I’ve hit the following walls with integrating native facebook/google login on a mobile platform.
you need to make a service that can be accessed without a session token to verify the token supplied by facebook sdk or google sdk. You can’t make a service public, so you can’t verify a token before being logged in.
If we will find a way to make our own PUBLIC scripts to validate the tokens, how can we link a certain user to certain login properties. Every user needs a password at the moment. How can we add properties to that certain user.
Can you layout the end-to-end flow that you are using to implement OAuth for your app? If you haven’t seen this already, here are some documentation that explain how OAuth works in DreamFactory.
oauth is not for mobile applications. On mobile you get a token from the facebook sdk for example which you must validate on the server side. No webview or redirect link like oauth involved.
You receive a json here stating if your token is valid or not. If it’s valid you continue with registering your user. I have no ideea how to create a shadow user if google+ and facebook or a manual account exists with the same email.
But at the moment I can’t call a service that has a script that will verify these tokens because I don’t have a session token for dreamfactory. You are not logged in before you need to use this validation.
@nvasilescu, are you trying to implement OAuth using DreamFactory server side scripting? Have you followed the instructions on the two links I gave you above?
DreamFactory will automatically create the shadow user for your OAuth user when successfully logged in using OAuth. No need to register the user.
Also you can expose any service in DreamFactory using the API_KEY via an app. You need to create a role first that has desired access to your service. Then create an app in DreamFactory and assign this role to this app. Use this app’s API_KEY when you call you service and it will work without requiring session token.
Oauth is not helping on mobile because you sign in trough the facebook sdk on that certain native platform. There’s no redirect link involved as it will oblige you to open a webview in a mobile app to login with facebook while having facebook application installed. The good way is:
getting facebook token from calling facebook sdk
send the token to your backend and validate it trough a http get. If it’s valid register the user. Here is where I should be able to create a shadow user if the user already exists but with a different login provider by manually specifying that. Which I didn’t found a way of doing that at the moment.
In both linked tutorials we’re advised to make a POST request to user/session endpoint with oauth_callback param. Does it actually work for anyone, cause I’m getting “Login request is missing required email” error when I follow these instructions?
Ok, to answer my own question. It does work. You need to pass state param back and forth, remember about slash at the end of redirect URI and possibly update the df-oauth and or laravel-socialite packages with composer to avoid problems with FB GRaph v2.2 being pulled out recently.
I managed to make it to work with a native iOS app so if anyone has questions, ask me while I remember what’s going on.
I have 5 web server X.X.X.4, X.X.X.5 , X.X.X.8, X.X.X.9 and X.X.X.12 and on X.X.X.12 webserver i have installed dreamFactory and X.X.X.4 is load balancer , All web server can access through VPN only .
Please let me know any way to resolve this issue through dreamFactor.
sara edward
hr@ dissertation proposal writing
We have had this problem since ages. Here is what we’re doing :
Have a common password for ALL users ( A static Password )
In the Create Session POST we are getting the session token with a static password. THEN we’re re-authenticating with a POST/PRE script and only returning the token when the RE-AUTH has succeeded. We re-authenticate using FB or Google or Email based auth again.
This is because FB / Google or any 3rd party service cannot be easily integrated with DF where login is not via OAuth.
The real life scenario is that if a user with email x@abc.com has registered via email. and then later he uses FB with same email x@abc.com and tries to authenticate, these are both same users and shadow user will not work in this case. Both accounts with same email needs to map to same DF user account.
Further, many FB accounts do not return a valid email ID as many have registered via Phone numbers, so DF user restricts and makes email id mandatory. I think username could/should be made mandatory instead of emails.
I think this could be better handled in future with a better built in mechanism.
