Hi all,
I have an application where users can sign in with their organization’s Office 365 credentials.
Is there a way to force them to supply their usual organization’s password?
At the moment, the Microsoft API just “knows” who they are based on the computer that they are signed into. They can simply click their username and the app logs them in.
Unfortunately, I have a situation where an iPad is being passed around to access the application and so I cannot guarantee that each user is logging out of their Microsoft account before passing the iPad along.
I am learning the custom sign-up flow functionality and so perhaps I can build something with that once I get the hang of it.
Any nudge in the right direction here would be much appreciated. Perhaps I am missing something straightforward.
I have found that when using an incognito browser, I am forced to provide my username and password. This is what I want to happen, but in any browser.
So, perhaps the issue is that my browser remembers who I am (“Remember Me” in the Users service is turned off).
I have tried clearing the cookies:
anvil.server.cookies.local.clear()
but in a normal browser, I am still automatically logged in.
Does anyone know how to avoid automatic log in?
Note that I’m using the Microsoft API for authentication.
Hmm…I think the problem here is that you’re logged in with Microsoft, and you’d need to log out from there in order to prevent this coming up. I think you can do what you want by getting the user to visit this URL:
https://login.microsoftonline.com/common/oauth2/v2.0/logout
(Perhaps you could get the user to click that link when they’re done using the app?)
Sure, I could present the MS logout before or after students complete the assessment. The sneaky students may ignore that suggestion though since AFAIK you can’t force them to logout (they still have to make the choice).
I want to make sure that the initial submission corresponds to the student holding the device (not whoever is logged in at the time). Thus, I thought it would be more fail-safe to ask for explicit authentication at the outset.
Not a huge deal though. The assessment can’t be submitted twice by any student, so as long as the first assessment starts with an accurate login, the worse thing that can happen is that some students may have to explicitly logout prior to taking their test (if the previous student failed to do so).
Kind of a weird situation.
Hmm…you could use Javascript to pop that window up, perhaps? A sneaky student might still be able to close it before it takes effect, but it might be harder…