I am implementing Facebook OAuth on my localhost where I made following configuration :
1) Setting(Basic) :
Domain : localhost
Site URL : http://localhost:9090/Facebook_Login/fbhome
Where I have changed the tomcat port to 9090 & "fbhome" is servlet which displays some information like name, gender, email after successful implementation
2) In Facebook Login section :
Valid OAuth redirect url :http://localhost:8080/Facebook_Login/fbhome
But I encountered 2 errors as mentioned below :
The requested URL /Facebook_Login/fbhome was not found on this server.
URL Blocked: This redirect failed because the redirect URI is not
whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
Please can anyone correct me if I have done any mistake in my configuration. It would be nice if I got proper solution. Because I googled a lot but couldn't find exact solution for it.
first you need to register to your application with call back URL, then you will get the appId and SecretId.Use those Id's and call FB OAuth url with you callbackURL
Related
i'm trying to integrate java application with azure ad .
i have registered an app in azure and added redirect url's , after successful login , it was redirected to my java application where i am fetching authorization code using msal library.
Getting the below exception
com.microsoft.aad.msal4j.MsalServiceException: AADSTS500112: The reply address
'http://testUrl' does not match the reply address 'https://testUrl
the only difference i see in the above url's is http and https, even though i mentioned https in both redirect url in the app registrations as well as redirect_uri in the microsoft login url.
btw, it was working with my local environment, not working when i hosted it on the server .
We had the same issue after it was deployed in production environment. The reason the https became http is since I was in a load-balanced environment, the outside URL differed from the inside URL (The load balancers off-loaded the SSL processing). When the http request from azure reached our web filter, the httpRequest.getRequestURL().toString() get the http instead of https. What we did is, ask devops team to add a header in httprequest with the original url sent to load balancer, and in our code, we extract the http header instead of the http request itself.
Specifically, change
String currentUri = httpRequest.getRequestURL().toString();
to
String currentUri = httpRequest.req.getHeader(HEADER_PROXY_URL);
The HEADER_PROXY_URL is the header name that devops inject the original url.
According to my research, the redirect URL for web apps and services must begin with the scheme https. If you want to use the scheme http, you just can use http:\\localhost. For more details, please refer to https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-endpoint-comparison#restrictions-on-redirect-urls
I'm just trying to make a simple app, but I can't even get past authenticating the user. I am using the Google OAuth Client Library for Java.
These are the current steps I am taking:
Start local web server to listen for the loopback response after the OAuth authentication.
Generate the auth URL:
String url = new AuthorizationCodeRequestUrl(AUTH_URL, CLIENT_ID)
.setScopes(scopes) // Contains https://www.googleapis.com/auth/drive.readonly
.setRedirectUri(LOCALHOST + r.getPort()) // Port of local web server
.build();
Use URL to authenticate account.
Google returns auth code.
Exchange auth code for access token.
TokenResponse token = new AuthorizationCodeTokenRequest(...)
.setRedirectUri("http://localhost") // <--
.setClientAuthentication(getClientAuth()) // ClientParametersAuthentication object
.execute();
This is where my problem occurs. No matter what value I put in for redirect_uri, I always get {"error":"redirect_uri_mismatch","error_description":"Bad Request"} in return.
Searching Google for the error, every single result says that it's because the redirect_uri I sent is not registered in the API console.
When I download the credentials json file, the redirect_uris section contains "urn:ietf:wg:oauth:2.0:oob","http://localhost", but it's all the same error no matter what I put in.
I went to the Credentials section of the project to fix it, but since this is an installed application, creating credentials for the project gives me no option to set any redirect uris. The only way to get access to changing redirect_uris are to create the credentials for "Web application," but this isn't a web application and I don't have a domain it can redirect to.
So I'm stuck, redirect_uri options are not available to me and no value that I use works, I honestly don't know what else to try. What steps can I take to fix this?
It turns out that the same redirect_uri must be used for the auth code and access token even if it's not going to be used for retrieving the access token.
Sorry, this problem has many variables so I might not be isolating the problem correctly.
Our website/application is using HTTPS under the Play 2.1.2 framework behind Okta. Okta uses SAML to authenticate. Our Java files for all of our pages (in the Java code) has #RequiresAuthentication(clientName = Saml2Client) so the user is forced to log in with their Active Directory login on Okta to access our site.
We used SAMLTracer on Firefox to determine that the webpage seems to be authenticating with Okta through SAML correctly. The problem we're running into is when using HTTPS, we're getting a 404 error for the main page. The log says:
[ERROR] - from application in play-akka.actor.default- dispatcher-9 oops! page not found: uri = /
As an experiment, we used HTTP instead of HTTPS and we don't get that error and our page loads up fine. The routes file is the same so it doesn't make sense that HTTPS doesn't work but HTTP does with the same routes file. The OKTA config are identical for both HTTP and HTTPS, sans the url (for HTTPS we used https:// and port 8443 instead of http:// and port 8080). What else might be causing this problem?
Can anybody help me to invoke Facebook OAuth Dailog for FB 2.4? I tried
http://www.facebook.com/dialog/oauth/?
client_id=APP_ID
&redirect_uri=REDIRECT_URL
&state=RANDOM_NUMBER_PREVENT_CSRF
&scope=email
&response_type=code
But I got error
Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains
When I check the saml trace it seems I'm not getting a response from FB for the above request. Did I miss anything? Please advice me on this. Thanks
I am trying to get the refresh token from Google in order to access Google drive. So Far I have managed to create a page in google app engine which redirects me to authentication page and I am able to get the code. The url address for getting there is
Window.Location.assign("https://accounts.google.com/o/oauth2/auth?scope=profile&redirect_uri=http://127.0.0.1:8888/oauth2manager/redirect&response_type=code&client_id=1058171155388-hg2akr2idan7c2kvdam9b89vptcjai8i.apps.googleusercontent.com");
I then get redirected to the /oauth2manager/redirect servlet and get the code inside the doPost method
String code = request.getParameter("code");
My problem is that I cannot proceed as I constantly get the above error "Required parameter is missing: grant_type" I have tried restclient wiztools, RestEasy firefox extension even curl.
here is my Curl script
#!/bin/bash
$code= "4/E7i1aKu4C-Pf23-8hY4Y8OBe9IBZ.wtKglnd8-CMdOl05ti8ZT3aNPWw7igI";
curl -v --data "code="+$code+"&client_id=1058171155388-hg2akr2idan7c2kvdam9b89vptcjai8i#developer.gserviceaccount.com&client_secret=JHXTAT4UWwsNaMgm******&redirect_uri= http://127.0.0.1:8888/oauth2manager/redirect&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
How can this be solved? I am a total newbie at this.
I think your mixing Oauth types. The code you are using is for normal Oauth2. But your clientid is for a service account.
Normal Oauth2 will ask a user if they want to allow your access to their data. A service account is for allowing others access to the application's data, there is no permission request with a service account.
Link to the documentation for service accounts. Service account