Meraki

jvilomar · ‎May 13 2019

Greetings,

I'm having a problem with an external captive portal, implementing OAUTH and Facebook.

We ´ve implemented an EXCAP with collect some data, but we need to provide social login, in this case, we´ve implemented facebook, using OAUTH. It works on some devices, and it doesn´t for others.

when I authenticate with facebook I can return to my captive portal and complete the information, but as soon as facebook authenticates and redirects, I´ve lost the request information: ie my complete querystring (user_continue_url, client_mac, client_ip, etc), wich in case is needed in order to allow the client to navigate as soon as the form in the excap is completed. It is possible to perform this type of authentication with OAUTH and at the same time perform the filling without losing the original request?

I am using JavaScript for the OAUTH login, and I got a pop-up to authenticate to facebook. If I only fill the form, it works as expected.

Thanks.

PhilipDAth · ‎May 13 2019

If you are lucky @HodyCrouch might lend some advice.

jvilomar · ‎May 13 2019

I will really appreciate that, I need to give some answer to my boss. This is a big project that we'v been implementing and one of the main requirements is to allow users login with facebook. We can't use the facebook integrated estrategy provided by meraki, since we need some custom data.

Thanks for your reply.

HodyCrouch · ‎May 13 2019

Be prepared for some pain when you try to keep Facebook login working in a captive portal environment. The web resources accessed by the login pages do change from time to time and you're going to need to keep your walled garden ranges up to date. You will find some resources online to help, but there's no substitute for testing and monitoring.

It sounds like you've selected a client-based login flow using Javascript (I'm partially guessing here). If so, reconsider that decision if possible. You're really setting yourself up for a world of future pain. I have found the server-to-server flows to be more stable. You also get a better place to monitor for user issues.

You should also be careful about your Facebook application permissions, as they control what data is shared with you.

On a related subject, make sure you do some testing with other Facebook accounts. You may find that permissions seem pretty loose when using your own account, if you also created the Facebook application and related tokens yourself. When using other accounts, you often need to go through Facebook's review process to be able to access the data you need.

Facebook WiFi provides for a pretty narrow use case. I'm not surprised you've decided to create your own solution.

Not sure if that's the information you were looking for. Feel free to ask if you have further questions. I've been spending more time with unique captive portal promotions based on customer behavior rather than on specific social login scenarios. My info may be a little rusty.

jvilomar · ‎May 14 2019

Thanks for taking some time to reply me.

Yes indeed, it's been a big pain lately. First you are 100% right on your guessed, I am working with client-side estrategi, implementing Facebook login, using hello.js, wich, come in handy, because the nature of the EXCAP and the stuff with the dynamic change of the request from meraki.

I think that the only thing left is to implement the facebook login from server, to see if it works. In regard to the permissions, I have the two of them that I really need, Email, First and Last Name and Age range.

Really appreciate your advices.

Meraki

Community

EXCAP custom splash with facebook / twitter sign-on

EXCAP custom splash with facebook / twitter sign-on