Security

Hello,

We are setting up a guest service with social media logins (no other login options for now - just Facebook, LinkedIn, Twitter and Amazon). This is kind of working fine. But on testing with several devices (Android, iPhone, Windows) we get some behaviour which we are trying to understand.

Testing mostly done using the Facebook login, though we do see similar on Twitter as well.

• On Android if I delete my device from Endpoints, the user table, forget the network on the device, and remove our guest app/website from my Facebook account (ie trying to start from a blank canvas) when I first view the captive portal page I get the authentication failed error appear before I've even attempted to authenticate(!) I assume this is an old cookie. Then when I attempt to authenticate (eg to Facebook) everything works (I get a prompt to  'Continue as Guy'), I put my password in, and am redirected back to the captive portal - but authentication fails, I am just shown the captive portal page with the error message again. If I try clicking Facebook again then sometimes it will fail again, other times it will succeed. Once it has succeeded then subsequent auths seem to work. My colleague found similar behaviour with his iPhones - though he had to clear browser cookies to force it to fail first time, then it subsequently worked reliably in the same way as the Android.
• With my Windows laptop (which I hadn't used before for testing this) I am successfully redirect to Facebook, and unlike my Android I am prompted for two factor auth - message sent to my mobile - and login was successful first time. Unlike my Android phone I don't see the 'authentication failed' message before I try to auth. However if I then remove the laptop from Endpoints, the user table and forget the network then next time I try to connect it doesn't prompt for two factor auth (but does prompt for a password), but now it fails first time, and then subsequently works fine if I click Facebook again.

We're just trying to understand the process and what might be causing the initial failure that we see (when starting with a device that has been removed from Endpoints, user table, and the network has been forgotten on the device). Can anyone help/

Thanks very much,

Guy

------------------------------
Guy Goodrick
------------------------------

Hi Guy,

May I know how do you create guest self-registration portal with social media logins? Do you have any guides? 
Sorry these are not the answers to your questions though

------------------------------
DarrenPJW
------------------------------

Original Message:
Sent: Jun 22, 2021 10:34 AM
From: Guy Goodrick
Subject: Guest captive portal social media logins

Hello,

We are setting up a guest service with social media logins (no other login options for now - just Facebook, LinkedIn, Twitter and Amazon). This is kind of working fine. But on testing with several devices (Android, iPhone, Windows) we get some behaviour which we are trying to understand.

Testing mostly done using the Facebook login, though we do see similar on Twitter as well.

• On Android if I delete my device from Endpoints, the user table, forget the network on the device, and remove our guest app/website from my Facebook account (ie trying to start from a blank canvas) when I first view the captive portal page I get the authentication failed error appear before I've even attempted to authenticate(!) I assume this is an old cookie. Then when I attempt to authenticate (eg to Facebook) everything works (I get a prompt to  'Continue as Guy'), I put my password in, and am redirected back to the captive portal - but authentication fails, I am just shown the captive portal page with the error message again. If I try clicking Facebook again then sometimes it will fail again, other times it will succeed. Once it has succeeded then subsequent auths seem to work. My colleague found similar behaviour with his iPhones - though he had to clear browser cookies to force it to fail first time, then it subsequently worked reliably in the same way as the Android.
• With my Windows laptop (which I hadn't used before for testing this) I am successfully redirect to Facebook, and unlike my Android I am prompted for two factor auth - message sent to my mobile - and login was successful first time. Unlike my Android phone I don't see the 'authentication failed' message before I try to auth. However if I then remove the laptop from Endpoints, the user table and forget the network then next time I try to connect it doesn't prompt for two factor auth (but does prompt for a password), but now it fails first time, and then subsequently works fine if I click Facebook again.

We're just trying to understand the process and what might be causing the initial failure that we see (when starting with a device that has been removed from Endpoints, user table, and the network has been forgotten on the device). Can anyone help/

Thanks very much,

Guy

------------------------------
Guy Goodrick
------------------------------

Hi Guy,

Sounds like cookies and browser using the existing session token. Can you try using different incognito windows between tests to confirm?

------------------------------
Mathew George
------------------------------

Original Message:
Sent: Jun 22, 2021 10:34 AM
From: Guy Goodrick
Subject: Guest captive portal social media logins

Hello,

We are setting up a guest service with social media logins (no other login options for now - just Facebook, LinkedIn, Twitter and Amazon). This is kind of working fine. But on testing with several devices (Android, iPhone, Windows) we get some behaviour which we are trying to understand.

Testing mostly done using the Facebook login, though we do see similar on Twitter as well.

• On Android if I delete my device from Endpoints, the user table, forget the network on the device, and remove our guest app/website from my Facebook account (ie trying to start from a blank canvas) when I first view the captive portal page I get the authentication failed error appear before I've even attempted to authenticate(!) I assume this is an old cookie. Then when I attempt to authenticate (eg to Facebook) everything works (I get a prompt to  'Continue as Guy'), I put my password in, and am redirected back to the captive portal - but authentication fails, I am just shown the captive portal page with the error message again. If I try clicking Facebook again then sometimes it will fail again, other times it will succeed. Once it has succeeded then subsequent auths seem to work. My colleague found similar behaviour with his iPhones - though he had to clear browser cookies to force it to fail first time, then it subsequently worked reliably in the same way as the Android.
• With my Windows laptop (which I hadn't used before for testing this) I am successfully redirect to Facebook, and unlike my Android I am prompted for two factor auth - message sent to my mobile - and login was successful first time. Unlike my Android phone I don't see the 'authentication failed' message before I try to auth. However if I then remove the laptop from Endpoints, the user table and forget the network then next time I try to connect it doesn't prompt for two factor auth (but does prompt for a password), but now it fails first time, and then subsequently works fine if I click Facebook again.

We're just trying to understand the process and what might be causing the initial failure that we see (when starting with a device that has been removed from Endpoints, user table, and the network has been forgotten on the device). Can anyone help/

Thanks very much,

Guy

------------------------------
Guy Goodrick
------------------------------