I have several Meteor apps hosted on Heroku. This usually has worked fine.
The last few I've set up, however, are having issues with the accounts-google OAuth package. What's supposed to happens is:
User visits www.foo.com/login and clicks "Sign in with Google"
Google authenticates and calls back to www.foo.com/_oauth/google?close
The popup closes and the user is now authenticated on www.foo.com.
Instead, at step 2, Google is calling back to foo.herokuapp.com/_oauth/google?close. The upshot is I can't log in at www.foo.com. I can go to foo.herokuapp.com/login and that works, but that obviously is only a short-term solution for admins and untenable for ordinary users.
When meteor boots it uses a ROOT_URL env variable. If you set this to foo.com instead of foo.herokuapp.com it will no longer do this.
Meteor uses the ROOT_URL environment variable to determine where to redirect to with the oauth plugins
Related
I am using jekyll-google-auth to secure this website. Visiting the site should prompt the user to authenticate with google, and if they are in my company domain, they should get access to the site.
I have the google app set up, my dyno is up and running, but when I visit the site and click "allow" (or "deny" for that matter) I am not redirected to the site, instead it seems to refresh to the same auth page. I can click "allow" or "deny" indefinitely and never get to the site.
My redirect uri in my google app settings is:
http://dash.fractalhardware.com/auth/google_oauth2/callback
The command jekyll-auth new is supposed to run through setup for you, but it failed for me. It spit out an error when I entered my domain when prompted for GOOGLE_EMAIL_DOMAIN. So I went into the heroku settings and just added it manually in the config variables. I read through the code for the jekyll-auth command and confirmed the setup should've been complete. I don't think that's related to the auth problem but it's the only obvious hiccup I've come across.
Any idea why the oauth page seems to refresh/redirect to itself instead of authorizing the user and showing the site?
Thanks,
Dave
I followed tutorial on:
https://spring.io/guides/gs/accessing-facebook/
I run the application and successfully authenticate with a single user. Home page returns my feeds.
Now I connect to the application from another browser/machine and go to home page - I see feeds of first browser session/machine.
I am expecting to be asked to log in again when connecting from different browser/machine.
What am I missing?
Didnt try it, and depends on exact configuration :
When you logged in on the first browser you gave facebook the permission to allow your application to access your facebook account.
If you are logged in to facebook before on the other browsers with the same user, the permission given to the app through interaction on the first browser might be sufficient.
You can try to use incognito mode on a browser, in this case you should definitely have to authorize again.
I have made a Facebook app in Ruby (using Sinatra and Koala), deployed it on Heroku and sat up all the settings and it works that way, but now I have to debug some functionality and for that reason I need to run application from localhost (using foreman start).
I have read somewhere that I should make development version of my app and specify site url to localhost:[port_num] and I have done so.
The problem is when user(me) reach localhost:5000 and application redirects it to Facebook to get permissions (when Facebook login dialog should appears). At that point this error occurs:
App Not Set Up: The developers of this app have not set it up properly for Facebook Login.
I saw this issue but in my development version of app there is no status and review settings and I don't see how to make application alive.
How to set up my app for Facebook Login while it runs on localhost?
or
What is the proper way to run Facebook app from localhost to get full functionality?
The problem laid in Advanced settings in security section - development app "inherits" settings from base app so in Settings->Advanced->Security->Valid OAuth redirect URIs was initially url of my base app not my localhost:5000 and it causes a problem. One of solutions is to leave this field empty (and leave app open to redirect attacks) or to fill this field with your Site URL.
It seems that development version of an application can't be "alive".
To allow Facebook Login for users of your development app you should register them as testers under Roles tab.
We are integrating our app in the new Google Marketplace.
Our marketplace config in the developer console is ok.
Our oauth2/sso flow is ok (scopes match the ones setup in the console, auth params ok)
All users, when accessing our application through the Navigation bar, don't see any consent screen. All is perfect … except the following :
when an admin user is installing our application for his domain for the first time, he is presented with the domain consent screen displaying the scopes defined in our marketplace config, which is fine, he accepts and is presented with a button "Launch app". This link hit our server and a redirection is made to google auth in order to get the email and profile of that user. The redirection happens quickly that the admin is presented with yet another consent screen displaying the exact same scopes … which is bad.
If we wait 10 - 20 seconds before clicking the 'Launch app' button and after having accepted the scopes for the domain, the redirection to google auth is done and no consent screen is presented to the admin.
Are we missing something? Some sort of pooling technique with callback? "Sleeping"?
The same happens with other apps available on Google Apps Marketplace.
I installed several apps from Marketplace (Mavenlink, Lucidchart, etc), and they showed exactly the same result. I was prompted with consent screen immediately after installing them. A bit later, and I was let in without prompting.
It seems that the information on the installed app is not immediately propagated through Google system. There is a short delay between the time the administrator installs an app to his domain, and the time that app becomes available on his domain.
Most users wouldn't mind to wait a minute after the installation. Unfortunately, a reviewer at Google is not that forgiving. If he is quick enough to start your app immediately after the installation, your app will be caught asking for consent, for which it will be rejected from Marketplace. Too bad.
I have a vanilla heroku-facebook app.
I can login initially just fine.
But, if I make even the slightest change to index/views.erb and logout, then the next time I try to login all I see is the my app's login render again.
$ heroku logs shows OAuthException: This authorization code has been used.
Perhaps I need a logout button?
OK. Here looks like a good start.
https://github.com/arsduo/koala/wiki/OAuth