Mobile facebook/google authorizations

nvasilescu 2016-03-03 15:58:36 UTC #1

I've hit the following walls with integrating native facebook/google login on a mobile platform.

1) you need to make a service that can be accessed without a session token to verify the token supplied by facebook sdk or google sdk. You can't make a service public, so you can't verify a token before being logged in.

2) If we will find a way to make our own PUBLIC scripts to validate the tokens, how can we link a certain user to certain login properties. Every user needs a password at the moment. How can we add properties to that certain user.

Thank you.

aislam 2016-03-03 20:05:07 UTC #2

Can you layout the end-to-end flow that you are using to implement OAuth for your app? If you haven't seen this already, here are some documentation that explain how OAuth works in DreamFactory.

http://blog.dreamfactory.com/using-dreamfactory-2.0-with-oauth-services
http://wiki.dreamfactory.com/DreamFactory/Tutorials/Using_OAuth

nvasilescu 2016-03-03 20:40:08 UTC #3

oauth is not for mobile applications. On mobile you get a token from the facebook sdk for example which you must validate on the server side. No webview or redirect link like oauth involved.

nvasilescu 2016-03-04 09:10:21 UTC #4

for facebook you need to call on the server side after getting the access token from the native sdk on mobile (in this case facebook sdk):
https://graph.facebook.com/debug_token?input_token="+request.params.token+"&access_token=request.params.acces_token

-> https://developers.facebook.com/docs/facebook-login/access-tokens/debugging-and-error-handling

You receive a json here stating if your token is valid or not. If it's valid you continue with registering your user. I have no ideea how to create a shadow user if google+ and facebook or a manual account exists with the same email.

On google + you verify the token sent by your app to the server side like :
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token="+request.params.token

But at the moment I can't call a service that has a script that will verify these tokens because I don't have a session token for dreamfactory. You are not logged in before you need to use this validation.

@aislam

Thank you.

aislam 2016-03-04 12:45:47 UTC #5

@nvasilescu, are you trying to implement OAuth using DreamFactory server side scripting? Have you followed the instructions on the two links I gave you above?

DreamFactory will automatically create the shadow user for your OAuth user when successfully logged in using OAuth. No need to register the user.

Also you can expose any service in DreamFactory using the API_KEY via an app. You need to create a role first that has desired access to your service. Then create an app in DreamFactory and assign this role to this app. Use this app's API_KEY when you call you service and it will work without requiring session token.

nvasilescu 2016-03-04 13:11:28 UTC #6

I have found the tutorial for guest user (http://wiki.dreamfactory.com/DreamFactory/Tutorials/Setting_up_guest_access) . Implementing now.

Oauth is not helping on mobile because you sign in trough the facebook sdk on that certain native platform. There's no redirect link involved as it will oblige you to open a webview in a mobile app to login with facebook while having facebook application installed. The good way is:

1) getting facebook token from calling facebook sdk
2) send the token to your backend and validate it trough a http get. If it's valid register the user. Here is where I should be able to create a shadow user if the user already exists but with a different login provider by manually specifying that. Which I didn't found a way of doing that at the moment.

Konrad 2017-03-27 12:32:39 UTC #7

In both linked tutorials we're advised to make a POST request to user/session endpoint with oauth_callback param. Does it actually work for anyone, cause I'm getting "Login request is missing required email" error when I follow these instructions?

Konrad 2017-04-03 10:59:36 UTC #8

Ok, to answer my own question. It does work. You need to pass state param back and forth, remember about slash at the end of redirect URI and possibly update the df-oauth and or laravel-socialite packages with composer to avoid problems with FB GRaph v2.2 being pulled out recently.
I managed to make it to work with a native iOS app so if anyone has questions, ask me while I remember what's going on.

SARAEDWARD 2017-04-06 11:22:00 UTC #9

I have 5 web server X.X.X.4, X.X.X.5 , X.X.X.8, X.X.X.9 and X.X.X.12 and on X.X.X.12 webserver i have installed dreamFactory and X.X.X.4 is load balancer , All web server can access through VPN only .
Please let me know any way to resolve this issue through dreamFactor.
sara edward
hr@ dissertation proposal writing