Facebook login on iOS devices via captive portal

时光总嘲笑我的痴心妄想 提交于 2020-01-16 07:29:07

问题


I am developing a captive portal implementation that will use facebook to authenticate users. The users will have to be able to login to facebook to get authenticated and access the internet freely. Unless the user authenticates, they must not be able to freely browse facebook (or any other website). I am using javascript sdk.

I am having trouble with this flow on iOS devices. iOS devices when connect to ssid bring up pseudo browser that does not have cookies and sessions. On this page the user can click "Connect via Facebook". This will bring up oauth login dialog. Following is code snippet of how this is acheived: document.location = "https://www.facebook.com/dialog/oauth?client_id=" + WF_FB_APP_ID + "&response_type=token&scope=public_profile,email,user_birthday&redirect_uri=" + encodeURIComponent(document.location.href);

When the user enters email and password, instead of authenticating the user, facebook returns some error code:200, error description "Permissions error" and error reason "User denied" and redirects to safari where the user is required to enter the credentials again. At this point, entering the same credentials works fine and user gets access to the internet.

I would like to know why do the creds not work the first time and why is there redirection to safari. Andriod and windows devices do not have this problem since the user is required to open browser and login process through facebook works fine in the browser.

Are there any suggestions that I can try? I am using Meraki AP in the cloud and have put all possible facebook domains in the walled garden entry. I have tried googling this scenario but no avail. Any help or suggestion to try would be much appreciated.


回答1:


I realise this is an old thread, but we just came across potentially the same issue. The facebook login dialog would come up in the captive portal window, but as soon as you hit login, the captive portal window closes and facebook opens in the normal browser prompting to log in again.

After a good few hours of tearing my hair out, I worked out what was actually happening. We use openmesh APs running openwrt. These devices dynamically add the ip addresses of the domains in the walled garden config to iptables as requests for those domains made. I haven't fully gotten to the bottom of it yet, but some of the CDN network domains when whitelisted appear to allow access to the IP addresses of the domains being used by iOS to internet check access.

As soon as I removed references to akamaiedge.net, akamai.net, akamaitechnologies.com and cdnjs.cloudflare.com from my walled garden list, everything worked fine. The full end to end facebook login and redirection back to our landing page remains inside the captive portal.

We actually discovered the same issue on android and anything referencing the gstatic.com domain. Android uses connectivitycheck.gstatic.com, if you white list anything like maps.gstatic.com or fonts.gstatic.com the android captive portal closes itself automatically before your landing page has loaded.

As I said, appreciate it's an old thread, but thought this might be helpful for others finding themselves here.

Cheers



来源:https://stackoverflow.com/questions/29631522/facebook-login-on-ios-devices-via-captive-portal

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!