I have been reading through the Yammer embed API doc and one thing to me is unclear. Can our users embed our Yammer group feeds into a website that will be publicly viewable?
I used the code that was provided by clicking on the Yammer Embed button from the web interface, and it appeared that it required authentication. Is it possible that a user could embed this in a website with an auth token so that it would be visible without login?
If this is possible, is there a way that I as a network admin can restrict the embed feature?
Thanks!
By the nature of Yammer being a private, corporate social network, you are NOT able to embed a feed from your network that is displayed publicly without user authentication using the Yammer Embed widget.
Related
I have a bot running on a hosting page where users are logged in using SSO.
I want to authenticate the user in the bot automatically when the bot starts and I do not want to use anAuthCard to do it. Just want to automatically authenticate the user without prompting anything to him, just using SSO.
I found an article that refers three ways to authenticate an user in the bot:
Sharing the client's user token directly with the bot via ChannelData
Using an OAuthCard to drive a sign-in experience to any OAuth provider
A third option, called Single Sign-On (SSO), that is in development.
And, according to the article my situation is:
WebChat in an authenticated website where the user is already signed in and the website has a token to the same identity provider but to a different app that the bot needs -> in the future, this is single sign-on, but for now you 'll need to use an OAuthCard.
Is there any update about this functionality? How can I authenticate the user into the bot without using an OAuthCard or a SigninCard?
Thanks in advance
Not sure if you have tried the option of using WebChat with Azure Bot Service’s Authentication which provides built-in authentication capability to authenticate chat users with various identity providers such AAD, GitHub, Facebook, etc.
If you are looking for this built-in feature, then probably you need to build your own custom built solution using Google sign-in by passing the token ID of the authenticated users. Or for an Account linking OAuth2 solution as explained in this link: How to implement Login in Dialogflow chatbot.
Microsoft guys Are looking at the issue now. you can track the progress here.
I implemented a solution that worked for me. I have the bot running in a .net core web app
Here's what I did:
Generate an userId before initializing the BotApp
When the user clicks on the button to open the webchat, I'm opening an authenticated controller in a popup that receives the generated userId. The page is authenticated, so you will need to authenticate. I store the userId in my DB, along with access_token and some user information. The controller should be created in the same webapp where the bot is running.
After storing all the information I close the tab and start the BotApp with the generated userId
In bot code you will be able to query your DB (using userId).
To wait until the popup close, you can have a look into this here.
I hope that this helps someone.
Best regards
I followed the example of AuthExample that uses Custom Chrome Tabs with Azure AD B2C policies.
I do not find any resources on how to style the custom chrome tab (and respectively the Safari controller). The tab always shows the URL in the header and the standard colors which does not look very native.
I know I can style the page content itself within Azure portal.
Can anyone guide me to links or tutorials on how to style the browser view to adapt to my app design and at least not show the Microsoft URL when the user signs in/up. In my opinion the user shouldn't even notice he is redirected to a browser tab.
The beforementioned link suggests, that it is possible to at least hide the URL bar at local sign in / sign up. For third-party identity providers it isn't a problem to get redirected to another (identity provider owned) site.
It is not possible to remove the URL in the Xamarin control.
The ideal way to achieve full UI customization is to use the OAuth Resource Owner Password credential flow. This will allow you to build your own UI and not leverage a web view (aka Custom Chrome Tabs and Safari controller) for local account. Keep in mind that for 3rd party identity providers like Facebook and Google, there is no way around the web view and the URL in the header. This is by design and a key security requirement to prevent phishing.
At this time, this flow is not supported in Azure AD B2C. You can support this ask and stay up to date on its status by voting for it in the Azure AD B2C feedback forum: Add support for Resource Owner Password Credentials flow
I am using yammer REST API to get group data in sharepoint from yammer, it is opening a new tab for authentication. Is there any way to prevent this new tab?
I tried to open yammer in a hidden iframe, which gives me error - "Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin'."
It sounds like you're using the JS SDK to make REST API calls. It needs a way to authenticate those calls so if it doesn't have an OAuth token to use from another source, it prompts you to login. Take a look at this blog post that describes how to preauthorize the JS SDK so you can start making API calls scoped to the user loading the page without requiring any interaction from the user.
https://blogs.technet.microsoft.com/askyammer/2016/11/04/preauthorizing-the-yammer-js-sdk/
I'm working on a SharePoint online (O365 Multi-tenant) environment and trying to integrate Yammer feed into the SharePoint site. SharePoint sites are authenticated to the users thru their AD account(/credentials) while Yammer credentials are not (Yammer username is same as the user's email address in AD but the password is different). This scenario is not allowing me to perform single-sign on. Hence, I've resorted to have a service account that will always be used pull the yammer feed on the SharePoint site, irrespective of the user logged in to the SharePoint site.
From my study and understanding so far, embedding yammer script is not really a viable option in my case (because it would always present the login button to the user or take the cached yammer credentials from the browser). My objective is to by pass this for users when they view the SharePoint page, but when they post or reply to yammer network from the SharePoint site feed, they should not be challenged for credentials (or at the least should enter credentials only once). I'm trying to achieve this thru provider hosted SharePoint app. Any suggestions or ideas on how to achieve this?
I need to add the new embed Yammer Widget to a page. I managed it by simply adding the embed code to my page, but the yammer login seems to appear all the time.
I have to say that I don't have any experience with Yammer but I've read the Yammer Embed Installation Guide as well as other documents. Still, I am not able to find whether or not it is possible to pass some kind of credentials (mail, etc.) in order to prevent the embed yammer to display the login to the user or at least have the login display only once.
Can anyone help me?
From Yammer support: "A user would still need to log in to both your intranet and Yammer embed instance even with Single Sign On enabled. There is an open project for our Product team to allow for just a single log in so that when a user is logged into SSO for your intranet, they would also be auto-logged into embed."
If you add both the Host site and Yammer (https://.yammer.com & https://.assets-yammer.com) to the trusted zone in IE, it should pass the OAuth token after the first login and authorisation. I've tested this in IE8 and IE10 successfully.
Regards,
Chris