Search Results

Search found 799 results on 32 pages for 'authlogic oauth'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/32 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • "uninitialized constant Authlogic"

    - by RailAddict
    Just followed the Authlogic tutorial. I am getting "uninitialized constant Authlogic" when I try run the app. After searching, I can see that it has to do with gems/plugins but I can't find a solution. Edit: My UserSession model is: class UserSession < Authlogic::Session::Base end

    Read the article

  • Any working tutorials for Authlogic?

    - by Mark Wilbur
    I've been trying to build my first rails app and have gotten stuck on the issue of user authentication. I've found a number of tutorials for using various plug-ins to do this, but so far every single one of them is out-dated, and as a result, broken! From what I've read, I think Authlogic may be the best fit for me, and I've tried two things: 1) Going through Railscast, episode #160 (which is a tutorial for setting it up) 2) Using Ryan B's nifty_authentication gem with the --authlogic tag In both cases, I get the following error as soon as I try to do anything with a user: undefined local variable or method `acts_as_authentic' for # I believe this is from the User model: class User < ActiveRecord::Base acts_as_authentic end I'm sure I've installed the authlogic gem, and I've added config.gem "authlogic" to my environment.rb Any ideas about what's wrong? Anybody know of a complete and up to date tutorial for adding user authentication?

    Read the article

  • Authlogic openid: getting undefined method openid_identifier? error in functional test

    - by usr
    I use Authlogic with the Authlogic-openid addon (I gem installed ruby- openid and script/plugin install git://github.com/rails/open_id_authentication.git) and get two errors. First when running functional test, I get an undefined method openid_identifier? message on a line in my new.html.erb file when running the UsersControllerTest. The line is: <% if @user.openid_identifier? %> When running script/console I can access this method without any problem. Second when testing the openid functionality and registering a new user to my application using openid and using my blogspot account for that I get the following in my log file: Generated checkid_setup request to http://www.blogger.com/openid-server.g with assocication ... Redirected to http://www.blogger.com/openid-server.g?openid.assoc_handle=... NoMethodError (You have a nil object when you didn't expect it! The error occurred while evaluating nil.call): app/controllers/users_controller.rb:44:in `create' /usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' The code in the users_controller is straight forward: def create respond_to do |format| @user.save do |result| if result flash[:notice] = t('Thanks for signing up!') format.html { redirect_to :action => 'index' } format.xml { render :xml => @user, :status => :created, :location => @user } else format.html { render :action => "new" } format.xml { render :xml => @user.errors, :status => :unprocessable_entity } end end end end The line giving the error being @user.save do |result|... I feel I'm missing something pretty basic but I have been staring at this for too long because I can't find what it is. I checked with the code on Railscasts episodes 160 and 170 and the bones GitHub project but found nothing. Thanks for your help, usr

    Read the article

  • I get an Exception when trying to implement reset password with Authlogic

    - by Tam
    Hi, I'm using Ruby on Rails 2.3.5 and Ruby 1.9 and implmeneted Authlogic as my authentication engine. Authlogic works fine. But now I have been trying to implement password reset using the following tutorial: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ But I'm getting the following exception when I type mysite.com/password_resets/new Processing PasswordResetsController#new (for 127.0.0.1 at 2010-03-13 01:09:45) [GET] Completed in 9ms (DB: 0) | 200 [http://localhost/password_resets/new] [2010-03-13 01:09:45] ERROR TypeError: can't convert Array into String /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat_with_safety' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:63:in `block in service' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `send' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/reloader.rb:22:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:62:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread' Honestly I'm not sure where to start debugging for this. Is it because I'm using Ruby 1.9? some people seem to be having trouble with Authlogic and Ruby 1.9: http://isitruby19.com/authlogic Please advise me how to go about solving/debugging this issues? Thanks, Tam

    Read the article

  • authlogic auto_register feature using my options

    - by holden
    I have auto registration working with authlogic using gaizka's version of authlogic_openid which I found on Github since pelle's original addition of the feature seemed to cause issues. http://github.com/gaizka/authlogic%5Fopenid http://stackoverflow.com/questions/1476953/using-authlogic-to-auto-create-users-bypassing-explicit-user-registeration This one works fine however when using the auto_register feature it ignores my options for authlogic such as retrieving the email from the openid provider... any ideas what I'm doing wrong? Hhere's the example: http://big-glow-mama.heroku.com/ http://github.com/holden/authlogic_openid_selector_example/tree/with-facebook/ You can see the difference if you register vs. login... #user.rb class User < ActiveRecord::Base acts_as_authentic do |c| c.validate_login_field = false # optional, but if a user registers by openid, he should at least share his email-address with the app c.validate_email_field = false # fetch email by ax c.openid_required_fields = [:email,"http://axschema.org/contact/email"] #c.required_fields = ["http://axschema.org/contact/email"] # fetch email by sreg #c.optional_fields = ["email"] end #private method to deal with emails goes here end #UserSession.rb class UserSession < Authlogic::Session::Base auto_register logout_on_timeout true end

    Read the article

  • Does it make sense to implement OAuth for a 2 party system?

    - by nbv4
    I'm under the impression that OAuth is for authentication between three parties. Does it make sense to implement OAuth in a context where there is just a client and server. We have a server, and a client (HTML/javascript). Currently we authenticate via the normal "post credentials to server, get a cookie, use cookie to authenticate all subsequent requests" method. Will implementing OAuth be a benefit in this situation?

    Read the article

  • [Rails] OAuth with Digg API

    - by Karl
    I'm attempting to get Rails to play nice with the Digg API's OAuth. I'm using the oauth gem (ruby one, not the rails one). My code looks approximately like this: @consumer = OAuth::Consumer.new(API_KEY, API_SECRET, :scheme => :header, :http_method => :post, :oauth_callback => "http://locahost:3000", :request_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken', :access_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getAccessToken', :authorize_url => 'http://digg.com/oauth/authorize') @request_token = @consumer.get_request_token session[:request_token] = @request_token.token session[:request_token_secret] = @request_token.secret redirect_to @request_token.authorize_url Which is by-the-book in terms of what the gem documentation gave me. However, Digg spits a "400 Bad Request" error back at me when @consumer.get_request_token is called. I can't figure out what I'm doing wrong. Any ideas?

    Read the article

  • [Rais] OAuth with Digg API

    - by Karl
    I'm attempting to get Rails to play nice with the Digg API's OAuth. I'm using the oauth gem (ruby one, not the rails one). My code looks approximately like this: @consumer = OAuth::Consumer.new(API_KEY, API_SECRET, :scheme => :header, :http_method => :post, :oauth_callback => "http://locahost:3000", :request_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getRequestToken', :access_token_url => 'http://services.digg.com/1.0/endpoint?method=oauth.getAccessToken', :authorize_url => 'http://digg.com/oauth/authorize') @request_token = @consumer.get_request_token session[:request_token] = @request_token.token session[:request_token_secret] = @request_token.secret redirect_to @request_token.authorize_url Which is by-the-book in terms of what the gem documentation gave me. However, Digg spits a "400 Bad Request" error back at me when @consumer.get_request_token is called. I can't figure out what I'm doing wrong. Any ideas?

    Read the article

  • Problem with sessions subdomains and authlogic in Rails.

    - by Alfred Nerstu
    I've got a rails app with authlogic authentication and a username.domain.com structure built with subdomain-fu. But my session breaks when going from domain.com to username.domain.com. I've tried to add config.action_controller.session = {:domain => '.localhost:3000'} to my development.rb but that seams to break authlogic disabling sign out/sign in. Any suggestions on what to do? Thanks in advance!

    Read the article

  • authlogic - do I still need Rails sessions?

    - by tg
    Hi, I'm a newbie to Rails and am starting a new project that uses AuthLogic. I'm just a little confused about whether AuthLogic provides everything I need to store session state, or whether I still have to include the Rails mechanism (rake db:sessions:create). Thanks! T

    Read the article

  • Rails Authlogic - no documentation about SingleAccessToken

    - by northox
    I been searching how to use the single access token in Authlogic but there is no consistent documentation on the web. Anyone knows how it work? Presently, I have this: class UserSession < Authlogic::Session::Base single_access_allowed_request_types = :all end And been using this url: www.mysite.com/?user_credentials=xyz but it does not work and the CSRF protection (protect_from_forgery()) is in the way too. thanks,

    Read the article

  • Performing client-side OAuth authorized Twitter API calls versus server side, how much of a difference is there in terms of performance?

    - by Terence Ponce
    I'm working on a Twitter application in Ruby on Rails. One of the biggest arguments that I have with other people on the project is the method of calling the Twitter API. Before, everything was done on the server: OAuth login, updating the user's Twitter data, and retrieving tweets. Retrieving tweets was the heaviest thing to do since we don't store the tweets in our database, so viewing the tweets means that we have to call the API every time. One of the people in the project suggested that we call the tweets through Javascript instead to lessen the load on the server. We used GET search, which, correct me if I'm wrong, will be removed when v1.0 becomes completely deprecated, but that really isn't a concern now. When the Twitter API has migrated completely to v1.1 (again, correct me if I'm wrong), every calls to the API must be authenticated, so we have to authenticate our Javascript requests to the API. As said here: We don't support or recommend performing OAuth directly through Javascript -- it's insecure and puts your application at risk. The only acceptable way to perform it is if you kept all keys and secrets server-side, computed the OAuth signatures and parameters server side, then issued the request client-side from the server-generated OAuth values. If we do exactly what Twitter suggests, the only difference between this and doing everything server-side is that our server won't have to contact the Twitter API anymore every time the user wants to view tweets. Here's how I would picture what's happening every time the user makes a request: If we do it through Javascript, it would be harder on my part because I would have to create the signatures manually for every request, but I will gladly do it if the boost in performance is worth all the trouble. Doing it through Ruby on Rails would be very easy since the Twitter gem does most of the grunt work already, so I'm really encouraging the other people in the project to agree with me. Is the difference in performance trivial or is it significant enough to switch to Javascript?

    Read the article

  • Authlogic Facebook find existing account

    - by pcasa
    Using Authlogic and Authlogic Facebook Connect. before_filter works great. Get name and facbook_uid saved in db. Only problem is that it saves a new record every time. Need help figuring out how to build some type of find_by_facebook_uid_or_create_user I have tried reading up on the API's for facebooker, but this is way over me. :( UPDATED - users_controller.rb def before_connect(facebook_session) self.firstname = facebook_session.user.first_name self.lastname = facebook_session.user.last_name self.persistence_token = reset_persistence_token end application_controller.rb before_filter :set_facebook_session helper_method :facebook_session

    Read the article

  • Yahoo OAuth implementation has no way to work offline

    - by Khash
    I need to download my Delicious bookmarks to a non-web application without constant user interaction. I'm using Delicious's V2 API (using oAuth) but the problem is it seems their access tokens expire after one hour. I don't have any issues with redirecting the user to Yahoo for a one time authorization, but what is described here (http://developer.yahoo.com/oauth/guide/oauth-refreshaccesstoken.html) means I would have to refresh my access tokens all the time before they expire when the user is away. Is this really the way they've done their oAuth implementation?

    Read the article

  • How do I store the OAuth v1 consumer key and secret for an open source desktop Twitter client without revealing it to the user?

    - by Justin Dearing
    I want to make a thick-client, desktop, open source twitter client. I happen to be using .NET as my language and Twitterizer as my OAuth/Twitter wrapper, and my app will likely be released as open source. To get an OAuth token, four pieces of information are required: Access Token (twitter user name) Access Secret (twitter password) Consumer Key Consumer Secret The second two pieces of information are not to be shared, like a PGP private key. However, due to the way the OAuth authorization flow is designed, these need to be on the native app. Even if the application was not open source, and the consumer key/secret were encrypted, a reasonably skilled user could gain access to the consumer key/secret pair. So my question is, how do I get around this problem? What is the proper strategy for a desktop Twitter client to protect its consumer key and secret?

    Read the article

  • authlogic in Rails

    - by Adnan
    Hello, I am using the authlogic gem for authentication. I have followed the steps at: http://railscasts.com/episodes/160-authlogic I have the following code: # config/environment.rb config.gem "authlogic" # models/user.rb acts_as_authentic # users_controller.rb def create @user = User.new(params[:user]) if @user.save flash[:notice] = "Registration successful." redirect_to root_url else render :action => 'new' end end def edit @user = current_user end def update @user = current_user if @user.update_attributes(params[:user]) flash[:notice] = "Successfully updated profile." redirect_to root_url else render :action => 'edit' end end # user_sessions_controller.rb def create @user_session = UserSession.new(params[:user_session]) if @user_session.save flash[:notice] = "Successfully logged in." redirect_to root_url else render :action => 'new' end end def destroy @user_session = UserSession.find @user_session.destroy flash[:notice] = "Successfully logged out." redirect_to root_url end # application_controller.rb filter_parameter_logging :password helper_method :current_user private def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session = UserSession.find end def current_user return @current_user if defined?(@current_user) @current_user = current_user_session && current_user_session.record end # config/routes.rb map.login "login", :controller => "user_sessions", :action => "new" map.logout "logout", :controller => "user_sessions", :action => "destroy" I got it all working, except I would like to have a user_id in session so I can track which user posted which post, where should I set it?

    Read the article

  • Associate new Authlogic Model to existing Models

    - by BriteLite
    Hello, While playing around with Rails (since I am a newbie) while reading Agile Rails book I came across an issue using the Gem Authlogic that I don't know how to address. I have a simple business Model. The tables store the following information: Name, Address, Latitude, and Longitude. The above approach has been working fine, because using the console I can enter the information and it shows up, where I need it to. My issue now is that I want to add authentication to it. As in assign those records in the table, to individual accounts. Since Authlogic is an authentication gem, can this be done? What I am trying to get to here is that, I enter a few records and leave it at that. Few days later, I want to assign those individual rows in the table to an authlogic model so the person to whom the record should belong can authenticate to it and make changes. Any code samples, blog posts to better help me understand would be great! Thank You.

    Read the article

  • Error installing php extension OAuth via pecl

    - by hookedonwinter
    I'm trying to install the php extension OAuth in my local environment. php.net suggests it's super easy. You just run pecl install oauth. I tried this, and here is the output in terminal: downloading oauth-1.0.0.tgz ... Starting to download oauth-1.0.0.tgz (42,834 bytes) ............done: 42,834 bytes 6 source files, building running: phpize grep: /usr/include/php/main/php.h: No such file or directory grep: /usr/include/php/Zend/zend_modules.h: No such file or directory grep: /usr/include/php/Zend/zend_extensions.h: No such file or directory Configuring for: PHP Api Version: Zend Module Api No: Zend Extension Api No: Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF environment variable. Then, rerun this script. ERROR: `phpize' failed Any tips on how to fix the errors and install OAuth succesfully? Thanks!

    Read the article

  • OAuth java implementation, oauth_callback missing

    - by l245c4l
    Hey, My problem is I get error while trying to get request token from Yahoo. The error says Im missing oauth_callback parameter and yes I miss it because I dont need it. Ive read I need to set it to "oob" value if I dont want to use it(desktop app). And I did that but to no avail. If I set it to null the same happens. Im using OAuth for java: http://oauth.googlecode.com/svn/code/java/core/ OAuthServiceProvider serviceProvider = new OAuthServiceProvider("https://api.login.yahoo.com/oauth/v2/get_request_token", "https://api.login.yahoo.com/oauth/v2/request_auth", "https://api.login.yahoo.com/oauth/v2/get_token"); OAuthConsumer consumer = new OAuthConsumer("oob", consumerKey, consumerSecret, serviceProvider); OAuthAccessor accessor = new OAuthAccessor(consumer); OAuthClient client = new OAuthClient(new HttpClient4()); OAuthMessage response = client.getRequestTokenResponse(accessor, OAuthMessage.POST, null); System.out.println(response.getBodyAsStream());

    Read the article

  • Delicious API and Yahoo oAuth in .NET

    - by Khash
    The fact that Delicious has two sets of API authentications one with username and password and one with oAuth told me something about things I was going to experience and I wasn't wrong. Unfortunately I have to deal with both APIs now and am unsuccessful getting through the first hurdle of API v2 (Yahoo oAuth). Here is a code snippet (I'm using OpenSocial in this example http://code.google.com/p/opensocial-net-client) public static string GetRequestToken(string callbackUrl) { string normaluri; string normaluriparam; OAuthBase oAuth = new OAuthBase(); string nonce = oAuth.GenerateNonce(); string timeStamp = oAuth.GenerateTimeStamp(); string sig = oAuth.GenerateSignature(new Uri(TOKEN_URL), ConfigurationManager.AppSettings[CONSUMER_KEY], ConfigurationManager.AppSettings[SECRET_KEY], string.Empty, string.Empty, "GET", timeStamp, nonce, OAuthBase.SignatureTypes.HMACSHA1, out normaluri, out normaluriparam); sig = HttpUtility.UrlEncode(sig); string result = HttpClient.Get(TOKEN_URL, new { oauth_nonce = nonce, oauth_timestamp = timeStamp, oauth_consumer_key = ConfigurationManager.AppSettings[CONSUMER_KEY], oauth_signature_method = "HMAC-SHA1", oauth_signature = sig, oauth_version = "1.0", oauth_callback = callbackUrl }); return result; } It seems it doesn't matter if I follow instructions at http://delicious.com/help/oauthapi myself of leave it to OpenSocial, I get an "401 Unauthorized" from the server with no further info. I can see many people have the same issue but couldn't find any resolution.

    Read the article

  • OAuth with Google Reader API using Objective C

    - by Dylan
    I'm using the gdata OAuth controllers to get an OAuth token and then signing my requests as instructed. [auth authorizeRequest:myNSURLMutableRequest] It works great for GET requests but POSTs are failing with 401 errors. I knew I wouldn't be able to remain blissfully ignorant of the OAuth magic. The Google Reader API requires parameters in the POST body. OAuth requires those parameters to be encoded in the signature like they were on the query string. It doesn't appear the gdata library does this. I tried hacking it in the same way it handles the query string but no luck. This is so difficult to debug as all I get is a 401 from the Google black box and I'm left to guess. I really want to use OAuth so I don't have to collect login credentials from my users but I'm about to scrap it and go with the simpler cookie based authentication that is more mature. It's possible I'm completely wrong about the reason it's failing. This is my best guess. Any suggestions for getting gdata to work or maybe an alternative iphone friendly OAuth library?

    Read the article

  • Having problems with uploading photos to TwitPic using OAuth in Objective C on the iPhone

    - by M. Bedi
    I have been working on an iPhone app that has a feature of uploading photos to TwitPic. I have it working with basic authentication. I am trying to get it working with OAuth. I am getting authentication errors. I have studied very carefully the TwitPic documentation. I am authorising the app by displaying a UI Web View and the it returns a PIN value. I enter the PIN value in the app and request the token. I am able to upload status updates to Twitter but not photos. My code is based on some example code from here: Example iPhone app using OAuth Here is my code: NSString *url = @"http://api.twitpic.com/2/upload.json"; NSString *oauth_header = [oAuth oAuthHeaderForMethod:@"POST" andUrl:url andParams:nil]; NSLog(@"OAuth header : %@\n\n", oauth_header); ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:url]]; [request addRequestHeader:@"User-Agent" value:@"ASIHTTPRequest"]; request.requestMethod = @"POST"; [request addRequestHeader:@"X-Auth-Service-Provider" value:@"https://api.twitter.com/1/account/verify_credentials.json"]; [request addRequestHeader:@"X-Verify-Credentials-Authorization" value:oauth_header]; NSData *imageRepresentation = UIImageJPEGRepresentation(imageToUpload, 0.8); [request setData:imageRepresentation forKey:@"media"]; [request setPostValue:@"Some Message" forKey:@"message"]; [request setPostValue:TWITPIC_API_KEY forKey:@"key"]; [request setDelegate:self]; [request setDidFinishSelector:@selector(requestDone:)]; [request setDidFailSelector:@selector(requestFailed:)]; [request start]; Here is the OAuth Header: OAuth realm="http://api.twitter.com/", oauth_timestamp="1275492425", oauth_nonce="b686f20a18ba6763ac52b689b2ac0c421a9e4013", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="zNbW3Xi3MuS7i9cpz6fw", oauth_version="1.0", oauth_token="147275699-jmrjpwk3B6mO2FX2BCc9Ci9CRBbBKYW1bOni2MYs", oauth_signature="d17HImz6VgygZgbcp845CD2qNnI%3D"

    Read the article

  • Gmail IMAP OAuth for desktop clients

    - by Sabya
    Recently Google announced that they are supporting OAUth for Gmail IMAP/SMTP. I browsed through their multiple documentations, but still I am confused about if they support OAuth for installed applications. 1. In this documentation they say: Note: Though the OAuth protocol supports the desktop/installed application use case, Google only supports OAuth for web applications. But they also have a document for OAuth for installed applications. 2. When I read the OAuth specification pointed by them, it says (in section 11.7): In many applications, the Consumer application will be under the control of potentially untrusted parties. For example, if the Consumer is a freely available desktop application, an attacker may be able to download a copy for analysis. In such cases, attackers will be able to recover the Consumer Secret used to authenticate the Consumer to the Service Provider. Also I think the disclaimer in point 1 above is about Google Data APIs, and surely IMAP/SMTP is not a part of them. I understand that for installed applications I can have a setup like: Have a small web-app at say example.com for my application. This web-app talks to Google gets the access token. The installed application talks to example.com only to get the access token. Installed application then talks to Google with the access token. I am now confused. Is this the only way?

    Read the article

  • Facebook Oauth Logout

    - by Derek Troy-West
    I have an application that integrates with Facebook using Oauth 2. I can authorize with FB and query their REST and Graph APIs perfectly well, but when I authorize an active browser session is created with FB. I can then log-out of my application just fine, but the session with FB persists, so if anyone else uses the browser they will see the previous users FB account (unless the previous user manually logs out of FB also). The steps I take to authorize are: Call [LINK: graph.facebook.com/oauth/authorize?client_id...] This step opens a Facebook login/connect window if the user's browser doesn't already have an active FB session. Once they log-in to facebook they redirect to my site with a code I can exchange for an oauth token. Call [LINK: graph.facebook.com/oauth/access_token?client_id..] with the code from (1) Now I have an Oauth Token, and the user's browser is logged into my site, and into FB. I call a bunch of APIs to do stuff: i.e. [LINK: graph.facebook.com/me?access_token=..] Lets say my user wants to log out of my site. The FB terms and conditions demand that I perform Single Sign Off, so when the user logs out of my site, they also are logged out of Facebook. There are arguments that this is a bit daft, but I'm happy to comply if there is any way of actually achieving that. I have seen suggestions that: A. I use the Javascript API to logout: FB.Connect.logout(). Well I tried using that, but it didn't work, and I'm not sure exactly how it could, as I don't use the Javascript API in any way on my site. The session isn't maintained or created by the Javascript API so I'm not sure how it's supposed to expire it either. B. Use [LINK: facebook.com/logout.php]. This was suggested by an admin in the Facebook forums some time ago. The example given related to the old way of getting FB sessions (non-oauth) so I don't think I can apply it in my case. C. Use the old REST api expireSession or revokeAuthorization. I tried both of these and while they do expire the Oauth token they don't invalidate the session that the browser is currently using so it has no effect, the user is not logged out of Facebook. I'm really at a bit of a loose end, the Facebook documentation is patchy, ambiguous and pretty poor. The support on the forums is non-existant, at the moment I can't even log in to the facebook forum, and aside from that, their own FB Connect integration doesn't even work on the forum itself. Doesn't inspire much confidence. Ta for any help you can offer. Derek ps. Had to change HTTPS to LINK, not enough karma to post links which is probably fair enough.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >