My application work with Google API. After authentication, it directs the response to redirect URL.
Can i redirect response to my local URL so that i can test my application.
Related
Hi I have an integration with KeycloakJS.
I'm able to login through redirect to keycloak webpage and have iframe to check for the token, also I'm able through http request to Keycloak with grant_type=password.
Is it possible once I login through HTTP request and get the token, to share the token to the Keycloak somehow, so when I refresh the page the iframe to be aware that I'm logged in, also when I go to keycloak website to be logged in there?
I'm trying to set up an OAuth Flow integration with another site and the redirect URL they have set up for me to test the integration is 'https://localhost:3000'. When redirected back to this link, the page doesn't show my localhost, it just gives Google's "This site can’t provide a secure connection" page. Is there a way to access localhost on https? or do I need to ask the integration site to change my redirect URL?
My entire website is under HTTPS. Any HTTP URL will be redirected to corresponding HTTPS link.
When I set up redirect URLs in Google and Facebook, only HTTP URLs match. How can I configure Spring Social to let Facebook or Google match redirect HTTPS URLs?
Sorry there is no simple solution yet. There are tickets open here: URIBuilder does not respect x-forwarded headers and here Redirect URL generation behind proxy server
The later one has a brief description which classes to override as workaround.
I am trying to implement a signin with Yammer button using devise omniauthable. I am following the guide on the github readme.
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
and
https://github.com/le0pard/omniauth-yammer
In Yammer I have set up my app with a Redirect URI http://127.0.0.1:3000/users/auth/yammer/callback.
This is giving me an invalid redirect_uri error when I visit http://localhost:3000/users/auth/yammer
All the Yammer documentation says the redirect URI should be https://example.com but how would that work in development and testing?
This project on github https://github.com/annado/bigboard has it working and I have tried to trace their code ad they suggest having the Redirect URI as http://127.0.0.1:3000
So I am just confused? What should the callback URI be?
For testing in Local
redirect_URL = http://localhost:3000/users/auth/
for development replace the localhost:3000 with your domain address.
I have a web application and API Server, the web application consumes API always via AJAX except in a couple of scenarios.
When I enable SSO for both, I face the well known problem - how to handle redirect in AJAX.
(A bit more details: Azure mandates that the user should login to AD only via its login page - so ideally when a webpage or an api endpoint is accessed, they should get redirected to the azure login page. Since HTTP302 redirect doesn't work well with XmlHTTP, user will not get redirected to the authentication page when API is accessed via AJAX)
I have a few options to solve this issue:
When the web application is authenticated redirect to a predefined api endpoint (eg: 'api/login') and that will take care of api authentication and once that is done, redirect it back to the web app. So the user will be redirected this way:
web -> azure login -> web -> api -> azure login (auto login) -> api ->
web
Load the api endpoint in an iframe (or an image) and wait for the load complete event
Authenticate only web application - Remove api from sso context and find some other of way to identify and validate the web request at API side (tokens, cookies)
Please help me to choose a right pattern.
AJAX follows redirects automatically:
How to prevent ajax requests to follow redirects using jQuery
Detecting a redirect in jQuery $.ajax?
You need to distinguish between the reply from the service and the login page, which you get after AJAX follows the redirect (but not with safari+cors!). For example, detection could be done by checking for a string inside of response body. When detected, just redirect user to the login page by document.location=<login-page-url>.
Another option would be to use a token inside of "Authorization" HTTP header instead of SSO for backend-service protection:
https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/