Facebook login without Valid OAuth redirect URIs -


this not wildcard domains. it's need add different domains valid oauth redirect uris on facebook login.

we have web app our clientes can setup own custom domain (example.com, xyz.net, etc). don't know domains used.

on facebook have single app takes care of facebook login. seems need whitelist every domain uses fb login.

adding domains manually not option. options have?

thanks.

the simplest solution can think of use intermediate identity service lax redirect uri validation. there good discussion of approach , of security concerns in relation identityserver4.

i have used custom redirect uri validation identity service before restrictive cases 1 of exploited vulnerabilities in oauth flow. flexibility need weaken security considerably.

to implement in identityserver4 set facebook authentication on identity server , register identity server's address facebook. create clients represent new domains. single client (making things more insecure still) or add way clients register identity server (for instance dynamic client registration).

when client wants connect facebook use open id connect connect identity server communicate facebook. in identityserver4 client add middleware useopenidconnectauthentication (see here example).

long story should can resolve issue using intermediate identity service. identity service url needs registered facebook , clients register identity service have control over.

with great power comes great responsibility though. taking path of least effort lead solution lowers security considerably. enforcing secure dynamic registration identity service such dynamic client registration protocol allow use single strict redirect uri per client , make system secure can reasonably it.


Comments

Post a Comment

Popular posts from this blog

Command prompt result in label. Python 2.7 -

i want put result(output) of shell command label. command works, label shows "0", however, in command prompt, result shown correctly, need showed in label. doing ubuntu. myg1 = button(root, text="rodyti informacija", command=lambda: gauti()) myg1.pack(side=bottom) def gauti(): imti = tekstas.get("1.0", "end-1c") info = subprocess.call("id '{imti}' ".format(imti=imti), shell=true) w = label(root, text= info) w.pack(side = bottom) subprocess.call() returns exit code of process created (in case 0 success). if want text output of process, should instead call subprocess.check_output() .
Read more

javascript - How do I use URL parameters to change link href on page? -

i change href value of link using url parameters. example: default <a id="dlink" href="link-1">link</a> but, when user goes https://url.com/?dlink=link-2 it swaps out link new link <a id="dlink" href="link-2">link</a> first need value url. if you're not using javascript framework can create function using jquery. please check get url parameter jquery or how query string values in js it. after that, element "a" id , set value there. $("#dlink").attr("href", hreffromparam);
Read more

amazon web services - AWS Route53 Trying To Get Site To Resolve To www -

so have domain nameservers pointed aws route 53. site hosted on ec2 instance , reachable resolves site.com, if input www.site.com. i'm curious how site resolve www.site.com. have under route53 domains hosted zone 2 additional record sets outside of ns , soa: a site.com ec2 elastic ip cname www.site.com ec2 public dns i can reach site using both site.com , www.site.com, resolve site.com. there way make if enter either, resolves www.site.com? at first, both should record set. a site.com ec2 elastic ip www.site.com ec2 elastic ip and need redirect setting in web server (nginx, apache, ..) following. (source: how redirect www non-www nginx on centos 7 ) redirect non-www www if want redirect users plain, non-www domain www domain, add server block: server { server_name example.com; return 301 $scheme://www.example.com$request_uri; } save , exit. configures nginx redirect requests "example.com" "www.example.com". not
Read more