Arc Welder Dropbox Auth - google-chrome-arc

Has anyone figured out how to get Dropbox to Authenticate correctly?
The flow that works correctly on device launches the login page in Chrome as expected, but upon clicking "Allow" nothing happens.

Related

Cookies in MS Teams Tab application

I've been trying to work out authenticating users into my app, which is running inside a MS Teams Tab application, and I'm having issues in mobile.
To authorize requests in the application, we just need to have a cookie in place that the server sets when the user authenticates. So for this to work inside Microsoft Teams, I've been trying to just send the token to the iframe and set the cookie. Everything works pretty well on web and desktop, but on mobile (I've tested only with iOS so cannot really tell about Android), the cookie doesn't work at all.
I've tried to set some test cookies and read them, and it doesn't work. So my question is if there is a way to work with cookies in mobile? Is it an issue on my end or has it been disabled in the web view that loads the tab? Is there a way around it or any suggestion that would help solve my problem?
Thanks for the help!

Fortify email verification only works when verification link is pasted in tab where user is logged in

I'm using quite a completely vanilla Fortify setup, sending email verification links is working with mailtrap. However, when I click the link in the mail, it opens the app and makes the user login, after which it doesn't redirect back to the verification url, but just shows the homescreen that tells the user to verify their mail.
The only way the verification link does work is when you paste the link in a tab where the user is already logged in. At first glance, to me it seems like a browser issue, that the browser doesn't preserve the cookies, but I've tried with different browsers (Safari, Chrome and Firefox) and all have the same issue. I run the laravel app locally through valet (or expose when I need to test API calls from a third party service) and dev environment on ubuntu 20.04, both have the same issue.

Why is the my oauth page refreshing instead of authorizing the user?

I am using jekyll-google-auth to secure this website. Visiting the site should prompt the user to authenticate with google, and if they are in my company domain, they should get access to the site.
I have the google app set up, my dyno is up and running, but when I visit the site and click "allow" (or "deny" for that matter) I am not redirected to the site, instead it seems to refresh to the same auth page. I can click "allow" or "deny" indefinitely and never get to the site.
My redirect uri in my google app settings is:
http://dash.fractalhardware.com/auth/google_oauth2/callback
The command jekyll-auth new is supposed to run through setup for you, but it failed for me. It spit out an error when I entered my domain when prompted for GOOGLE_EMAIL_DOMAIN. So I went into the heroku settings and just added it manually in the config variables. I read through the code for the jekyll-auth command and confirmed the setup should've been complete. I don't think that's related to the auth problem but it's the only obvious hiccup I've come across.
Any idea why the oauth page seems to refresh/redirect to itself instead of authorizing the user and showing the site?
Thanks,
Dave

How to make OSX Yosemite webviews work with ADFS

I'm using a webview to host a log in page that redirects to an ADFS server to offer single sign on. This works on 10.9, but I noticed for OSX 10.10 I am able to get to the point where the ADFS server will present an http authentication challenge, the webview will show the default dialog to enter credentials, but after entering the credentials I never see the expected redirects that eventually allow the single sign on process to complete. Even if I cancel the webview prompt to login, I never receive a didReceiveResponse message (in the WebResourceLoadDelegate protocol).
Does anyone know of any changes in the webview for 10.10 that may cause it to stop sending/receiving requests/responses like this?
Update: It looks like this issue is a problem with WebViews and HTTP Basic Authentication in general. I have created a simple mac application with a single web view, and pointed it to a apache web server with a folder protected by an .htaccess file. While the app is able to successfully view the actual web page after the user enters their credentials in the login prompt on 10.9, on 10.10 this fails in the same manner as described above.

Windows Authentication doesn't prompt for login

I've had Windows Authentication setup on an area of our website for some time now, and it has worked flawlessly so far.
Recently, the login prompt stopped appearing and went straight to "Page cannot be displayed" for some reason.
While connected to our network, the page works fine.
Outside our network, users are supposed to receive a login prompt but they now do not, instead receiving the "page cannot be displayed" error.
Why would this suddenly occur, and how is it fixed? I have tried removing the virtual directory and re-adding it but nothing seems to work.
The strange thing is this is only happening in IE - Google Chrome works fine (I receive the login prompt).
Is there a setting or something inside of IIS that disables this login prompt or something? It is strange it is an IE specific issue as well - there were no changes to the state of IE from one day when it was working to the next where it wasn't.
Anyone have ideas on what might be causing this?
Thanks
Oddly enough, I'd wonder why you were getting the login prompt before now.
If you're logged in to Windows and the site you're browsing to uses Windows Auth, IE will automatically try to pass the logged in user's credentials to the site (this all depends on your domain configuration/trust setup...something may have changed with those settings at the domain level that changed the behavior of your IE).
Chrome/Firefox/Safari don't have this functionality, which is why you're still getting a login prompt.
There is a checkbox in internet options->advanced tab to enable/disable Windows Authentication, but you said that there were no changes. Either way it is something to check.
It sounds like you are hitting a security setting in IE.
IE stops windows authentication information from being sent to sites that you do not trust.
You could try adding the site to your list of trusted sites.
You can start by taking a network trace both Internally and Externally, reproduce the issue and see if the request actually reaches the web server. Also, check the IIS logfile for the "Page Cannot Be Displayed" response.
Let me know if that helps or if you have more questions.
Regards,
Vivek.
You need to take a network capture (www.fiddlercap.com) to get any real help with this.
IE supports the "Negotiate" protocol in addition to NTLM; Chrome and other browsers typically only support NTLM.

Resources