When I set the request URL in slack it shows verify but it will not send any data to my API. This API is used in my WordPress plugin. My API URL contains HTTP. Previously it worked.
All of my client don't have HTTPS some of them using HTTP so how can I solve the issue.
Related
Requesting for some help here. Kind of stuck with a use case. We are trying to integrate OneLogin with our app via Spring security.
The entry point to our application is Azure App Gateway that routes the requests to load balancer further routing to the VMs where the service is deployed. Everything works fine if we DONOT override the hostname in Backend settings for any incoming request, leading to the App Gateway host only getting passed for every request. Here the App Gateway URL being set as the redirect URI in Spring security auth endpoint call.
The problem appears when the Apigee is used as the entry point to our application. Apigee routes the request to App Gateway routing it further to load balancer and VMs. Here, we DO have to override the host as Apigee host name in order to authenticate the client to the OneLogin server. The Apigee endpoint is set as the redirect URI in the Spring security auth endpoint call.
However, the server responds back with "possible CSRF detected - state parameter was required but no state could be found" error. Tried different possible solutions from other SO links to resolve this error like providing a session cookie name, but did not help. Our OneLogin server and client application are also in different domains.
The only thing that works here is when we DONOT override the hostname in Azure App Gateway Backend settings and pass the App Gateway URL as the redirect URI in auth endpoint call. But the problem is it shows the App Gateway URL in the user browser, which we do not want because in an ideal scenario, the user should see only the Apigee host in the browser url and not the App Gateway host. So, is there any way to re-route/redirect/override the URL to Apigee URL in Azure App Gateway settings without the call being made to Apigee endpoint. Just the user sees the Apigee url in the browser, but internally all calls are made to App Gateway endpoint only.
Or the other solution could be to prevent the CSRF issue when Apigee hostname is used as the redirect URL in the auth endpoint instead of App Gateway host. But not sure how to resolve that.
• In your scenario, when you are not overriding the hostname in the Azure application gateway backend settings and pass the ‘Application Gateway’ URL as redirect URL in the ‘Authorization endpoint call’, the application gateway URL is shown in the user’s browser which is not desired since the Apigee host redirects the authentication requests to the ‘App gateway’ endpoint.
Therefore, without the call to be made to the ‘Apigee’ endpoint, you can surely redirect it to the Apigee redirect URL in the Azure application gateway settings by configuring the ‘Rewrite URI rules’ in the gateway. These rewrite rules will check for any presence of configured URLs or specific paths and will therefore, change the original URI path to the new path configured. As a result, please follow the below given snapshots as steps for configuring the same as stated above: -
Thus, as shown above, you can configure the ‘Rewrite rules’ in a ‘Standard V2’ SKU application gateway for redirecting response requests of ‘authorization endpoint call’ from application gateway URL to the Apigee endpoint hostname configured. In this way, when the application gateway URL is shown in the browser, it will be rewrited to the apigee endpoint hostname’s URL in the browser and accordingly the user at the receiving end will be able to see the Apigee endpoint hostname as a result fulfilling your requirement.
For more details regarding the above, kindly refer the below link: -
https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#modify-a-redirection-url
First attempt at using the Imgur API for OAuth2 authentication. I have a Client ID and Client Secret from https://api.imgur.com/oauth2/addclient. The URL that is being called from my Vue application looks like:
https://api.imgur.com/oath2/authorize?client_id={CLIENT_ID}&response_type=token&state=test
...where {CLIENT_ID} is the Client ID obtained from the client registration. This doesn't work from my web app and also fails in Postman. I'm getting back a 404 which displays the page that reads, "Zoinks! You've taken a wrong turn."
Any advice is appreciated.
I had the same problem. For me the solution was to open my Vue application from the network address https://192.168.2.100:8080 instead of the local adress https://localhost:8080
Vue console picture
Imgur apparently doesn't accept requests from localhost. Consequently I also had to set the OAuth2 redirect url of my application registered in imgur to http://192.168.2.100:8080/...
I am working on some app which as API call. while i add proxy in mobile and see response in web debugging tools. I can see my api call parameters and response too.
while in others app I cant see this things and it is secured.
how can i acheive this?
Pictures said your API is using non-secure HTTP protocol while others app using HTTPS. The Web API should be performed via HTTPS protocol. HTTPS using SSL/TLS as secure transport layer, it means all data are encrypted before they're online. So, we don't care about any kinds of proxy
I'm using https in redirect_uri field of OAuth2. But when I connect to google client, I'm redirect to http url, not https. Here is a part of the code:
$client->setClientId($client_id);
$client->setClientSecret($secret);
$client->setRedirectUri("https://mydomain/myphp.php");
$client->setScopes(array('https://www.googleapis.com/auth/calendar'));
I use the example from http://www.daimto.com/google-oauth2-php/
When I run the script, it shows me a "Connect Me!" message and when I click on it, the browser ask my permition to access my google account. After I agree, it would must redirect me to the address in setRedirectUri, in HTTPS mode. But google api redirect me the same url but in http mode.
Some idea?
Thanks a lot!
I believe all is working, but after successful authentication on https your own code redirects you to a cleaned URL on plain http. Check the sample code that you copied after receiving and exchanging the code ("Step 2") and change the construction of the URL so that it uses https instead of https.
After reading through the oAuth 2.0 draft 23 I have a better understanding of how oAuth works, however one thing I'm not understanding is the request uri:
I've read the section in the draft and it explains the request uri needs to be an absolute url from the client but if I am making an android/iphone app then what must this value be as my app is not a website on a web server?
You can define your own custom URI scheme, say
myapp://oauthcallback
Now you setup your app to listen for this scheme (works on Android and on iOS). When your browser/webview then gets redirected after the authorization request, your app will start and you can handle the query parameters sent with the URI.