I am using pyoidc as RP (relying party) to google OP. I have obtained client-id and client-secret out of band. Also the authorization request happens out of pyoidc and obtained the "QUERY_STRING" which contains authorization code grant along with few parameters.
Then i have instantiated "pyoidc client" object and filled with the above information. Now when i am invoking "client.do_access_token_request" to obtain ID Token and access token, i see from debugs, I have got the ID Token and AccessTokenResponse.
While validating the ID Token, my python client application is crashing with segmentation fault.
DEBUGS:
from https://www.googleapis.com/oauth2/v3/certs
DEBUG:oic.oauth2.message:Found signing key.
DEBUG:jwkest.jws:Picking key by key type=RSA
DEBUG:jwkest.jws:Picking key based on alg=RS256, kid=b6f8d55da534ea91cb2cb00e1af4e8e0cdeca93d and use=
DEBUG:jwkest.jws:Picked: kid:b6f8d55da534ea91cb2cb00e1af4e8e0cdeca93d, use:sig, kty:RSA
Segmentation fault
stacktrace:
Program received signal SIGSEGV, Segmentation fault.
sha_compress (hs=0x81cd698) at src/hash_SHA2_template.c:183
183 src/hash_SHA2_template.c: No such file or directory.
in src/hash_SHA2_template.c
(gdb) bt
#0 sha_compress (hs=0x81cd698) at src/hash_SHA2_template.c:183
#1 0x00a1e77a in SHA256_update (hs=0x81cd698, buf=<value optimized out>, len=574) at
src/hash_SHA2_template.c:366
#2 SHA256_update (hs=0x81cd698, buf=<value optimized out>, len=574) at
src/hash_SHA2_template.c:347
#3 0x009d744f in ffi_call_SYSV () at src/x86/sysv.S:61
#4 0x009d7280 in ffi_call (cif=0xf7b4df38, fn=0xa1e6f0 <SHA256_update>, rvalue=0xf76b4cf0,
avalue=0xf76b4ce0) at src/x86/ffi.c:213
#5 0x009c3dca in cdata_call (cd=0xf76400b0, args=0xf76427fc, kwds=0x0) at
c/_cffi_backend.c:3025
#6 0x0019fa34 in _PyObject_FastCallDict () from /usr/lib/libpython3.6m.so.1.0
Related
Dear appwrite community,
I implemented a simple sms verification for my flutter app. When I want to send a verification sms via text-magic, the appwrite messaging worker log the following error.
[notice] Starting work on (Job{v1-messaging} | ID: e8dbb2e55c8e618a1e31179d42f9a22f | MessagingV1 | [{"project":null,"user":null,"payload":[],"recipient":"+123456789","message":"123456","events":["."]}])
[critical] (Job{v1-messaging} | ID: e8dbb2e55c8e618a1e31179d42f9a22f | MessagingV1 | [{"project":null,"user":null,"payload":[],"recipient":"+123456789","message":"123456","events":["."]}]) has failed TypeError: strlen(): Argument #1 ($str) must be of type string, array given in /usr/src/code/vendor/utopia-php/messaging/src/Utopia/Messaging/Adapter.php:59
Stack trace:
#0 /usr/src/code/vendor/utopia-php/messaging/src/Utopia/Messaging/Adapters/SMS/TextMagic.php(54): Utopia\Messaging\Adapter->request('POST', 'https://rest.te...', Array, Array)
#1 /usr/src/code/vendor/utopia-php/messaging/src/Utopia/Messaging/Adapters/SMS.php(33): Utopia\Messaging\Adapters\SMS\TextMagic->process(Object(Utopia\Messaging\Messages\SMS))
#2 /usr/src/code/app/workers/messaging.php(69): Utopia\Messaging\Adapters\SMS->send(Object(Utopia\Messaging\Messages\SMS))
#3 /usr/src/code/src/Appwrite/Resque/Worker.php(121): MessagingV1->run()
#4 /usr/src/code/vendor/resque/php-resque/lib/Resque/Job.php(201): Appwrite\Resque\Worker->perform()
#5 /usr/src/code/vendor/resque/php-resque/lib/Resque/Worker.php(303): Resque_Job->perform()
#6 /usr/src/code/vendor/resque/php-resque/lib/Resque/Worker.php(242): Resque_Worker->perform(Object(Resque_Job))
#7 /usr/src/code/vendor/resque/php-resque/bin/resque(185): Resque_Worker->work('1', false)
#8 {main}
There is no sms send, but the user is created in my appwrite console.
I've setup the phoneSession like this.
startPhoneSession(String phone) async {
try {
_user ??= User();
if (account == null) {
_init();
}
var token =
await account!.createPhoneSession(userId: ID.unique(), phone: phone);
_user!.id = token.userId;
_storeUserId();
} catch (error) {
//Do something with the error...
print(error);
}
}
My .env variables are set like the docs say with the username and apikey from text-magic.
It feels like a issue with appwrite right? If you need anymore information feel free to ask :)
Cheers!
This does look like it might be a bug. The best place to report bugs would be Appwrite's GitHub repo. I would suggest creating an issue there.
I am using Mgt-people-picker and there is a very intermittent issue.
There is a need to pre-populate users by passing the email address some can be users from same azure tenant and some can be any external email addresses.
When passing array of email address to the people picker the below error comes up
at JSON.parse (<anonymous>)
at graph.user.ts:198:19
at u (runtime.js:63:40)
at Generator._invoke (runtime.js:294:22)
at Generator.next (runtime.js:119:21)
at i (16.5f455671.chunk.js:2:615193)```
I'm trying to have a user log in to my bot (Microsoft bot framework) and make Kusto queries. I have been successful in getting a Graph JWT but I can't figure out how to then request Kusto access as well.
AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-*********");
var clientAppID = "974c5166-f8b5-466e-9552-*********";
var secret = "[*SxczFa7qU*******************";
var tokenForKusto = await authContext.AcquireTokenAsync(
"https://aznw.kusto.windows.net",
new ClientCredential(clientAppID, secret),
new UserAssertion(userToken));
I expect the tokenForKusto to be a valid token but instead it throws an exception.
{"AADSTS500131: Assertion audience does not match the Client app presenting the assertion. The audience in the assertion was '00000002-0000-0000-c000-000000000000' and the expected audience is '974c5166-f8b5-466e-9552-********' or one of the Application Uris of this application with App ID '974c5166-f8b5-466e-9552-********'(testbotbuilderAAD).\r\nTrace ID: 38515779-b858-4efc-8b03-e9f8ec810c00\r\nCorrelation ID: a136600d-66e0-44fc-8f24-d1fda6b4ba56\r\nTimestamp: 2019-07-19 17:23:27Z"}
This is because you are trying to use the token issued for Graph, but your application is not Graph. This flow will only work if and only if the client app ID (from the ClientCredentials) matches the audience of the token you are attempting to use.
Why would you be retrieving tokens for Graph anyway?
If you want to issue Kusto queries, you should use the cluster URI as the resource (e.g., "https://cluster.region.kusto.windows.net")
I have the following code
if (file_exists($credentialsPath)) {
$accessToken = file_get_contents($credentialsPath);
$client->setAccessToken($accessToken);
if ($client->isAccessTokenExpired()) {
$client->fetchAccessTokenWithRefreshToken($client->getRefreshToken());
$newAccessToken = $client->getAccessToken();
$accessToken = array_merge($accessToken, $newAccessToken);
file_put_contents($credentialsPath, json_encode($accessToken));
}
}
But after an hour, if I try to use Youtube Data API, I am getting the following error,
Fatal error: Uncaught exception 'LogicException' with message 'refresh token must be passed in or set as part of setAccessToken' in /var/sentora/hostdata/zadmin/public_html/classes/library/youtube/vendor/google/apiclient/src/Google/Client.php:267 Stack trace: #0 /var/sentora/hostdata/zadmin/public_html/classes/library/youtube/youtube.php(26): Google_Client->fetchAccessTokenWithRefreshToken(NULL) #1 /var/sentora/hostdata/zadmin/public_html/channel/apiwrap.php(3): require_once('/var/sentora/ho...') #2 {main} thrown in /var/sentora/hostdata/zadmin/public_html/classes/library/youtube/vendor/google/apiclient/src/Google/Client.php on line 267
Please help.
You need to set these 2 things. The refresh token is not returned because we didn't force the approvalPrompt. The offline mode is not enough. We must force the approvalPrompt. Also, the redirect URI must be set before these two options. It worked for me.
$client = new Google_Client();
$client->setApplicationName('Project Name');
$client->setScopes('SCOPES');
$client->setAuthConfig('JSON_FILE_PATH');
$client->setRedirectUri($this->redirectUri);
$client->setAccessType('offline'); //this line is magic point
$client->setApprovalPrompt('force'); //this line is magic point
This is worked for me. i am able to get new token using refresh token.
I am getting an intermittent error when attempting to use the YouTube API to retrieve playlist and video information. I am using the PHP client. Here is the full error:
PHP Fatal error: Uncaught exception 'Google_IO_Exception' with message 'Couldn't resolve host 'www.googleapis.com'' in /Test/libs/google-api-php-client-master/src/Google/IO/Curl.php:115
Stack trace:
#0 /Test/libs/google-api-php-client-master/src/Google/IO/Abstract.php(136): Google_IO_Curl->executeRequest(Object(Google_Http_Request))
#1 /Test/libs/google-api-php-client-master/src/Google/Http/REST.php(60): Google_IO_Abstract->makeRequest(Object(Google_Http_Request))
#2 [internal function]: Google_Http_REST::doExecute(Object(Google_Client), Object(Google_Http_Request))
#3 /Test/libs/google-api-php-client-master/src/Google/Task/Runner.php(174): call_user_func_array(Array, Array)
#4 /Test/libs/google-api-php-client-master/src/Google/Http/REST.php(46): Google_Task_Runner->run()
#5 /Test/libs/google-api-php-client-master/src/Google/Client.php(590): Google_Http_REST::execute(Object(Google_Client), Object(Google_Http_Request))
#6 /Test/libs/google-api-php-client-master/src/Google/Service/Resource.php(228): Google_Client->execute(Objec in /Test/libs/google-api-php-client-master/src/Google/IO/Curl.php on line 115
Also, here is my code:
$client = new Google_Client();
$client->setDeveloperKey("*****************");
$service = new Google_Service_YouTube($client);
$results = $service->playlists->listPlaylists("snippet", array("channelId" => "UCkyQHj9ceKEVZR2qO0LUUdg", "maxResults" => 50));
$results = $service->playlistItems->listPlaylistItems("snippet", array("playlistId" => "PL2Kceei6lZdpFRvkRyQMStS0UknLE3mKV", "maxResults" => 50));
The error is not consistent. It does not happen all of the time. When it does, which is often, I have to refresh my browser a couple of times, and then it works.
Has anyone encountered this?