is launched.
Handling the OAuth2Authenticator.Error event didn't give any more information beyond the same error message.
This is my first time working with Xamarin Forms and Xamarin Auth, so I'm not sure what else to do in order to debug the problem. What else can I do in order to figure out the root cause of this error?
Turns out this was due to user error.
The redirect URL I was using didn't match the redirect URL I registered with the web service. Once I made them the same, the redirect URL worked as expected.
I'm kinda lost.
I see A LOT of TokenMismatchException exceptions in my production logs and all of them came from android devices (I log the useragent, ip, url and request method with every exception)
It's basically a simple landing page with form so I see no reason people might be on page for few hours (that'll cause session expiration). I also pass the XSEF-TOKEN cookie content using the X-XSRF-TOKEN header so this is shouldn't the problem
I tried using my iPhone and everything worked with: Safari (both private and regular modes), Chrome and Facebook inline browser
I also tried using my girlfriend's LG G4 using Chrome, Built in android browser and Facebook inline browser and it worked as well.
I temporarily disabled the csrf middleware for this specific route so people won't get errors but this can be really bad. So what should I do next?
I'm using Laravel 5.2, sessions driver is file (cannot do redis from the server the client gave me) and the sessions directory is writable. Lots of sessions are in the directory so this is not a permissions problem. PHP version is 6.5.18.
Thanks !
I'm trying to diplay a webpage on a Win8.1 webview. This webpage authenticates the user with a SAP login process. If I run this on a browser, the redirect works succesfully. However, when I try to do it on the webview, it doesn't redirect to the application's main page. I tried using Fiddler to catch the requests being made by the webview, and the funny thing is that, when I have fiddler running, the webview works and it takes me to the main page. I thought it had something to do with the fact that it is calling another domain when it does the authentication. So I tried adding the list of Content URIs but the problem is that the web server is using http.
I also tried using an iFrame with a win8 app but I'm still not able to get to the main page.
Anybody had a similar issue?
I have a simple google places library implementation.
var place_service = new google.maps.places.PlacesService(map);
place_service.search(request, place_callback);
It stops working if the browser (Chrome) is left open for several days, untouched. Upon trying the next search, I get 403 error from the library search call.
Unable to authenticate the supplied URL. Please check your client and signature parameters.
Here is the captured request URL:
Closing browser and restarting fixes.
Also have a mobile HTML mobile app (iOS, Android) with same implementation. The apps places functionality also stops working after several days. App must be killed and restarted to fix.
Something seems to be expiring?
This is normal behaviour, the token parameter in the request can expire after as little as a few hours. I would recommend issuing a page refresh when the user returns if the page or app has been dormant for more than a few hours.