I struggle with what I do after key activation.
I have a dev Token (which works on the sandbox).
I also have a 'Consumer Key', a 'Consumer Secret' for a given application name.
I was told that my consumer key has been 'activated' for prod but I cannot connect to prod. I am using Python 3 with the sample client script of the SDK download. As i said, it works perfectly fine on the Sandbox. I have a premium personal account
Related
We do our builds and sign them within our windows server using Jenkins
Recently our code signing provider stopped sales/renewals and we had to find another provider but it seems all certificates now come in tokens (USB, hardware). So we decided to get an EV certificate to solve the Microsoft SmartScreen warning as well.
Since Jenkins is in cloud VM I wasn't able to get the token there and we had to do the builds locally, now its about to expire and I've been looking for solutions and it seems that HSM might be the solution to host token/certificate by the cloud provider like Azure then use it (somehow?) to sign the files
I also came across a cloud sign service which was clear but a lot more expensive! (unless I didn't understand HSM cost!)
Can someone explain how HSM works for code signing with Azure/Jenkins?
If I give up on the EV and back to a standard certificate, can this process be automated easily
Any other recommendation
I have a windows service and part of business logic it generates a desktop file setup. Now, I want to code sign that desktop file setup Programmatically so that Windows will not warn the end user about an application from an "unknown publisher".
I also know its very straight forward process as I can do it by Microsoft signtool by taking certificate from local system and also can use Azure signtool by taking certificate from azure Key Vault for sign setup.
now, I have following doubts:
Now my problem is certificate security as windows service installed on client system and signing process will go on client system so, Its possible to misuse certificate by anyone.
currently using AzureSigntool which takes certificate from azure Key Vault directly but we doing it programmatically so we need to pass some sensitive info. like client Id, key vault Url, and secret Key with windows service code to access certificate during signing process. another point is that we doing signing by AzureSigntool on client system. does anyone can make forgery of my certificate from Azuresigntool during signing process?
If do not hesitate to suggest any other best possible approach also.
I am developing a web-based application that will allow my trusted staff to edit the titles, descriptions, tags, etc. of my YouTube channel. In attempting to "Opt In" to my own application, I was sent to the callback URI with an error message:
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure. You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Some history - when I first attempted to obtain a code to exchange to an authorization token, it actually worked! However, as I was writing the code to harvest the code and exchange it for the authorization token, I repeated the "Opt In" process multiple times. Before I was ever able to perfect my code to exchange the code for an authorization token, I began getting the error message to the effect that the app is insecure and cannot be signed in to.
More history - after reading a Stack Overflow article describing something similar, I deleted the project, created a new project, generated a new Client ID and Client Secret, and then repeated the test with the same failure.
I am the only Test User of the app. I can't find any notification in my console alerting me to nature of the security issue triggering the failures. I have reviewed the OAuth policies at
OAuth 2.0 Policies
and cannot find anything even remotely wrong.
What is wrong and how can I fix it?
I also had the same issue.
For me, it turned out that my redirect_uri is not valid. The redirect_uri that gives error:
http://localhost:8000api/vi/oauth/google
What are wrong in my case:
I should put a / before api.
vi is different from what I registered on GCP. It should be v1
I would suggest you to print out the redirect_uri when your app is performing code exchange, and verify every single characters carefully.
Additionally, check out the documentation of Redirect URI validation rules on Google to see if your redirect_uri comply with all the rules.
You probably changed the port where the project is running or you did not define the address where the project is running in Google Cloud.
Google Cloud → APIs and Services → Credentials → OAuth 2 Client ID → change Authorized JavaScript origin to the port that your app runs on the local or shared host.
The URL may take time to define, so it may not work right away, so you can also create a new credential.
For me the redirect_uri was correct, but as a result of an error, the access code was requested for a different client ID.
Im trying to send VoIP notifications via PushKit, but in Production(Distribution) environment, I get "Invalid Token" from server.
everything works fine in development env with same certificate and url:ssl://gateway.sandbox.push.apple.com with port:2195
but when i change the url to:ssl://gateway.push.apple.com, I get "Invalid Token" error with no extra data
Looks like you are using same Voip device token generated by Client in sandbox environment for both sandbox as well as production. That's the reason you will get invalid token error.
This will not work. If you want to use production environment, you need to make sure your client/app is creating device token in production environment. (You can not use device token generated by client using Sandbox when your server is using production environment)
Pl. note separate device tokens are generated for sandbox/production environment for the same app/client on the same device. Hope it helps.
My company develops a web app that requires 3rd party authentication with Outlook 365, to have access mail, calendar and contacts.
We managed to get several users from various tenancies connected through OAuth using the normal OAuth flow and the endpoints:
https://login.microsoftonline.com/common/oauth2/authorize
https://login.microsoftonline.com/common/oauth2/token
But one user constantly fails at login with the error:
{
"line":"398",
"file":"oauth_server.js",
"message":"Error in OAuth Server: temporarily_unavailable",
"time":{"$date":1436988123251},
"level":"warn"
}
It only happens for his tenancy, and only on our production servers (he can successfully connect with our test servers).
All the settings are analogous for the production app and the test app in the AzureAd portal.
This error states that the microsoft servers are unavailable, yet they manage to connect any other account, which tends to prove that this message is inacurate...
Would anyone have a clue about this?
This solved my problem:
I went to the AzureAd management portal,
went to the configuration page of my app,
changed the APP ID URI to something random
saved,
tried to connect with this account, successfully!
set back the APP ID URI to its original value.
Still works. I do not know why. Something must have been stuck in the pipe...