I can't figure out realtime database: firebase rules for verifying google oauth email.
In the rules, the only thing I have been able to use to see if the user is authenticated with google oauth is this:
{
"rules": {
".read": " auth.token.firebase.identities['google.com'][0] != '' "
}
}
And I want to also check if email is verified and is equal to "marcglassman#gmail.com"
I've tried to use:
auth.token.email
auth.token.firebase.identities[0].email
auth.token.authFields.email
and here is the reference doc I tried to use:
https://firebase.google.com/docs/reference/security/database/#authtoken
and here is the info I have avail:
const firebaseConsoleRealtimeDatabaseRulesPlaygroundAuthenticationPayload = {
"uid": "NUMBER_I_DONT_SHOW",
"token": {
"sub": "NUMBER_I_DONT_SHOW",
"authFields": {
"email": "marcglassman#gmail.com",
"email_verified": true,
"phone_number": "NUMBER_I_DONT_SHOW",
"name": "Marc Glassman"
},
"firebase": {
"sign_in_provider": "google.com"
}
}
};
const userInfoAfterFirebaseAuthJSClientAuthenticateUserWithGoogleLoginResult = {
"id":"NUMBER_I_DONT_SHOW",
"name":"Marc Glassman",
"provider":{
"displayName":"Marc Glassman",
"email":"marcglassman#gmail.com",
"phoneNumber":null,
"photoURL":"https://lh3.googleusercontent.com/a/AEdFTp7PL8PnsNNquMywC5DtEVa3ZxtAeznkfousQ_HZqHo=s96-c",
"providerId":"google.com",
"uid":"NUMBER_I_DONT_SHOW"
},
"providerName":"(google+)",
"uid":"NUMBER_I_DONT_SHOW"
}
Related
I am using graph API to add message rule which is forward a mail from user's inbox. Rule is getting added but mails are not forwarding to specified id.
Here are some details:
var data = {
"displayName": "From partner",
"sequence": 1,
"isEnabled": true,
"conditions": {
"isAutomaticForward": true
},
"actions": {
"forwardTo": [
{
"emailAddress": {
"name": "recipient name ",
"address": "email address"
}
}
],
"stopProcessingRules": true
}
}
axios.post("https://graph.microsoft.com/v1.0/users/{userId}/mailFolders/inbox/messageRules", data,
{
headers: {
"Authorization": "Bearer " + access_token
}
}
)
.then(response => {
console.log(response.data)
})
.catch(err => {
console.log(err.response)
})
Response is as expected but mails are not forwarding.
I tried the above payload, steps and it works for me!!
(1) Create a new rule using Graph API
POST https://graph.microsoft.com/v1.0/me/mailFolders/inbox/messageRules
Content-type: application/json
{
"displayName": "From partner",
"sequence": 2,
"isAutomaticForward": true,
"actions": {
"forwardTo": [
{
"emailAddress": {
"name": "Alex Wilbur",
"address": "AlexW#contoso.onmicrosoft.com"
}
}
],
"stopProcessingRules": true
}
}
(2) Test whether the rule is working or not.
Result: It's working as expected
(3) Check that the above rule shows or not (as part of Outlook.office.com or Outlook UI's rule section)
Adding a snapshot that i captured from Outlook.office.com, mailbox settings!!
I have been trying to connect an assistant action to my backend server
I am using my own Oauth server and followed the instructions on
https://developers.google.com/actions/identity/oauth2?oauth=code
I am using actions_intent_Sign_in for my dialogflow event intent (like https://actions-on-google.github.io/actions-on-google-nodejs/classes/conversation_helper.signin.html)
when i use my action to sign in, i get the login window to my server, i do the account linking and i can see that i generated the tokens on my server but i cant find the token in (conv.user.access.token)
and this is the code for my intent using "actions on google sdk "
'use strict';
var _ = require('lodash');
var path = require('path')
var express = require('express')
var http = require('http')
const bodyParser = require('body-parser');
var expressApp = express().use(bodyParser.json());
var server = http.createServer(expressApp).listen(3000)
const {
dialogflow,
SignIn
} = require('actions-on-google');
const app = dialogflow({
debug: true,
clientId: '7b4a6dfc-4b35-11e9-8646-d663bd873d93'
});
app.intent('Start Sign-in', conv => {
conv.ask(new SignIn());
});
app.intent('Get Sign-in', (conv, params, signin) => {
console.log("get sign in ");
console.log(JSON.stringify(signin));
if (signin.status === 'OK') {
const access = conv.user.access.token
console.log("the access token is " + access);
conv.ask('Great, thanks for signing in! What do you want to do next?');
} else {
conv.ask('I wont be able to save your data, but what do you want to do next?.');
}
});
and the response comes back as
{"#type":"type.googleapis.com/google.actions.v2.SignInValue","status":"OK"}
the access token is undefined
Response {
"status": 200,
"headers": {
"content-type": "application/json;charset=utf-8"
},
"body": {
"payload": {
"google": {
"expectUserResponse": true,
"richResponse": {
"items": [
{
"simpleResponse": {
"textToSpeech": "Great, thanks for signing in! What do you want to do next?"
}
}
]
}
}
}
}
}
the user object of conv has only this data
"user": {
"raw": {
"lastSeen": "2019-03-20T12:46:23Z",
"locale": "en-US",
"userId": "okdhyeGSk5tofgLjEepIUrA6mmewCESY8MjklZRPvQJgv6-uybfPobwdfgtrGZJ3bE2sM9ninhst"
},
"storage": {},
"_id": "okdhyeGSk5tofgLjEepIUrA6mmewCESY8MjklZRPvQJgv6-uybfPobwdfgtrGZJ3bE2sM9ninhst",
"locale": "en-US",
"permissions": [],
"last": {
"seen": "2019-03-20T12:46:23.000Z"
},
"name": {},
"entitlements": [],
"access": {},
"profile": {}
}
i dont know where the access/refresh token can be found or if there is any requirement for the post to send from my oauth server that i missed
so finally i managed to get it working with the help of Actions on Google Support Team
the problem was me having another google account logged-in in another tab, even though i had the AoG and dialogflow agent connected with the same account
tried all using incognito window and it works
I’m using AWS Cognito to perform login authentication. When login is successful we get below request body :
Request body:
> {"UserContextData":{"EncodedData":"eyJ..9”},”ClientMetadata":{"cognito:deviceName":"MacBookPro12-01","cognito:bundleShortV":"1.0.0",
> "cognito:idForVendor":"A6FD46FBB205","cognito:bundleVersion":"207",
> "cognito:bundleId":"com.abc.Project-Dev","cognito:model":"iPhone", "cognito:systemName":"iOS","cognito:iOSVersion":"11.3"},
> "AuthParameters":{"SRP_A":"a6..627","SECRET_HASH":"vr..Oo=", "USERNAME":"jay.dubey#abc.com”},**”AuthFlow":"USER_SRP_AUTH"**,
> "ClientId”:”123”}
Now, there is a scenario wherein I’ve to set “AuthFlow” value to “USER_PASSWORD_AUTH”. How can this be done?
The headache with this is that all these values are set in Pods. Below code prints the request body that is added above :
passwordAuthenticationCompletion?.set(result: AWSCognitoIdentityPasswordAuthenticationDetails(username: username, password: password))
If you will look into AWSCognitoIdentityUser in method getSessionWithUserName andPassword you will see that there is a ternary operator switching migration auth that is driven by migrationEnabled Boolean value. In order to switch auth type just configure identity pool like so:
let userPoolConfiguration = AWSCognitoIdentityUserPoolConfiguration (
clientId: clientId,
clientSecret: nil,
poolId: userPoolId,
shouldProvideCognitoValidationData: false,
pinpointAppId: nil,
migrationEnabled: true
)
I found you need to enable the migration in your amplifyconfigurqaton.json so that it uses the USER_PASSWORD_AUTH mode (it will ignore it otherwise):
{
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "xxxx",
"Region": "xxxxx"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "xxxxx",
"AppClientId": "xxxxx",
"Region": "xxxxx",
"MigrationEnabled" : true
}
I have a database with the following structure
"users":{
"user1234" {
"username": "user1234"
}
}
I am trying to do a query to find a user with username "user1234". When I use queryEqual(toValue:) I don't get any matches but when using queryStarting(atValue: ) I do get the user. I have confirmed that the username is actually "user1234". What am I doing wrong?
let query1 = databaseRef.child("users").queryOrdered(byChild:"username").queryStarting(atValue: "user1234").queryLimited(toFirst: 1)
query1.observeSingleEvent(of: FIRDataEventType.value, with: { (snapshot) in
//snapshot contains the user with username "user1234"
})
However the following does not work
let query2 = databaseRef.child("users").queryOrdered(byChild:"username").queryEqual(toValue: "user1234")
query2.observeSingleEvent(of: FIRDataEventType.value, with: { (snapshot) in
//snapshot DOES NOT contain the user with username "user1234"
})
My security rules are
"rules": {
".read": "true",
".write": "true",
"users": {
"$uid": {
".indexOn": ["username"],
},
},
},
You're facing this issue because query goes only one level deep, so you need to flatten your data or you have to figure out a different approach.
Here you can find more detailed answer.
So I have implemented the react native FBSDKGraphRequest and login button. Login is working correctly, but when i attempt a graph request of the user, instead of the complete object i expect the /me endpoint to return
{
"id": "162036280799349",
"birthday": "08/08/1980",
"email": "test_ppjeffg_eight\u0040tfbnw.net",
"first_name": "Test",
"gender": "male",
"last_name": "Eight",
"link": "https://www.facebook.com/app_scoped_user_id/162036280799349/",
"locale": "en_US",
"name": "Test Eight",
"timezone": -8,
"updated_time": "2015-07-28T18:22:16+0000",
"verified": false
}
I just get
Object {name: "Test Eight", id: "162036280799349"}
I very well may be doing the request incorrectly, though I've done everything according to documentation. Here is the relevant source code:
class LoadingOverlay extends BaseComponent{
constructor(props){
super(props);
this._bind(/*'_fetchFriendsRequestFunction'*/);
this.state = {isVisible: true,
token: null,
profileInfo: null}
}
_fetchGraphRequestFunction(){
console.log("start");
var fetchProfileRequest = new FBSDKGraphRequest((error, result) => {
if (error) {
alert('Error making request.');
} else {
// Data from request is in result
console.log(result);
}
}, '/me');
// Start the graph request.
fetchProfileRequest.start();
}
render(){
return(
<Overlay isVisible={this.state.isVisible}>
<BlurView style={styles.background} blurType="dark">
<FBSDKLoginButton
onLoginFinished={(error,result)=>{
if (error){
alert('Error Logging In.');
} else {
if (result.isCanceled){
alert('Login Cancelled.');
} else {
FBSDKAccessToken.getCurrentAccessToken((token)=>{
console.log(token.tokenString);
this._fetchGraphRequestFunction();
})
}
}
}}
onLogoutFinished={()=>console.log('Logged Out.')}
readPermissions={['public_profile', 'email', 'user_birthday', 'user_friends']}
publishPermissions={['publish_actions']}/>
</BlurView>
</Overlay>
);
}
}`
You can request additional parameters from Facebook by either appending them to the uri like this:
/me?fields=id,name,email
or by calling the addStringParameter function on the FBSDKGraphRequest object like this:
fetchProfileRequest.addStringParameter('picture,email,gender','fields');
However, what fields you get in return depends on the permission of your app and the settings of the user.
Also, note this little trick from the ios FB sdk documentation: https://developers.facebook.com/docs/reference/ios/current/class/FBSDKLoginButton/
Note, that if read permissions are specified, then publish permissions should not be specified.
So try sending an empty publishPermissions parameter and see if that fixed it.
More information here:
Publish or manage permissions are not permited to to be requested with read permissions FACEBOOK SDK
https://coderwall.com/p/gkeqcq/request-read-and-publish-permissions-simultaneously-using-ios-facebook-support
I'd love to see an example of the flow to make this work in react native if anyone has it.