retaining a session across redirect - a retooling of yesterday's question..

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

retaining a session across redirect - a retooling of yesterday's question..

sergio_101
okay, so i have verified a few things about my components. mainly,
that if i set a value for a session variable on initialization of the
component, the value sticks, so this is not the problem..

the problem lies in the way i have to authenticate via facebook.

here's how the authentication works:

1. facebook loads my app via an iframe.
2. if the user has not authorized my app, i redirect to facebok's
   oauth page.
3. if the user authorized the app, facebook forwards the user to the
   url i provide in the redirect. when it does this, it sends a POST
   with my oauthToken.

here's how i am doing this...

in SBMain's renderConententOn method, i check the session for
oauthToken.
if it doesn't exist, i render a method:

renderAuthorizeCheckOn: html
   html
     html:
         '<script>window.top.location.href
        ="https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=http://APP_URL&scope=user_about_me";</script>'

once this has been accepted, i process the POST, and set my session
variables.. then, it continues with the render cycle..

inside the method that sets the session's oauthToken variable, the
values of the session check out i can indeed inspect the session and the
instance var, and it is set.

once the user is redirected back to my app (via the url sent over in
the renderAuthorizeCheckOn method, the app is loaded up again, but
this time, it has no session.

so, i think at this point, i need to figure out how to make sure that
once the app is hit by a user via facebook (and iframe), is redirected
to facebook for authorization, and then redirected back to my app,
that my app uses the same session for the entire interaction.

anyone have any ideas?

thanks!


--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: retaining a session across redirect - a retooling of yesterday's question..

Jon Paynter-2


On Thu, Oct 4, 2012 at 8:32 AM, sergio_101 <[hidden email]> wrote:
okay, so i have verified a few things about my components. mainly,
that if i set a value for a session variable on initialization of the
component, the value sticks, so this is not the problem..

the problem lies in the way i have to authenticate via facebook.

here's how the authentication works:

1. facebook loads my app via an iframe.
2. if the user has not authorized my app, i redirect to facebok's
   oauth page.
3. if the user authorized the app, facebook forwards the user to the
   url i provide in the redirect. when it does this, it sends a POST
   with my oauthToken.

here's how i am doing this...

in SBMain's renderConententOn method, i check the session for
oauthToken.
if it doesn't exist, i render a method:

renderAuthorizeCheckOn: html
   html
     html:
         '<script>window.top.location.href
        ="https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=http://APP_URL&scope=user_about_me";</script>'

once this has been accepted, i process the POST, and set my session
variables.. then, it continues with the render cycle..

inside the method that sets the session's oauthToken variable, the
values of the session check out i can indeed inspect the session and the
instance var, and it is set.

once the user is redirected back to my app (via the url sent over in
the renderAuthorizeCheckOn method, the app is loaded up again, but
this time, it has no session.

so, i think at this point, i need to figure out how to make sure that
once the app is hit by a user via facebook (and iframe), is redirected
to facebook for authorization, and then redirected back to my app,
that my app uses the same session for the entire interaction.

anyone have any ideas?

What parameters are available from facebook?  is there a way to add a custom token/value/etc to post you get back from facebook?  If so, you can use that to look up the correct user session.  Or is there some existing facebook-user value you can use for a lookup?

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: retaining a session across redirect - a retooling of yesterday's question..

sergio_101
> What parameters are available from facebook?  is there a way to add a custom
> token/value/etc to post you get back from facebook?  If so, you can use that
> to look up the correct user session.  Or is there some existing
> facebook-user value you can use for a lookup?

oh! this might be the way to do it.. i would imagine you could add
some params on the end of the url..

i also get a userId back on a successful authorization..

maybe i can set the userId on the session..

then, i could do something like:

SBSession allInstances select [ :session | session userId = 'THE_CORRECT_ID' ]

this might work, too..

--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: retaining a session across redirect - a retooling of yesterday's question..

Jon Paynter-2


On Thu, Oct 4, 2012 at 10:17 AM, sergio_101 <[hidden email]> wrote:
> What parameters are available from facebook?  is there a way to add a custom
> token/value/etc to post you get back from facebook?  If so, you can use that
> to look up the correct user session.  Or is there some existing
> facebook-user value you can use for a lookup?

oh! this might be the way to do it.. i would imagine you could add
some params on the end of the url..

i also get a userId back on a successful authorization..

maybe i can set the userId on the session..

then, i could do something like:

SBSession allInstances select [ :session | session userId = 'THE_CORRECT_ID' ]


well allInstances can be unreliable -- especially if the user is trying to login many times, and in some cases very slow.  maybe something like:
SBSession pendingUsers at: fbUserId put: session.

then later on:

self session: (SBSession pendingUsers at: fbUserId).

But it sounds like your on the right track


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: retaining a session across redirect - a retooling of yesterday's question..

sergio_101
> self session: (SBSession pendingUsers at: fbUserId).
>

oh! i like this better..

i am getting more and more of the hang of this now..

i think my problem was..

i went from c.. to c++ .. to php (for web apps).. to ruby(for rails)...

and never lived in an environment that treated objects like objects,
and bossed them around..

--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: retaining a session across redirect - a retooling of yesterday's question..

fstephany
Can't you build the 'redirect_uri' so it that it redirects the user to
an URL which work with the session?

https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=http://APP_URL&scope=user_about_me"

You can register a callback like this:
redirectUri := html urlForAction: [self displaySuccess].

Facebook will then redirect the user to your application in which the
callback 'displaySuccess' will be executed.

Does that help?

On 04/10/12 11:05, sergio_101 wrote:

>> self session: (SBSession pendingUsers at: fbUserId).
>>
>
> oh! i like this better..
>
> i am getting more and more of the hang of this now..
>
> i think my problem was..
>
> i went from c.. to c++ .. to php (for web apps).. to ruby(for rails)...
>
> and never lived in an environment that treated objects like objects,
> and bossed them around..
>

--
http://tulipemoutarde.be
CA: +1 778 558 3225
BE: +32 65 709 131
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: retaining a session across redirect - a retooling of yesterday's question..

sergio_101
> Can't you build the 'redirect_uri' so it that it redirects the user to an
> URL which work with the session?
>
> https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=http://APP_URL&scope=user_about_me"
>
> You can register a callback like this:
> redirectUri := html urlForAction: [self displaySuccess].
>

thanks, francois..

unfortunately, the redirect url is a url that facebook uses internally..

it looks like

http://apps.facebook.com/app_name/

.. not an internal url

but BOY am i glad i now know about UrlForAction.. that will come in
handy, i say!


--
----
peace,
sergio
photographer, journalist, visionary

http://www.ThoseOptimizeGuys.com
http://www.CodingForHire.com
http://www.coffee-black.com
http://www.painlessfrugality.com
http://www.twitter.com/sergio_101
http://www.facebook.com/sergio101
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside