Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
When a user that usually authenticates with his facebook account and tries to run the "Reset Password" operation, he gets an email and can reset his password (which is clearly doesn't make sense because he does not have a password).
I guess it is just a bug in the "Reset Password" operation, but just to make sure, did it happen to anyone else?
Technically there is a password... and an app can allow a user authenticated via FB to set the username and password properties for their User object, giving them multiple avenues for logging in.
Fair point that we can likely identify this scenario and prompt the user to log in via Facebook.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I have an android client which doesn't implement any username and password login, it user OTP for login. So i have only firebase userID. How can i configure WebSecurityConfigurerAdapter to use this firebase userID to authenticate user and we don't have front-end website for logging in.
you need to configure spring security to use a custom autenticationProvider, and use firebase API to verify your tokens sent as a header of you request, have a look at this example HERE
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am new to spring MVC . I want to show a register button in login page only if user is not registered
I don't know whether you stored registered user data somewhere or not, though I assume that you store it to database and try to give this answer, may this will help to you.
First of all pull out all registered user data list from database while login & check whether user login credential is present in this list or not. If present then don't show registered button otherwise show it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm developing eBay Sinatra application and need to authenticate an user by their login and password to give them the ability to request their information from eBay by themself. By authentication I mean authentication by redirection (or something like) to eBay and entering their login and password. It's similar to Facebook authentication.
I did a research but found almost zero.
Your suggestions?
Omniauth has a strategy for ebay authentication. I haven't used it but omniauth is a competent gem for handling different login strategies for various sites out there. Recently I have used omniauth with rails but a couple of months ago I did likewise with padrino so I think it should work nice with pure sinatra also.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
when a user want to change his account email address, should i send verification link to his old email account?
I should beacuse worry hacker change her email address after success hacked.
I should not because the reason he want to change is email address is because he cannot login his old email account.
Any solution for this conflict? Should or should not?
It is reasonable question but in this situation you can sent Verification link to New account and Sent the information about changing email address to the old account.
Your worries are right, additionally the old email account may be unaccessable because of other reasons like forgotten password etc. So it is not a good idea to sent verification to old email address. But to send verification email to new address the user should have identified himself by password or whatever verification is used.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I've read https://stackoverflow.com/questions/41354/is-the-stackoverflow-login-situation-bearable and must agree to a certain point that openid (for me) makes it more difficult to log in. Not a show stoper but I'm used to opening the front page of the site, there's a small login form, firefox' password manager already filled in the correct values, submit, done. One click.
Here - and it's currently the only site with openid I use - the password/form manager doesn't even fill in my "login id". I often close all browser windows and all cookies are erased - and I would like to keep it this way.
Are there any firefox plugins you would recommend that make the login process easier? Maybe something that checks my status at myOpenId and performs the login if necessary.
Edit:
Unfortunately RichQ is right and I can't use Seatbelt. And Sxipper ...not quite what I had in mind ;) Anyway, both solutions would take away some of the "pain", so upvotes for both of you.
I've also tried the ssl certificate. But that only adds more steps. Hopefully I did something wrong and some of those steps can be eliminated:
Click "login" at stackoverflow
Click on the "select provider" Button.
Click on MyOpenId
Enter Username
Click "Login" (Sxipper could reduce the previous 4 steps to a single mouseclick)
MyOpenId login page is loaded
Click "Sign in with an SSL certificate"
Choose Certificate (grrr)
Click "Login" (GRRR)
Back to stackoverflow, finally.
What I really would like is:
Click "login" at stackoverflow
My (only) LoginId is filled in
Click "Login"
If necessary the certificate is chosen automagically, ssl login performed
Back to stackoverflow without any further user interaction.
That would be more or less what I'm used to - and I'm a creature of habit :)
VeriSign (ick)'s SeatBelt plugin: https://pip.verisignlabs.com/seatbelt.do
Ideally, the plugin would allow a higher-level of authentication. I know something like this was planned for the OLPC.
You could try Sxipper. It provides intelligent automatic form-fill, including auto-login.
From the Sxipper FAQ:
How does Sxipper support OpenID?
Sxipper remembers your OpenIDs and presents an overlay. You choose the one you want to use and login with one click. Sxipper also helps protect you against phishing.