and then in `run` method of your app you added `auth.hookEvents()`?
Chilly9000
ah no I onlly have loginUrl: 'access.signin' in authProvider
gonto
so loginUrl is for ngRoute
loginState is for ui-router
Chilly9000
yeah I use ngRoute
gonto
oh ok
you use ngRoute?
Chilly9000
I also have requiresLogin and auth.hookEvents in .run
gonto
but ngRoute doesn't work with $stateChangeStart
as you've shown me before
$stateChangeStart that is from ui-router
not ngRoute
Chilly9000
sorry i messed it up
i have ui-router
so I have to configure loginState in authProvider
gonto
then
loginState: 'your.login.state'
yeah
Chilly9000
Ok works like a charm sorry for the confusion I mixed up the docs
gonto
No problem :grinning:
Chilly9000 has quit
woloski has quit
reallyseth__ joined the channel
reallyseth___ joined the channel
woloski joined the channel
reallyseth__ has quit
woloski has quit
francoismart joined the channel
francoismart
hi is there someone .
jfroma
francoismart: hi
francoismart
hello
If I'm connected to ADFS via refresh token on iOS
and in the IT dept
They change user's password or disable account or remove account from AD
What's up with next call to getDelegationToken with refresh token please ?
schenkel joined the channel
yenkel has quit
jfroma
francoismart: yes, that's an interesting question
mschoening has quit
you will remove all the refresh tokens from that user, via api or our dashboard... In the same way that you should expire all sessions and cookies for other applications using adfs directly
Gutemberg joined the channel
Gutemberg
Hello guys
I need help with something that maybe is a bug
lets say I'm using using Widget to log in on a asp.net site
it authenticates fine with facebook/twitter and, an account is created on auth0 for that user without problem
iaco1
hey gutemberg
Gutemberg
now, I need link this account with another
hi @iaco1
and
when I'm linking with widget, it dont validates if the account I'm trying to link is already another user(or linked to another user)...
so, how can I validate if that second account is already a real user on our app before effectively link the account?
iaco1
what do you mean with "real user" ?
Gutemberg
let me try explain better
francoismart
@jfroma thanks
Gutemberg
user A is a Facebook account... user B is a Twitter account
iaco1
ok
Gutemberg
both has logged in successfully with widget by thenselves...
iaco1
ok
Gutemberg
now, logged with user A on Facebook, I call the widget again, and this time, when widget asks for login with the other social network account I wish to add(in this case B on twitter), auth0 dont validates that account B is already a user on the system, and just link the account B to account A as a new identity...
my question is, is there a way to validate if the account B, twitter, is already an account inside auth0?
because, right after a log with the account B on twitter for the link on widget, it just link the account with the account A without any confirmation...
yes but, if there is a user already using the account B, I can't just link the account... it will broke my system... 'cause we depend on your authentication and user maintenance logic...
iaco1
if you dont want link account, just dont include that option
Gutemberg
the point is, I need to check if the account being linked, in this case account B, is already on my database, if yes, I dont want link, if no, than we can link
i need intercept this link process...
in order to identify the user B, I have to login on twitter so I can at least have the user ID
but calling the widget for link, just link, dont give me a confirmation...
iaco1
give me a moment please
Gutemberg
ok
iaco1
you can't intercept the link process, because Auth0 rules are executing after linking, but let me think another solution
Gutemberg
oh god dont tell me that... It is crucial for us :( we moved the whole authentication to auth0, following the suggestions to use auth0 own DB instead of our custom SQL... if I can't do that I'm screwed :(
iaco1
we are thinking another solution…
Gutemberg
k
iaco1
give me a moment please
Gutemberg
sure thanks
iaco1
possible solution: you could set a flag in your user B (like user.dont_link: true) and we could avoid the link process is user has that flag
Gutemberg
how could I set that flag?
reallyseth___ has quit
at the creation time?
iaco1
whatever you want, at the creation time or using the users API
PATCH /api/users/{user_id}/metadata
Gutemberg
metadata user.dont)_link: true? just it?
iaco1
yes, like blocked flags
Gutemberg
hummm
undersdood
iaco1
what do you think? it's just a possible approach
Gutemberg
and what will be returned by the widget when the user try to link to an account that can't be linked 'cause it has this attribute set?
(just remembering that in this application, we dont have user/pass, it is just facebok+twitter logins)
iaco1
if you are specifying access_token option and user.avoid_link === true -> link is ignored and user is authenticated ignoring the access_token option
public async Task<ActionResult> LinkNewAccount(string code)
{
var business = new AccountBusiness();
await business.Login(refresh: true);
return RedirectToAction("Index");
}
this is the action on my controller for the linking action callback on widget
so
all I do when a user link an account on auth0 is, get the UserProfile object inside the Login() method and get the new linked account from the identities list of the userProfile to persist some data on my database...
the problem is, if I already had that same key (userId on social network + social network) in the database, I can't link it but, auth0 already linked him...
woloski joined the channel
I dont see where or how I can set the block on the auth0 object in that flow
ops, not block, not_link flag
iaco1
sorry but I dont understand your scenario… could you please explain me the common flow ? without code, just the user story
Gutemberg
ok lets try again
iaco1
is your app online?
Gutemberg
we have 2 users. User A (facebook) and B(twitter)... both already logged in, registered my system and they are separated accounts
yes
iaco1
ok, got it
Gutemberg
log in there, this is a test environment and the data will be erased soon as it got production
iaco1
ok
Gutemberg
so
mschoening joined the channel
if user A is logged in, click on link accounty, the widget opens
asking which account to link
iaco1
ok, let me try
Gutemberg
then we enter the user/pass for the account B from twitter
iaco1
ok
Gutemberg
auth0 will link the account without any warning of question informing "hey, user B is already an auth0 account... Do you wish integrate it?"