I sat up facebook connect extension on my magento store, which allows customer to login to the store with their facebook account. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
I'm not fully aware of how that Magento app works internally, however what I would say is that Facebook strictly speaking, does not allow apps to work across multiple different URLs. You can add multiple subdomains, however.
There is also some unsupported functionality allowing you to run apps across different domains details in this question, though it's worth remembering, this is unsupported.
The Facebook docs have some more info on "App Domains", and how they should be configured.
Related
I have been planning to create a laravel+vuejs apps stretching across subdomains (presentation creator, forms creator, polls creator etc.,each in a subdomain) and will have 2 version of the same web app (indian version with different languages and content and international with different language and content) in 2 different domain say domain.in and domain.com but I want users from any app or domain to login with the single user login say from passport.domain.com we have WAP versions of the websites served from wap.domain.in and wap.domain.com and also mobile apps for both.
Now, normal users based on the userid and password, the user from .com domain will
be able to access apps and content only from .com domain and .in
will be able to access only from .in
Users will be able to login using facebook, linkedin, google, etc.,
We will have only a single app for iOS and Android and based on the username and password the apps will be able to access corresponding domain.
wap sites will login using the same passport.domain.com
mobile app will be able to access data from the domain through an appID and Key.
others will be able to embed the presentations and forms into their website using an api key and secret.
certain users will be able to transfer data created in one domain to another user in the other domain
admin users will be able to transfer data from both domains.
other platforms may be able to login using the user id from this platform.
is all this part of SSO (Single sign on) ?
is this achievable in laravel ?
is it advisable to write the sign in server in a different framework ?
different tech like SAML Outh2.0 and Open ID with terms like Authorization, authentication and id provider make it all confusing and baffling for a start up.
can some one tell me what tech are involved in the above process. and what one should be aware before jumping in to start development.
That's a lot of questions :)
IS IT POSSIBLE?
OAuth 2.0 based technologies will give you the best options, since:
It has the most up to date app security options
It is designed to be web, mobile and API friendly
Access tokens are designed to cross domains
WILL OAUTH DO EVERYTHING?
No it will not - you will need to build most of the above behaviour yourself, and implement a software architecture, as for any other security technology.
An Authorization Server will externalise logins / passwords and issue tokens. Your apps will then need to implement 'flows' including:
Web token based security and session management
Mobile token based security and session management
API token validation and claims handling
Integrating third party security libraries
GUIDANCE
When new to OAuth tech the best choices and design patterns are not clear, as you indicate. If it helps, my blog has some details you may find useful, but it is not a simple journey:
Step by step tutorials and code samples
Design posts on the tricky areas
Blog Index
This is not a Solution but an article I stumbled upon which explain the terminologies involved in user authentication and SSO.
Laravel authentication an overview
Hope this helps others who are looking for an answer like me now or in future.
I want to user Dropbox chooser API for my Ruby on rails application(This is not web app, This will be installed as standalone).
Issue is in specifying "Drop-ins domains", which currently i gave as "localhost. But for the machines on which it will be installed "machine name" will be used instead of localhost. And i cannot keep track of all installations and manually adding those domains
Please suggest, Is there some way to solve this problem? Can i use chooser API without drop-in domain?
The Dropbox Drop-ins API doesn't have any way of automatically adding domains, or registering any sort of wildcard, but we're tracking this as a feature request.
For reference, one thing that does work, though it sounds like it may not apply to your scenario, is registering just, for example, example.com, which would enable use on any subdomain of example.com, e.g., sub1.example.com, sub2.example.com, webmail.example.com, etc.
Alternatively, you can embed an iframe containing the button, which would be hosted on your own domain. This would let you just set that one domain in the app options page. It would be very important that you then restrict the set of domains that you allow to iframe your button though, but this list would now be under your control so you can set it programmatically. For example:
How to limit display of iframe from an external site to specific domains only
I sat up facebook connect extension on my magento store. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
Please follow this, and use extension it provided. http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
It worked for my multistore.
I am setting up a Ruby on Rails app to allow login via Facebook with Devise + Omniauth. I can got this working no problem with the APP ID and Token.
However I am having an issue that I am not sure how to get around.
I have 1 instance of the Rails app running on Server A I have 2 domain names www.domain-one.com and www.domain-two.com which point to Server A When I create the app in Facebook for www.domain-one.com it works ok but as soon as I add www.domain-two.com to the app domains it gives me and error "domain must be derived from your Site URL". Is it possible to allow multiple domains login with the same Facebook APP IDs?
If not then would an acceptable solution be to switch the details in the devise initializer file based on domain and does anyone know how to get the domain from an devise initializer?
Hope you understand what I mean.
Tony
You can specify multiple subdomains but they can only belong to one domain. That's because it must match the URL in the Website with Facebook Login > Site URL.
In this case, you can make one domain name as primary domain pointing to server A and the other one as secondary domain redirecting to first domain. then In facebook app use the second domain as site url.
There is another benefit of following this strategy, your websites SEO will be improved. if search engines find one content from different domains then it rank down the content, unique content from unique address increases the ranking.
I'm trying to move my web application to the Google Chrome store, and I want to charge for premium features. The problem is, to use the Chrome Web Store License API I need their Google OpenID identifier. I've read other similar questions, but none with code examples.
I found this example, but it seems to be for a different purpose.
So my question is, how do I use the Federated Login in a Sinatra / Rack environment to get that one parameter?
Thank you.
You need to authenticate users with OpenID. The link has an example that shows how to use Rack::OpenID.
With Google, instead of requesting the openid_identifier from the user you would need to hardcode https://www.google.com/accounts/o8/id as identifier (instead of params["opened_identifier"]) then run normal OpenID.