I have developed a test facebook app. Its working fine if I login and access it but if another user login and use the same app it creating error... what could be the issue.
Most likely you have the Application in Sandbox mode:
If enabled, only the developers of
your app will be able to sign in to
your app
You need to add that "other" user at least as a Tester in your Application's "Manage Users" section under the About tab.
More about access levels can be found here.
Related
I've created an application in https://apps.dev.microsoft.com (Platforms: Web)
This app needs the admin consent for certain permissions. I remember, in the past, accessing https://login.microsoftonline.com/{tenant name}/adminconsent?client_id={application id}&state={some state data}&redirect_uri={redirect uri} with an admin account in order to give permission to access resources in our organization that only an admin can grant. From there, users needed to give user-level consent in order to use the application.
Now, I can successfully login with an admin account and the app works as expected BUT I still get a prompt, for users, with the following message:
You can't access this application
APP NAME needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
Have an admin account? Sign in with that account
Return to the application without granting consent
The error message is: AADSTS90094: The grant requires admin permission. which doesn't seem to be documented anywhere..
If I click on the Have an admin account? Sign in with that account and sign in with an admin account, it works but trying again with a regular user account I get the above message again.
EDIT:
So I stripped permissions down to a bare minimum.
Scopes in my application are now: openid, profile, user.read
And Microsoft Graph Permissions are now, for Delegated Permissions: Mail.Send, User.Read. Nothing in Application Permissions and I STILL get the above message for regular users!
Anybody from Microsoft have some info on the AADSTS90094 error code?
OK, so I ended up contacting Microsoft support for this since, as of this date, there is no information on this error message.
To put it briefly, Microsoft has made some recent changes with regards to permissions. In the past, if your app required any of the openid, profile or offline_access, you could just place them in your app as scopes, they weren't available on https://apps.dev.microsoft.com. An admin would've given consent and your app would function properly.
What you should now do is mirror your app's scopes with the permissions you have on https://apps.dev.microsoft.com or else you'll keep on getting that error message so make sure you have the same thing on both sides now, especially if you're used to the old behavior.
Those three scopes/permissions (openid, profile and offline_access) can now be selected for your app on the dev portal.
The admin consent endpoint doesn't help in dynamic scope and dynamic consent scenario .
Using the admin consent endpoint will grant the permissions registered in the app registration portal . You can locate Microsoft Graph Permissions section, and then add the permissions that your app requires. After doing admin consent by using the admin consent endpoint , your app can gather permissions for all users in a tenant, including admin-restricted scopes .
I am using MSAL and the 2.0 endpoint (login.microsoft...), I am developing a Multi-Tenant Application.
My Organization has 2 Tenants
One of them is essentially our Dev instance (and I have global admin rights). I registered my app in the Tenant that I don't have Admin Rights on and performed Admin Consent for said app in the Tenant where I can perform the Consent myself. My users can Login Successfully and have consent to the resources they need.
However, when I created the App Registration (all Converged Apps on apps.dev.mic) from the account where I have global admin rights, the login for my users gets the AADSTS90094 Error.
The only way I've come to "resolve" this error is,
On Initial Login to the application the scope would be openid the user then consents to that, when that is completed I have to do another login with the scope defined for the application and everything works. Obviously that UX is wonky to say the least.
everyone!
In my app I want to have an abily to login from account in social networks as well as from accounts registered localy and have access to the same database on my server.
What I mean:
Scenario 1:
User pressed "login with facebook"
-> Get access to application features
Scenario 2:
User pressed "login with account registred localy on my server"
-> Get access to application features
If I login from local account then it's easy to check auth data and grant access.
If I login in my app from twitter for example and got their tokens, how could I use them to access data on my server?
I found information only about how to make local login using Passport or using social services using Socialite but not both at the same time.
Well, turns out, it's actually easy to implement using only Socialite with standart auth. I misunderstood the concept of oauth so there is no need for passport at all.
im developing a facebook app that at moment works fine for all tester users , but yesterday one of them removed it from the facebook menu and now the app does not works for him. i Think is a permission problem.
app permissions :
'email',
'user_location',
'read_stream',
'user_birthday',
'user_likes',
'public_profile
The app basically take the user posts and likes of the last year , and then it shows most relevant ones to the user.App developed with facebook PHP sdk.
Any idea? i can provide more info id needed.
When someone removes an app from their list of approved Facebook apps, it will stop working for them. That's the whole purpose of managing that list. All permissions are removed. They can authorize the app again, but until they do, it cannot get to their account.
The person could've also blocked your app by accident when doing this, as that's an option. If that's the case, they'll never see your app again. They'll have to go to their blocked apps area (under Security from anywhere on a Facebook web page) and unblock your app before they can reauthorize the app. If the app is not blocked, though, but not authorized, what you describe can still happen.
I developed a Facebook application in PHP. It was working fine.
Suddenly it stopped working for other users. When anybody is trying to access my Facebook application, it taking us to page https://www.facebook.com/4oh4.php and giving error "Page you requested was not found."
But same time if I am login, and I access my application, then it is working fine. I tried a lot to change the Facebook settings but nothing worked for me. There are three admins for my application.
Check the Sandbox Mode on Basic settings. If it is Enabled, users who doesn't have Administrators, Developers or Testers role can't access to see your application.
I've created a simple Facebook app that doesn't need any data/info from users. When I try to view the app on Facebook, it's requesting permission to access my personal info.
I want the app to display without this request, for both logged in and not logged in users.
What's the code to do this?
Edit with more info:
I have a working Facebook app which I want to leave alone, I've duplicated the apps code and created a new app through the Facebook dev area. I've changed the relevant App ID, API ID and Secrets throughout the code. The original app works without any permission needed, but my duplicated version for some reason requests permission.
Simple solution is to create the app in the developers area, do all the settings to an iframe and create the application path to your website. Now in your website remove all the PHP code related to FACEBOOK GRAPH API and let it be a simple website that is independent of facebook. This will make what you want.