I am using Trino to connect to PrestoSQL for my organization in the manner below with python. The MFA authentication requires that I click a link to authenticate. The links usually look something like this: https://query.organization.com:6543/oauth2/token/initiate/b74d83f9e395e4c27d18b
Once I click the link, a JuypterLab window (screenshot below) opens, which requires me to enter my username and password. After I do that, it just keeps spinning eternally and never ends up connecting or going through. (I am using Trino jar jdbc-367, if it matters.)
This only happens in the desktop app version of JupyterLab. This does not happen in the web version of JupyterLab, nor does it happen in JupyterNotebook. On the web versions, when I click the link and enter my username/password, it allows me to connect and to proceed with my query. Is there any reason why JupyterLab desktop version cannot go through?
connect = trino.dbapi.connect(
host='query.org.com',
port=6543,
user='hsimpson',
catalog='cloud9',
http_scheme='https',
auth=trino.auth.OAuth2Authentication()
)
https://i.stack.imgur.com/29t8A.png
Related
Introduction
I've been trying to build a Google Home, Smart Home Activity that integrates with Azure AD. I've been able to correctly sign in so the ClientId/endpoints/scopes must be correct.
When I try to connect to the Smart Home skill using the simulator it shows me an error that this functionality isn't supported in the simulator. So I then moved to my actual android phone. However when I try to link to the smart home service in the google home app it correctly asks me to login, but after logging in the login screen disappears and I'm back to selecting a service I want to link to.
Flow to activate service:
So after the 4th image it just goes back to the original screen and no skill was ever added.
I've also setup NGROK as my fullfillment URL but I see no activity other then some of my own tests:
My configuration
This is the way I've set everything up:
Azure AD:
I've also configured the direct URL to be: https://oauth-redirect.googleusercontent.com/r/davysmarthome
Google Home (Action):
Google Home (OAuth):
Summary
My question would be why my skill doesn't want to be linked to. I have not yet implemented anything in my actual API yet but I would expect NGROK to at least show some data traffic if google home would actually try to link itself and request what devices are connected.
After analyzing the 4th image, it can be seen that you haven't enabled "Testing" on your project, sometimes the Account Linking process fails if testing has been disabled for any reason. To make sure testing is enabled for the project, go to AoG Console > Develop > Account Linking > Test (Upper Right Corner).
But, in this case, it does not necessarily mean that the account linking failed, it is also possible that account linking succeeded, but failed in SmartHome Sync. To make sure if account linking has succeeded, please visit https://myaccount.google.com/accountlinking?hl=en and check if the account has been linked correctly.
There are other tools available that can help you with debugging OAuth issues such as "OAuth Playground". It helps in finding out the exact issue causing the error.
(this is for a Raspberry Pi / UWP, but using RestAPI) - using a clientId and an appSecret, what's the proper paths to use to eventually access a user's Calendar. (This use case CAN use the username/password of the user).
I already can do it except that it requires a dialog username/password signin. On the Raspberry Pi (even with a screen), this fails to even display a dialog for signin.
Looking at the documents for service/daemon app / app-only, it requires a tenantId. My use is not for work/school, but personal Outlook.com, so no tenant.
(ref: https://graph.microsoft.io/en-us/docs/authorization/app_only)
Other suggested calls to login.microsoftonline.com return bad requests.
Would appreciate (proper) doc referral, and better yet, working code to simply auth.
Update: Current Insider builds of Windows IoT Core DO allow for username/password challenge auth (requires screen). And, current builds do not yet allow for headless authentication.
Using the username/password dialog challenge, the normal Microsoft Graph Rest api's work...
https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/calendar
I am unable to open Google, Youtube, some other website in my browser. Its showing a Certificate authentication error.
I changed it as a trusted website. Now it showing like:
(Index of /[ICO] Name Last modified Size Description)
I have no idea what to do. I am unable to google.
Other websites like facebook, yahoo and Gmail load correctly in the browser.
This is the message in google-chrome:
Your connection is not private
Attackers might be trying to steal your information from
www.google.co.in (for example, passwords, messages, or
credit cards). NET::ERR_CERT_AUTHORITY_INVALID
The Message I am getting in chrome when I click advanced:
Hide Copy Code
www.google.co.in normally uses encryption to protect your
information. When Chrome tried to connect to www.google.co.in
this time, the website sent back unusual and incorrect
credentials. Either an attacker is trying to pretend
to be www.google.co.in, or a Wi-Fi sign-in screen has
interrupted the connection. Your information is still secure
because Chrome stopped the connection before any data was
exchanged.
You cannot visit www.google.co.in right now because the
website uses HSTS. Network errors and attacks are
usually temporary, so this page will probably work later.
Is this a problem with google servers, something in between or the client side browser? Is there a workaround for this error?
This is a Chrome issues. Switch to a different browser and you will be fine. Google has decided to make getting to sites without the "expected" SSL certificate almost impossible (you can go clear the cached cert info on a site-by-site basis, which is a real pain...but expect the problem to come back again and then you have to go clear the cached cert again).
If you are using web filtering or various real security products that decrypt / inspect / then re-encrypt traffic, Chrome dumps all over it.
I used to be a Chrome fan, but because of this issue I had to abandon Chrome. I'm not going to turn off my real security products just so I can keep using Chrome!
We need to access the intranet site called as "http://mysite/myapp".
And with using IE, every domain users can access the site without any prompt.
But, if the user try it with Chrome, the logon prompt shows at first. After entering credential just once, the prompt doesn't appear anymore for the access.
I'm just wondering any way to avoid the first-time logon prompt on Chrome.
And we don't want any chrome browser setting or shortcut for white listing per user. Because we can't handle many users Chrome one by one.
Any help will be appreciated.
Thanks.
Check the details of the Integration Authentication in this Chromium documentation:
http://www.chromium.org/developers/design-documents/http-authentication
With Integrated Authentication, Chrome can authenticate the user to an
Intranet server or proxy without prompting the user for a username or
password. It does this by using cached credentials which are
established when the user initially logs in to the machine that the
Chrome browser is running on. Integrated Authentication is supported
for Negotiate and NTLM challenges only.
Basically, execute Chrome with these switches to specify the auth schemes:
Chrome.exe --auth-server-whitelist="MYIISSERVER.DOMAIN.COM" --auth-negotiate-delegatewhitelist="MYIISSERVER.DOMAIN.COM" --auth-schemes="digest,ntlm,negotiate"
I tried running the command line but it wasn't working. I had to configure the same settings via the Windows Registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AuthSchemes"="basic,digest,ntlm,negotiate"
"AuthServerWhitelist"="*domain"
"AuthNegotiateDelegateWhitelist"="domain,server.domain.com"
Then I Killed Chrome (cmd line: TaskKill /im chrome.exe) and restarted chrome and tried again and voila. Everything worked as expected.
I am brand new to SalesForce development, and want to explore the API and its capabilities. I have created a new Developer Edition account. I have not yet tried to access the API programmatically, but I am trying (unsuccessfully) to access it via both the Workbench ( https://workbench.developerforce.com/login.php ) and the Apigee Console ( https://apigee.com/console/salesforce ).
For some reason, in both cases I'm redirected to a URL with OAuth error code 1800 (e.g. https://na15.salesforce.com/setup/secur/RemoteAccessErrorPage.apexp?oauth_error_code=1800&display=popup in the Workbench case). At this URL, I am getting a screen with the text "Remote Access Authorization Error" - "There was a problem in setting up your remote access". What am I doing wrong?
Some additional details:
I can log into SalesForce just fine, the problem only occurs with API/OAuth access
I have not touched anything in my brand-new Developer Edition account, except for (1) populating it with some sample data (Leads, Accounts, Contacts), and (2) resetting the security token (through "My Personal Information" -> "Reset My Security Token")
On the WorkBenh login screen, it does not matter which API version I choose (tried 24, 25 and 26), and I am using "Production" for the Environment since my login doesn't seem to work at all for Pre-Release or Sandbox
(not a real answer, I expect to update it frequently as the situation develops)
Weird.
Yes, Developer Edition is a "Production" as far as connecting apps are concerned. You might have to file a Case with Salesforce Support (Help&Training link in the upper right corner).
Workbench does use API (and probably so does this Apigee thingie) but if you're using your username & pass I don't see how it might go to OAuth...
Can you download any other SF-related tooling (Data Loader, Force.com IDE, Real Force Explorer, Excel Connector, some iPad/Android app... hell, Chatter for Desktop even) and try the connectivity?
Sometimes API products don't display special field for the security token (which you can bypass by entering longer string in the password field: "passwordSecurityToken") but Workbench never asked for a token when I was accessing my Dev. Edition.
There was an issue with OAuth on NA15, but should be resolved now. I tested with Workbench with a brand new NA15 org and its working as expected.
I've run into this when I try and "short circuit" the auth url by decoding the startUrl param and going straight to it in a tab that's already logged in. For example
login to some org on na14.salesforce.com
click sfdx authorize an org in vs code with default url
get sent to a url like https://login.salesforce.com/?startURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fsource%3D<long_base64_encoded_string>
use a url decoder (i.e. https://meyerweb.com/eric/tools/dencoder/) to translate that to https://login.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
change the url to match the domain i'm logged in as, i.e. https://na14.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
go through the standard oauth grant
success
For the most part that works fine, but in some cases I get that wonderful oauth error 1800. In those cases I've been able to work around the issue by specifying the specific domain my instance is on when starting the oauth authorization. Using the above example for step 2 I would chose https://na14.salesforce.com for the the url (other oauth flows typically provide a similar custom url input, but ymmv). Voila, step 7 is successful.
Can't say for sure if that's exactly what will happen for others.