Trying to integrate third Party Authentication.I am getting error logs like below.
Internal Server Error: /auth/login/google-oauth2/
Traceback (most recent call last):......
File "/edx/app/edxapp/edx-platform/common/djangoapps/third_party_auth/strategy.py", line 34, in setting
raise Exception("Can't fetch setting of a disabled backend/provider.")
Exception: Can't fetch setting of a disabled backend/provider. referring docs: https://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/tpa_integrate_open/index.html tried solutions:https://groups.google.com/forum/#!topic/openedx-ops/M2FuwlCiQtANothing worked for me.
Provider Configuration as follows
Go to <LMS URI>/admin/third_party_auth/oauth2providerconfig/. For example, on devstack, go to http://localhost:8000/admin/third_party_auth/oauth2providerconfig/.
Select Add Provider Configuration (OAuth).
Make sure that Enabled is selected.
Make sure that Visible is selected.
For Icon Class, enter the appropriate value.
For Google, enter fa-google-plus.
For Facebook, enter fa-facebook.
For LinkedIn, enter fa-linkedin.
For Azure, leave the field blank.
For Name, enter the appropriate value.
For Google, enter Google.
For Facebook, enter Facebook.
For LinkedIn, enter LinkedIn.
For Azure, enter Microsoft.
For Backend Name, select the appropriate value.
For Google, select google-oauth2.
For Facebook, select facebook.
For LinkedIn, select linkedin-oauth2.
For Azure, select azuread-oauth2.
Add slug (change default)
Note
If the value does not appear in the list, either the ENABLE_THIRD_PARTY_AUTH setting or the THIRD_PARTY_AUTH_BACKENDS setting is not configured correctly.
For Client ID, enter the client ID that you noted earlier.
Leave Client Secret blank. Open edX sets the secret through lms.auth.json, which is more secure.
Its resolved for me by adding slug in Admin panel › Third-party authentication › Provider Configuration (OAuth) › Add Provider Configuration (OAuth).
previously slug set as default.
Related
For some reason I deleted so called brand entity at my gcloud console. Now I want to create new one using the command in the console:
gcloud alpha iap oauth-brands create --application_title='EmojiRave' --support_email='rebelusgames#gmail.com'
But the console returns me back : INVALID_ARGUMENT: Request contains an invalid argument.
I've used different formats (using brackets and without them)
I've checked whether I have enough permissions to do it (I use owner account, so it's enough permissions)
I'm desperate.
There are two potential reasons for the failure:
1. Incorrect email address. According to the docs: "This [support] email address can either be a user's address or a Google Groups alias. [...] Note: The user issuing the request must be an owner of the specified support email address."
2. Project is not in an organisation. According to this source (see under limitations): If you're [..] outside a Cloud Orginization most likely you'll get an error on step "Creating oauth brand".
Overall, my suggestion is to update the OAuth Consent Screen via GCP Console.
Go to the Google Cloud Platform Console.
From the projects list, select a project or create a new one.
If the APIs & services page isn't already open, click on the Navigation Menu on the upper left and select APIs & services.
On the left, click OAuth Consent Screen.
Click Edit App.
First, it's not possible to delete the OAuth Consent Screen (Brand) once created. This can be seen from #DaImTo's answer, and the lack of delete option in both gcloud command and in the console.
I also tested your command on my Cloud Shell and it works fine as well. I've checked the documentation with regards gcloud alpha iap oauth-brands and it is currently in ALPHA state. It may change without prior notice and it may not be stable or work to all users. If you still want to use the CLI and request to be allow-listed regarding this command, my suggestion is to contact sales, as instructed on the issue tracker you've made.
How do I test the Google OAuth 2.0 on my app with localhost, since Google requires a top private domain as the authorized domain?
I tried to look up solutions, but all the solutions given have been a while ago, and I think Google has changed their service since then.
localhost is not a valid top-level domain, and it won't let you generate credentials without setting up a consent screen. You can add more than one authorized domain if you'd like, but you can't leave it empty. But you CAN delete the field if you have no domains / would not like to add domains for now. you just can't LEAVE it empty.
Notice the description -- "When a domain is used". so it's not an obligation to add authorized domain for consent screen. Moreover, the authorized domain here is only related with consent screen. Authorized origins and Authorized redirect URLs needs to be specified in the credentials part, which is all that matters; specifying the origin from which requests will be accepted and where it will be redirected. So just omit the authorized domain in the consent screen.
So how to delete it? Just in case if you haven't noticed, just hover over the field and this little man will pop up. delete it. that's all. Now you should be able to save and continue, where it might ask you to setup scopes.
I know it's really late, hoping it might help others..
After about an hour banging my head against the wall I found this article that has a step by step solution that works (as of July 2020).
Basically you need to create a service account, share the sheet with that account, and then it should work.
All of the other auth methods I tried either raised nonsense errors, or simply silently didn't work.
The list of authorized domains is required before you submit a request for app verification. If you want to configure a localhost redirect URI, that is configurable in your web OAuth client ID configuration.
In case anyone has struck out on the suggestions above, this answer did the trick for me. Set my authorized JavaScript origins URI to http://localhost:8080 in the google API console then emptied my Chrome cache.
Just add an OAuth-consent-screen from here without a domain or valid domain that's up to you, after that create Credentials from here, then select OAuth client ID and enter your from here you can add javascript origin url and there you go you've done.
You add your final domain for when you are ready to become verified. Until then you will generate an OAuth client ID and enable https://localhost:3000 in "Authorized JavaScript origins"
Simple screenshot of the field you can enter localhost
Not beautiful, but works!
I've made local website(domain) on Xampp like test1.com, added that domain in Authorized domains and started Chrome from separate shortcut with parameter --ignore-certificate-errors
Note, that when you start with this flag, Chrome must not be running!
It cause Chrome to open web site in the xampp\htdocs folder and I was forced to go to folder test1.git and then to public folder, where finally site opened and the url was: https://test1.com/test1.git/public
ps. Use port 80 in httpd-vhosts.conf and not 443!
I have registered my application here.
I have given all permissions to my App in that panel as well.
I specifically need Groups.ReadWrite.All which requires an admin ? requirement I am not sure what this even means.
https://apps.dev.microsoft.com/#/application/
Okay App is registered and redirect url has been copied.
Now I take that redirect url copy it and paste it into the admin panel for apps. At this link at App Registrations
https://portal.azure.com/
I am not sure why I have to register in two different panels, one which gives me a redirect url for my native app and the other that leaves it blank.
Great So then I setup my iOS app to make a graph request. This scope
https://graph.microsoft.com/Calendars.ReadWrite
I need to readwrite groups so I add this permission
https://graph.microsoft.com/Group.ReadWrite.All
It fails to authenticate.
I have checked that I have added the permissions to my app, and I have at this app registration panel https://apps.dev.microsoft.com/#/application/
Then I try to add the same permissions in the
https://portal.azure.com/
it gives me
Unable to Complete Request Validation Error, then doesn't do anything.
I tried to add a non admin permission same error.
So what is going on here ... ?
So even though they told me use the Graph API from now on moving forward in the docs I tried to go back to their office 365 SDK for iOS, it also has problems as I cannot get the pods to work as per instructions.
I am 100% sure after this issue is resolved I will need permissions
Note: I work at as a consultant for a bank so if someone can tell me what the azure administrator at the bank has to do to get my permissions escalated to admin status that would be great....
Thanks
Those are 2 different registrations,
Per this documentation (https://graph.microsoft.io/en-us/docs/authorization/auth_overview), for personal accounts like live.com or outlook.com, use the Azure AD v2.0, and for the enterprise, use the Azure AD.
So, for your case, I believe you need the latter, the azure AD.
For this to happen, as you said, go https://portal.azure.com/ and add the app registration.
In order to do so, you would need to
select "Azure Active Directory" and go "App registrations".
Once you create an app, you would need to select "native" for the iOS, and then under app access, under "required permissions" add "Microsoft Graph" followed by selected permissions you would like.
To answer the note, you would need permissions to create an app at the portal, otherwise, you would need to ask for that permission or have the admin create an app for you.
Some samples are available at https://github.com/microsoftgraph/ios-objectivec-connect-sample and https://github.com/microsoftgraph/ios-swift-connect-sample for iOS samples.
Hope this helps!
I have followed some articles, but all are not clear as google oauth interface is changed.
Verified some articles, and understood something. With this understanding in mind, followed below steps:
Opned URL: console.developers.google.com
Created new project with name: My Super App
Clicked on Google+ API under Overview section, and Enabled the same.
Here is my doubt whether I am doing correct or not
Selected OAuth ClientID option under Credentials section.
Configured Consent screen With email address, and Product name.
Under Create Client ID section, provided below details:
Application type: Web Application
Name: My Super Client App
Authorized Javascript origins: http://localhost:44300/ - sometimes, I have used this option. Later on, now, I am not using this option. Please suggest me if it is mandatory.
Authorized redirect URIs: http://localhost:44300/signin-google
ClientID, ClientSecret have been generated. Used in My MVC app.
But, I am unable to use Google OAuth.
Please suggest me where I'm doing wrong.
Go to your Project properties and under the Web tab you'll see the Project URL. In place of the https://localhost:44300/ given in the article replace it with the one specified in Project URL or, if you've overridden that one, use the one specified in the Override application root URL.
In other words, you shall change the URL here:
Just a suggestion but perhaps you need to enable the api on your google developer console. I did a quick google and this covers it - http://www.c-sharpcorner.com/article/how-to-configure-google-sign-in-for-Asp-Net-mvc-5-part-sixt/
please follow Asp.net/mvc :MVC5 :Google OpenAuth from where the below steps are taken:
Creating a Google app for OAuth 2 and connecting the app to the project
Navigate to the Google Developers Console.
Click the Create Project
button and enter a project name and ID (you can use the default
values). In a few seconds the new project will be created and your
browser will display the new projects page.
In the left tab, click
APIs & auth, and then > Credentials.
Click the Create New Client ID
under OAuth. In the Create Client ID dialog, keep the default Web
application for the application type.
Set the Authorized JavaScript
origins to the SSL URL you used above (https://localhost:44300/
unless you've created other SSL projects) Set the Authorized
redirect URI to:
https://localhost:44300/signin-google
Click the Consent screen menu item, then set your email address and product name. When you
have completed the form click Save.
Click the APIs menu item, scroll
down and switch on Google+ API.
Copy and paste the AppId and App Secret into the UseGoogleAuthentication method. The AppId and App Secret values shown below are samples and will not work.
I need to use Twitter Oauth to login my windows phone app,
What i need exactly is
1)when the user click twitter log in button from my app, i need to show the twitter llog in page in a browser,
2)when he enters his credentials and accept the app, then i should get the user information like, name, gender, bday, what ever i can take.
That,s it, then i can close the browser and make my app active.
I just need to make the user to log in via twitter.
I referred lot of examples, that are all quit confusing and doing all the stuffs in twiiter.
I tried this example
and got this error
'TweetSharp.TwitterService' does not contain a definition fError 2 'TweetSharp.TwitterService' does not contain a definition for 'GetAccessToken' and no extension method 'GetAccessToken' accepting a first argument of type 'TweetSharp.TwitterService' could be found (are you missing a using directive or an assembly reference?)
and i tried enter link description here
failed on that too.
Can anybody help me to do the authentication via twitter for my app.
Thank you.
I tried this example and got success, I contacted the person who have posted that example and got help from him to solve the issues raised from this example.
Actually this Example works fine for twitter integration,
What you have to do is
1)Register your app in twitter, here the link for app registration,
log in and register your app.
2)Make sure you have given the Call Back URL(i forget to give that, and that makes me face lot of issues)
3)Note down the Consumer Key, Consumer Secret and Call back url(we need specify this 3 in our code)
4)Go to Settings, and set your app access to Read and Write
5)down load the above link and change the Consumer Key, Consumer Secret and Call back url as per your app, and then run the example, it will work fine.
Thank you.
If you just want to authenticate using Twitter and don't want to post anything, perhaps you can try Azure Mobile Service Authentication. You can find more information here: mobile services authentication