Developer forum

Currently discussing: Plans to implement a Consent module for GDPR compliance.

Join the discussion!

Forum » CMS - Standard features » External Authentication

External Authentication

Adrian Ursu
Adrian Ursu
Reply

Hi guys,

I have a solution (pretty old 8.8.1.32) where I want to use the External Authentication functionality.

I have set up the login apps for both Google and Facebook and I am trying to to figure out how it shoudl work.

I have checked Create local account without showing the "Create new user" page but nothing happens. I am redirected to Facebook/Google, I am logging in (I have confirmed I have logged in in each of the platforms) but when I return to the site, it does not see me as a valid user. and I could not find anything in the Users section to prove that the user was created.

I have noticed that in 9.x branch, the above checkbox also requires adding a User group where the user has to be created. Is this a setting available also in 8.8.x branch? Can it be set up somewhere in the Global Settings?

Thank you,

Adrian 

Replies

 
Dmitriy Benyuk
Reply
This post has been marked as an answer

Hi Adrian,
you could check if the new user was created by looking into AccessUser and then AccessUserExternalLogin tables.
One note: you need to fill the field "Create new user page"

with a page that has a paragraph with Extranet/Intranet (Extended) module (UserManagementFrontendExtended/UserManagementFrontend) and has some groups selected in the "Groups for new users" section:

Once the user is authenticated by external provider it should be created in Dynamicweb(AccessUser table) and assigned to the groups selected on this module settings and his External login provider details should be stored in the AccessUserExternalLogin table.

Regards, Dmitrij

Votes for this answer: 1
 
Adrian Ursu
Adrian Ursu
Reply

Thank you Dmitrij,

It worked perfectly!

Maybe the documentation should be a bit more detailed to prevent this type of simple mistakes.

Thank you,

Adrian

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitrij,

I have come to the point where my above integration (with Facebook in this case) is supposed to work on the latest 9.4.

I have managed to authenticate to Facebook, and they seem to send some token back to the /signin-facebook page I have defined in our system.

In the forementioned page, I have an extranet module with a default create account template, everything set up just like in your image above.

However, nothing seems to happen. I mean, the system redirects to the page where the request was first made, but no users are created and therefore no login is happening.

I have tried both options of the External authentication. With and without "Show Create user account page".

One thing I have noticed in the link to facebook is that the link refferences API version 2.8 and the minimum version available in the app is 2.12 with a planned upgrade to 3.0 in August.

Could this be the cause?

Thank you,
Adrian

 
Adrian Ursu
Adrian Ursu
Reply

Apparently Google login does not work either.

I am using 9.4.14. Can this be a platform related bug or a setup related problem?

Thank you,

Adrian

 
Adrian Ursu
Adrian Ursu
Reply

Just as a suggestion for avoiding future questions like this, even if there are things missing from the documentation, maybe including this basic setup in a sample, public version of Rapido will help.

Thank you,

Adrian

 
Dmitriy Benyuk
Reply

Hi Adrian,

In your "Create new user page" page you need to edit the template:

Here it is called "CreateAccount.cshtml":
Replace:
<form name="UserManagementEditForm" id="UserManagementEditForm" method="post" action="/Default.aspx?ID=@createProfilePageId">
To:
      @GetString("UserManagement:User.FormStart")
So the form for creating the users will send back correct parameters for the extrnal login association with the newly created user.

Regards, Dmitrij

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitri,

Thank you for your answer.

I have tried with a few templates already, some of them having the StartForm tag in, but I got the same result.

One more thing that probably confused me. The documentation mentioned something about the App requiring a redirect url. Which should ebe set as /signin-facebook or /signin-google.
Are these pages the same ones a s the ones for reating users?

What if I choose to not show the Create User dialog? Where should I place the Extranet module?

Thank you,

Adrian

 
Dmitriy Benyuk
Reply

Hi Adrian,
my facebook app settings looks like this:

In Dynamicweb:


The TestExtarnalLogin page has one paragraph with the next settings:


I am redirecting to that page after the FB authorization.
And my start page with FB button where I am redirecting to facebook has just one Extranet paragrph with template which renders the FB button:
@if (GetLoop("DWExtranetExternalLoginProviders").Count != 0) {
     foreach (LoopItem LoginProvider in GetLoop("DWExtranetExternalLoginProviders")) {
          var ProviderName = LoginProvider.GetString("ProviderName").ToLower();
          <a href='/Admin/Public/Social/ExternalLogin.aspx?action=login&providerID=@LoginProvider.GetValue("ProviderID")' class="btn btn-sm btn-primary">Login with <i class="fa fa-@ProviderName"></i> @LoginProvider.GetString("ProviderName")</a>
     }
}

If you do not want to choose the create user page you can edit the provider like that(and you do not need the page with Extranet module then):

So after you click on FB login button you should be redirected back from FB to DW and new user in DW should be created with your FB first and last name and assigned to the group selected in groups for new users.

Regards, Dmitrij

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitrij,

Thank you very much for the comprehensive info. i think this should be part of the documentation.

One more question. In your setup I don;t see anything about /signin-facebook page. Is this the URL of your TestExtarnalLogin page?

Does it even matter?

Thank you,

Adrian

 
Dmitriy Benyuk
Reply

Hi Adrian,
http://yourDW9sitename.com/signin-facebook, http://yourDW9sitename.com/signin-google are system reserved urls that are handled by Dynamicweb once you get authenticated in FB/Google. You do not need to create any page for this to work. Only in the FB/Google developer apps you need to put the urls to your website like:http://yourDW9sitename.com/signin-facebook.
Regards, Dmitrij

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitrij,

Thank you very much. Now it's all clear.

However, my setup does not work, regardless of the settings. Would you mind attaching your CreateAccount template?

Thank you,

Adrian

 
Dmitriy Benyuk
Reply

Attached

 
Adrian Ursu
Adrian Ursu
Reply

Thank you.
I have replaced my template but I get the same behavior no matter what setting I choose for the External Login setup.

It looks like the system does not get to the Create account page.

Here is the URL: https://www.austral.ro/autentificare

Could something prevent this redirection to the Crate account page?

Thank you,
Adrian

 

 
Dmitriy Benyuk
Reply

Hi Adrian,
it is smth with your FB app. I've created the Test FB provider on your site with the url:

and I am able to login using mine FB app and the user is then created in DW. Make sure your FB app has the settings as mine shown in the image on my previous replies.
When I am logging using your FB app I get the returned url from FB with "access_denied":

Regards, Dmitrij

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitrij,

I have figured it out with your help. I had the "Require app secret" turned to "Yes". Turning it to "No" solved it.

Thank you very much for all your help.

As mentioned, I believe this whole thread should be included in the documentation of the functionality. It might help others as well.

Thank you very much,

Adrian

 

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitrij,

Just to close the loop, I would like to review the Google Apps settings.

The way I have them set up now, I get the same access_denied message that you got in your test for Facebook.

Which makes me think I have missconfigured the Google app pr something has changed (Google log in used to work fine).

Google documentation is not very clear about how to set it up.

I have created a Project in my Google developer account (console.developers.google.com)

Under APIs and Services/Credentials I have created a set of OAuth 2.0 client IDs credentials. That gave me ClientID and ClientSecret used for configuring the Extranet Login for Google.

I have set Authorized redirect URIs to https://www.austral.ro/signin-google (this was not set before, when the login was working)

I have configured OAuth Consent Screen and I have validated the domain.

Is there anything else I need to set up? Maybe activate some API's?

Thank you,

Adrian

 

 
Dmitriy Benyuk
Reply

Hi Adrian,
Here are my steps to make a Google app:
Visit the url: https://console.developers.google.com/apis/credentials/oauthclient
Click on left arrow: Create OAuth client ID
Then on Create credentials:

Fill the fields as shown below:

After click "Create" you will be presented with ClientID and App secret that you need to copy/paste to DW page with Google provider settings.
In the API library (https://console.developers.google.com/apis/library) you need to enable the:
Google+ API
Regards, Dmitrij

 
Adrian Ursu
Adrian Ursu
Reply

Thank you Dmitrij,

I was missing the last step. Enabling Google+ API

Thank you very much.

I owe you :)

Adrian

 
Adrian Ursu
Adrian Ursu
Reply

Hi Dmitrij,

I thought I can leave you off the hook after yesterday's progress but it seems that I still have some fixing needed.

I am sorry but I still need your help :)

The google + login works perfectly but facebook one is still a bit buggy.

I can Login with Facebook but the account created is not assigned to the right User Group and the information on the user is missing. Actually, apart from the name, there is nothing there.

I have checked the page with the extranet module and if I fill the fields manually everything is saved fine. Which makes me think that the login does not get to this point at all.

I am wondering if I need to set up some additional permissions on the Facebook app?

Also, I need to understand how does the page with Extranet module comes into play. I tried setting a value for a custom field by defining a hidden field in the template but it does not seem to be saved even for the Google one that seems to work. IS that template/paragraph even used? I am using the "silent" mode of creating users.

Thank you,

Adrian

 

 
Dmitriy Benyuk
Reply

Hi Adrian,
there is a bug in FB login provider so now it doesn't save the FB email on the DW newly created user, new tfs# 52295 was created for that.
Second one is another bug and is connected with wrong option taking into account even if "Create new local account without showing new user page" check box is selected.
But there is workaround for that:

Clear the text in "Create new user page" and after click on the check box below and select the groups you need, after that save provider settings.
After logging in to FB/Google your new user should be assigned to those groups. Will be fixed in tfs# 52297.
Regards, Dmitrij

 
Kristian Kirkholt
Kristian Kirkholt
Reply

Hi Adrian

The #52297 and #52295 "ExternalLogin provider: Fix saving options" + "FacebookExternalLogin" has been fixed in version 9.4.16

You are able to find this build in the download section:

http://doc.dynamicweb.com/releases-and-downloads/releases

Please contact Dynamicweb Support if you need any additional help regarding this.

Kind Regards
Dynamicweb Support
Kristian Kirkholt

 

 

You must be logged in to post in the forum