I have a browser based twilio phone app that works well, but for better security we are integrating access tokens now. But we can't find ANY documentation on grants anywhere. We are constructing everything ourselves in our backend, so we are specifically looking for the variables we need to put in our JSON for that, for receiving calls and sending calls.
I have asked Twilio, but it's sunday. When they return a response, if that comes first, and if it works, I'll put it here to help others who might be looking for this as we are.
ie. here is the JSON payload:
{"sub":"AC*****","nbf":1578251940,"iss":"SK*****","exp":1578338340,"iat":1578252060,"grants":{"identity":"ID_whatever","voice":{"service_sid":"AP*****"}},"jti":"SK*****"}
Any help is appreciated.
Twilio have responded with a working payload template, here it is in case anyone else needs it.
{
// API key SID concatenated with current timestamp
"jti": "SK...-1578329486",
// API key SID
"iss": "SK...",
// account SID
"sub": "AC...",
// expiration timesetamp
"exp": 1578333086,
"grants": {
// Client name
"identity": "alice",
"voice": {
"incoming": {
// if incoming connections are allowed
"allow": true
},
"outgoing": {
// if outgoing connections are allowed, the application SID
"application_sid": "AP..."
}
}
}
Related
I'm trying to get the live chat of the live stream:
https://www.youtube.com/watch?v=xHtuITYCqcM.
So for that, I made the URL:
https://youtube.googleapis.com/youtube/v3/liveChat/messages?liveChatId=xHtuITYCqcM&key=...,
and it returns the following:
{
"error": {
"code": 400,
"message": "page token is not valid.",
"errors": [
{
"message": "page token is not valid.",
"domain": "youtube.liveChat",
"reason": "pageTokenInvalid"
}
]
}
}
If anyone knows why is this happening, please help me.
I'm new to this platform, so if I missed anything, please tell me.
According to the official specification of the LiveChatMessages.list API endpoint, its request parameter liveChatId is defined as follows:
liveChatId (string)
The liveChatId parameter specifies the ID of the chat whose messages will be returned. The live chat ID associated with a broadcast is returned in the liveBroadcast resource's snippet.liveChatId property.
Consequently, passing to this endpoint the respective stream's video ID -- xHtuITYCqcM -- is incorrect.
You'll have to invoke, as specified above, the LiveBroadcasts.list API endpoint, passing to it the request parameter id set to your stream's video ID -- that is xHtuITYCqcM -- by means of an URL like this one:
https://www.googleapis.com/youtube/v3/liveBroadcasts?id=xHtuITYCqcM&part=snippet&fields=items.snippet.liveChatId&access_token=$ACCESS_TOKEN
where $ACCESS_TOKEN is the access token obtained upon running to successful completion an OAuth 2.0 authentication/authorization flow.
Note that the OAuth flow is actually required (an API key does not suffice), because:
Authorization
This request requires authorization with at least one of the following scopes (read more about authentication and authorization).
Scope
https://www.googleapis.com/auth/youtube.readonly
https://www.googleapis.com/auth/youtube
https://www.googleapis.com/auth/youtube.force-ssl
Also note that above I used the fields request parameter for to get from the API only the info that's of actual use (a good practice).
I'm trying to connect to google home using OAuth2.0 mechanism. However, hitting with an issue where I'm not able to retrieve success message.
The failing request is - https://oauthintegrations.googleapis.com/v1/token:getForService
with the response payload as redirectState. I know about redirect but what is redirectState? I tried to search a bit over this one, but failed.
Any help would be appreciated.
Note:I have followed all the necessary steps mentioned in doc, I can receive authorisation code, but not able to make token request to desired endpoint.
The docs are https://developers.google.com/actions/identity/oauth2-code-flow and https://developers.google.com/actions/identity/account-linking.
In configuration settings we have Linking type as Oauth -> Authorization Code.
In dialog flow in Integration -> Integration Settings we have checked in for 'Sign in required' for Default Welcome Intent and have the firebase function as
app.intent('Default Welcome Intent', (conv) => {
conv.ask(new SignIn());
});
according to https://developers.google.com/actions/identity/account-linking document and I am currently using API version V2.
After the auth code is received as mentioned it does not call token url, we receive this screen :
Bad response from IdP in Auth Code Exchange & what is redirect_state
The https://gala-demo.appspot.com/app#redirect_state=XXX&state=yyy&service=abc when inspected fails at https://oauthintegrations.googleapis.com/v1/token:getForService as mentioned by #rajesh with status code 400, but when this request is made through postman it return the response. Here is the body and response for the request.
Body :
{
"credential" : {
"redirectState": "XXX"
},
"scopes": [],
"gdiState": "APP_AUTH",
"serviceId": "tapclicks-integration-adac2_dev"
}
RESPONSE :
{
"serviceInfo": {
"authUrl": "https://-domain-/authorization",
"name": "tapclicks dashboard",
"logoUrl": "https://placeholder.com/",
"clientId": "zdqexVMaVvxIMQ7Frjwa",
"tokenUrl": "https://-domian-/token_url",
"privacyPolicyUrl": "https://placeholder.com/",
"tosUrl": "https://placeholder.com/",
"id": "tapclicks-integration-adac2_dev"
},
"completionInfo": {
"appauthInfo": {
"appauthRedirectUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy",
"appauthRedirectState": "abcxxx"
},
"oauthAuthorizationUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy"
},
"gdiState": "APP_AUTH",
"header": {}
}
Can you please tell if i might be making any configuration mistake or any other info you need.
Authorization Url : https://kprb95tye7.execute-api.us-east-1.amazonaws.com/authorization/
Token Url : https://9343j46f16.execute-api.us-east-1.amazonaws.com/token_url/
Thanks
I have opened a ticket about this on Braintree iOS's GITHub. Just hoping to get some help fast. Here goes the issue:
As the title says, my payment (in iOS) always fails. While apparently, the payment in my colleague's work (Android) succeeds.
I followed thoroughly the sample codes and guidelines from here: https://developers.braintreepayments.com/guides/paypal/client-side/ios/v4
In iOS, after all the process (Client Token from our Server --> BT SDK --> PayPal browser --> App --> send nonce to our server), the error I get from our server is always:
PayPal pending payments are not supported.
My backend guy does not know the reason behind this too, he only showed and gave me this log:
{
"errors": {},
"params": {
"transaction": {
"type": "sale",
"amount": "1",
"merchantAccountId": "USD",
"paymentMethodNonce": "80823f63-5ea9-0b8b-67da-0710bd7d9ff1",
"orderId": "333",
"descriptor": {
"name": "company name*myurl.com"
},
"options": {
"submitForSettlement": "true",
"paypal": {
"customField": "custom",
"description": "description"
}
}
}
},
"message": "Unknown or expired payment_method_nonce.",
"creditCardVerification": null,
"transaction": null,
"subscription": null,
"merchantAccount": null,
"verification": null
}
And here's what I do in setting up my SDK:
private func processPayPalClientToken(_ clientToken: String) {
SVProgressHUD.show(withStatus: "Please wait...")
self.braintreeClient = BTAPIClient(authorization: clientToken)
let payPalDriver = BTPayPalDriver(apiClient: self.braintreeClient)
payPalDriver.viewControllerPresentingDelegate = self
payPalDriver.appSwitchDelegate = self
let request = BTPayPalRequest(amount: self.bookingViewModel.getTotalAmount())
payPalDriver.requestOneTimePayment(request) { (nonce, error) in
SVProgressHUD.dismiss(completion: {
if let error = error {
self.showAlert(title: "title...", message: "Error: \(error.localizedDescription).", okayButtonTitle: "OK") { _ in }
return
}
guard let nonce = nonce else { return }
self.processNonceToServer(nonce)
})
}
}
So... any idea what's the reason behind this? Thanks!
EDIT: Additional info that I found a while ago. The SFSafari browser dismisses itself too soon that's why the nonce I get is always invalid. Why is that?
Full disclosure: I work at Braintree. If you have any further questions, feel free to contact
support.
Based on the payment method nonce that you posted in your question, I was able to take a look into our server-side logs to see what the issue is.
Without giving away any specific API Credentials, it appears as if the server responsible for generating a client token in your setup is passing a different Sandbox merchant ID than the server responsible for creating the transaction with that payment method nonce, which is leading to an error.
Your server is responsible for generating a client token, which contains the authorization and configuration details that your client needs to initialize the client SDK. When a payment method nonce is created, it is tied to the merchant ID that is specified in the client token authorization. The merchant ID passed during the Transaction Sale call or other API Calls must match the merchant ID that is tied to that specific payment method nonce, so you will need to fix this discrepancy in your backend code.
For the benefits of the others who are experiencing the same issue, check out my closed ticket I filed on Braintree's Github (link above or this: https://github.com/braintree/braintree_ios/issues/405)
Here's my colleague and I have discovered:
We can pay successfully using this CREDIT UNION payment method.
BUT we can't pay using PAYPAL BALANCE.
The errors like below happens in PayPal Balance option.
PayPal pending payments are not supported
So the answer in this issue would be: make sure that everything in your client is working and you're using correct and same accounts for the clientToken and the PayPal account you're using to pay.
I'm using Okta for identity management. As the client in authorization flow, I send an authorize request to Okta. This works successfully, and I get a JWT payload. I want to verify the JWT signature, so I make another call to Okta in order to fetch the keys. However, the key ids (kids) do not match and verification fails.
Initial authorize request:
https://{{site}}.okta.com/oauth2/v1/authorize
?scope=openid
&response_type=id_token
&client_id={{client_id}}
&redirect_uri={{redirect_url}}
&nonce=4euiv0v52at3la15e7qlu1mt43
&state=7c92bqulrmdk2jk0ro9rd3mf5j
Response is a 403, redirecting me to:
{{redirect_url}}/id_token={{id_token}}
The header of the id_token is decoded into:
{
"alg": "RS256",
"kid": "2YKtkekCjCRWN0YqGsjUrNwIQaxGg5ahfHW0_fK8t64"
}
So far so good. I know that the authorization has succeeded. Time to validate the JWT.
However, when this is followed up with:
https://{{site}}.okta.com/oauth2/v1/keys
Or
https://{{site}}.okta.com/oauth2/v1/keys?clientId={{client_id}}
(they both return the same response), I get back this:
{
"keys": [
{
"alg": "RS256",
"e": "AQAB",
"n": "gv1rI9A7mrOoViJZTzUfiZl7YdEzLEofvRoVbXCgeW7aOmoKcAkWGHvqNRGoFgi8auV5b_TSgTXKq_TV1fz643hpAtba3V0Uw2lXchTbqXpmVRYXI1t4FIwRMXLe4Q-kcvp9la21e3D1lszjdPbFNX5GLAhrCW0Thu2HYbTLg6TbDTMaiQCMo15hek0JgZqRGzCkt9kINnwPVLXV_bkSh_fHWo_6G1L0MKYYQcgE6zvPlULLek98-yZ6Nlg6nJUY9nHn0qjhzqqq-bz_Vin8qi3Bt7SjUKwk7HbaugM84AEgDxYE5JgsaALIl5SgIc3GgFEc69qKWymoD-w1a8f1HQ",
"kid": "SOxFkBSLWefjlZoDI49Hk0nqlYtC28cjhTlVAYEzAxs",
"kty": "RSA",
"use": "sig"
}
]
}
Where the kid does not match what I received in the original response.
Where is my mistake?
You need to create an authorization server and use it as the endpoint, for example:
https://{{site}}.okta.com/oauth2/{authorizationServerId}/v1/authorize
You should also be able to use the default one:
https://{{site}}.okta.com/oauth2/default/v1/authorize
Note that this is different than the route you were using (which does not specify an authorization server):
https://{{site}}.okta.com/oauth2/v1/authorize
You should specify an authorization server in your case (like example 1 and 2 above), for both OAuth 2.0 and OpenID Connect.
The problem was that this account was setup with pinned, not rotating keys. oauth2/v1/keys requires the client id to be passed in as a parameter if you are setup with pinned keys; the correct parameter name is "client_id", not "clientId." This results in the expected output.
I am trying to sent a DM firmware update command from a NodeRed Flow.
Function node:
msg.payload = {"MgmtInitiationRequest": {
"action":"firmware/update",
"devices": [{
"typeId": "myType",
"deviceId": "myDevice"
}]
}}
msg.headers={"Content-Type":"application/json"}
return msg;
I send it to a http request node with a POST to
https://orgid.internetofthings.ibmcloud.com/api/v0002/mgmt/requests
Basic Authentication with api keys. I based it of Initiate a device management request
I get back a 403 which the docs have as:
One or more of the devices does not support the requested action
Anyone see what I'm missing? It works fine from the IoT Platform UI to the same devicetype/deviceid.
EDIT: Same 403 if I use a Rest client like Postman.
The swagger API documentation is a little bit misleading in that the 'body' parameter is given a name.
But, like the other POST APIs, that name isn't actually included anywhere as part of the payload.
The payload should just look like this:
{
"action": "firmware/update",
"devices": [
{
"typeId": "string",
"deviceId": "string"
}
]
}
This page in the documentation provides more detail:
https://console.ng.bluemix.net/docs/services/IoT/devices/device_mgmt/requests.html#firmware-actions-update
Has your appliance published the set of supported commands it supports when it announced itself as a managed device?
A device connects to the Watson IoT Platform and uses the managed devices operation to become a managed device.
Which looks something like this
Topic: iotdevice-1/mgmt/manage
{
...
"supports": {
"deviceActions": true,
"firmwareActions": boolean
},
...
},
...
}
https://console.ng.bluemix.net/docs/services/IoT/devices/device_mgmt/index.html