Ueberauth social media login on server usage on client

benonymus · July 17, 2019, 12:13pm

Hey there,

I added social media logins (fb, g) and here is the flow
user click on login with fb button on client and calls /auth/facebook
gets redirected to facebook logs in
response from facebook comes to the backend to /auth/facebook/callback
i create a user and log him in
and send the user back in the json response as with the normal login
but the problem is that with the response the client is not on the original page, but on a link to the backend
how can this be done in a way that the user stays on the client page?

wolfiton · July 17, 2019, 12:19pm

Hey,

Please calrify this:

So you are using phoenix in api mode?

What client are you using react vue angular ember?

Or are you using phoenix with views ?

benonymus · July 17, 2019, 12:22pm

The client is vue but would also be an ios and android
I am using phoenix with json views

wolfiton · July 17, 2019, 12:24pm

I think you will have to redirect the user your desired page after the login.

Also are you using absinthe?

benonymus · July 17, 2019, 12:27pm

no i don’t
but the problem is the redirect, I am sending a json response, with the logged in user
but it shows up in the browser as a page of json from a link that points to the server from facebook or google and looks like this:

http://localhost:4000/auth/google/callback?code=4/idsaasGUxia0zA-zJpyJuR3Rl4FI9p6QV7cIH155gEJ4SXFbQmCpGi0dTcwYOuhzBfR0R80zlGB78KQSH9pV3nwc&scope=email+profile+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile&authuser=0&session_state=94ec4fa79800647bedfe1ab561ef53f771ef6831..3638&prompt=none

wolfiton · July 17, 2019, 12:29pm

Can you share some code on where you think is the problem, maybe where you create a the login and also the mix.exs file to see what packages you are using?

benonymus · July 17, 2019, 12:35pm

maybe i was not clear, the problem is to how to get back to the client page at the end instead of landing on the page of the server.
I don’t know how to tackle the issue

  def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
    user = basic_info(auth)

    with(
      resource = %User{} <-
        get_or_create_user(user),
      {:ok, token, _} <-
        Guardian.encode_and_sign(
          resource,
          %{},
          key: :user,
          permissions: %{user: GPermissions.max()}
        )
    ) do
      resource = Accounts.add_categories_from_settings(resource)

      unread_uninteracted_invitations_counts =
        Notifications.return_unread_uninteracted_invitations_counts(resource)

      conn
      |> put_status(200)
      |> put_view(AuthView)
      |> render(
        "logged_in.json",
        message: "Logged in!",
        token: token,
        user: resource,
        notis: unread_uninteracted_invitations_counts
      )
    else
      _ ->
        conn
        |> put_status(401)
        |> put_view(ErrorView)
        |> render("401.json", message: "Failed to authenticate.", errors: nil)
    end
  end

it is working as expected all, just that is it possible and if yes how to end up back on the client page

deps:

`      {:postgrex, "~> 0.14"},
      {:ecto, "~> 3.0.9"},
      {:comeonin, "~> 5.1"},
      {:argon2_elixir, "~> 2.0"},
      {:ueberauth, "~> 0.5"},
      {:ueberauth_identity, "~> 0.2"},
      {:guardian, "~> 1.2"},
      {:guardian_db, "~> 2.0"},
      {:arc, "~> 0.11"},
      {:arc_ecto, "~> 0.11"},
      {:trans, "~> 2.0"},
      {:hashids, "~> 2.0"},
      {:csv, "~> 2.0"},
      {:ex_aws, "~> 2.0", override: true},
      {:ex_aws_s3, "~> 2.0"},
      {:ex_aws_sns, "~> 2.0"},
      {:ex_aws_ses, "~> 2.0"},
      {:poison, ">= 1.2.0"},
      {:jason, "~> 1.1"},
      {:hackney, "~> 1.9"},
      {:sweet_xml, "~> 0.6"},
      {:word_smith, "~> 0.1.0"},
      {:timex, "~> 3.4"},
      {:ex_phone_number, "~> 0.1"},
      {:quantum, "~> 2.3"},
      {:gettext, "~> 0.14"},
      {:elixir_uuid, "~> 1.2"},
      {:ecto_autoslug_field, "~> 1.0"},
      {:ueberauth_google, "~> 0.8"},
      {:ueberauth_facebook, "~> 0.8"},
      {:bypass, "~> 1.0", only: :test}`

wolfiton · July 17, 2019, 12:38pm

Let;s try this

Instead of render replace with redirect(to: “/”)

conn
      |> put_status(200)
      |> put_view(AuthView)
      |> redirect(to: "/")

This should redirect on succesfull auth to the / home page.

benonymus · July 17, 2019, 12:41pm

well that is something, but we are not really ahead with that because we are still in the realm of the server, this would take us to the homepage of the server, not the client, and no user anymore obviously

wolfiton · July 17, 2019, 12:43pm

Can vue read the json from your backend in a component?

Do you see them connected?

Also i assume that your vue is on :8080 and your server on 4000 ports?

benonymus · July 17, 2019, 12:48pm

they are on separate hosts, not connected
for this: Can vue read the json from your backend in a component?
i am not sure, i am not working on the vue project, but I am sending the exact same response in the usual login flow and there are no problem there at all, the issue here seems to be that because the facebook login opens in the same window as the app it doesnt get back to the app/client

wolfiton · July 17, 2019, 12:51pm

Vue is a client so it should have a direct communication with your server.

One other idea is to consume your json render pages with axios that will be place in Vue.

benonymus · July 17, 2019, 12:55pm

ah you meant connected like that, then yes it is connected
axios is being used already in the project, but the problem is that we are technically not in the client anymore, because we are on the facebook page

wolfiton · July 17, 2019, 1:00pm

Are you a backend dev also have a frontend team mate?

If so, the vue axios should get data from the server then take over and display the page on the client, which in this case it doesn’t so something is fishy here.

Also to make our lives easier let’s do this

Did you created the project using the api mode for phoenix?

Like this mix phx.new app_name --no-webpack --no-html

benonymus · July 17, 2019, 1:04pm

yes I am the backend dev, the frontend guy gave up on this solution and wants to implement the oauth on the clients at this point
I did no create the project, it is an umbrella project, this sub-project doesnt have any html stuff in it, the whole project does

benonymus · July 17, 2019, 1:16pm

ok here is something you can try with google login,
https://acc-backend.dotooapp.com/auth/google
this is the url that is being called by the client, and if you log in you can see the response, in your browser,
but he seems to struggle to take this response and get back to the client because the login page opens in the place of the client page

wolfiton · July 17, 2019, 1:17pm

When i visit that page i get this error in the console
Unchecked runtime.lastError: The message port closed before a response was received.

benonymus · July 17, 2019, 1:18pm

maybe it is geo-locked, because it is for testing, we are in the netherlands

wolfiton · July 17, 2019, 1:18pm

I am also in europe

You should take a look at this https://www.freecodecamp.org/news/authentication-using-elixir-phoenix-f9c162b2c398/

benonymus · July 17, 2019, 1:23pm

I don’t know if you tried, but when you set up your apps in google or facebook, the redirect from there where should that point to?