I am getting a list of users in an organisation from the Jira ServiceDesk API, as documented on this page.
So far this is working as expected but today all off a sudden the code is broken. That is to say; the results im getting from the API have changed. As the docs state i SHOULD be getting values that include the field emailAddress. However since today i am getting the right users, but there is no longer an emailAddress field. The following is the result (structure) i'm recieving:
{
"size": 1,
"start": 0,
"limit": 50,
"isLastPage": true,
"_links": {
"self": "https://someprefix.atlassian.net/rest/servicedeskapi/organization/1/user?start=0&limit=50",
"base": "BaseURL",
"context": ""
},
"values": [
{
"accountId": "123456:SomeGUID",
"name": "SomeUserName",
"key": "someusername",
"displayName": "Some Username",
"active": true,
"timeZone": "Europe/Amsterdam",
"_links": {
"jiraRest": "LinkToTheThisUser",
"avatarUrls": {
"48x48": "LinkTo48X48Url",
"24x24": "LinkTo24X24Url",
"16x16": "LinkTo16X16Url",
"32x32": "LinkTo32X32Url"
},
"self": "LinkToThisResource"
}
}
]
}
I asked to check the setting User email visibility and it is currently set to logged in users only.
My question:
Why is this field suddenly missing from the API? Is there or are there settings i'm unaware off that influence this field being present or not?
Ok, it seems this is by design to keep in line with GDPR guidelines. Long story short; emailAddress will no longer be reliably part of the API's since a user now has to consent to it. If not all users emailAddresses are reliably part of the response this makes for a poor field of comparison in synchronization applications.
Which profile information will apps be able to access?
Any personal information users set as Anyone will be available for apps to use. For
example, apps will be able to access this information, store it, and
show it to other users.
Users' local times and locations will always be available to apps,
regardless of their visibility settings. This lets apps customize
their experiences.
Users' email addresses will be available to some apps that have been
approved by Atlassian. Note that if a user chooses to set their email
address to Anyone, then any installed apps will be able to use it.
When users install apps, the apps will request that they consent to
share their profile information with the apps. If they consent, the
apps will have access to all of their profile information. This is not
applicable to admins.
However. There will be a new API giving access to user emailAddresses regardless of user settings. Access to this API is restricted to approved applications. More about this can be found on this page.
In order to apply for access to this API the app must meet all current
requirements for being listed on Atlassian Marketplace (even if the
app is not listed on Atlassian Marketplace).
This means:
The app developer has provided a privacy policy
The app developer has provided a customer terms of use agreement
The app developer must signal whether or not the app collects and stores personal data.
If the app is storing personal data the app must report the accountIDs that have been collected and stored every 15 days.
Related
I'm working on a script for management of shared calendars using a service account. For security and compliance reasons, we cannot use application level permissions and the service account only has delegate permissions. This requires that users opting into the service share their calendars with the service account.
The goal is to be able to list all of the shared calendars for the service account using
GET https://graph.microsoft.com/v1.0/me/calendars
and manage each of those calendars (events being created, deleted, edited, etc.) using
POST https://graph.microsoft.com/v1.0/me/calendars/{shared-calendar-id}/events
or
PATCH or DELETE https://graph.microsoft.com/v1.0/me/calendars/{shared-calendar-id}/events/{event-id}
That all works fine once the calendar has been shared and accepted. The problem is accepting the share invitation.
Since the introduction of the "new" sharing system, the recipient of the share receives a sharing notification in their mailbox which they have to accept.
Being that this is a service account and dealing with several hundred users, manually checking and accepting all of the share invites will not be feasible and we need a programmatic way of doing this.
Is there an MS Graph endpoint to accept a calendar share invite?
Once a user sends a calendar share invite, parsing messages using
GET https://graph.microsoft.com/v1.0/me/messages
the calendar invite shows up as having these additional fields
"#odata.type": "#microsoft.graph.calendarSharingMessage",
"sharingMessageAction": {
"importance": "primary",
"actionType": "accept",
"action": "acceptAndViewCalendar"
},
"sharingMessageActions": [
{
"importance": "primary",
"actionType": "accept",
"action": "acceptAndViewCalendar"
}
]
Furthermore, the calendar becomes visible with the below endpoint
GET https://graph.microsoft.com/v1.0/users/{user-id}/calendars/
but is not listed on /me/calendars until the invite is accepted (and the shared copy is created).
There is an accept url in the body of the share invite email, but trying to use this url always results in a 500 error.
The documentation covers accepting a shared event where POST to the /tentativelyAccept endpoint of the event is used. Unfortunately I have been unable to find any similar documentation for calendar shares.
If anyone has a way to accept calendar share invites that do not involve manually clicking on the button in the email, please let me know :)
Thanks!
I've read every article and post on this subject, to no avail.
I have an MVC app in azure. I wanted to connect to Azure AD, and get the Groups for a user.
To do this, firstly I altered the Program.cs
// Azure AD
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"));
Also this:
builder.Services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
Once I did this, it asked me to authenticate when I ran it. I logged in, and it worked. On my MVC page I added #User.Claims.SingleOrDefault(_ => _.Type == "name")?.Value; and it works great.
Next, I wanted to see what groups the user is in.
I followed every guide I could find, but nothing seemed to work. In the user's claims, there is no 'groups' entry or anything suggesting overage (I assume it would appear in claims?).
Now I don't know if I am missing some configuration from my appsettings file? I say this because my appsettings ONLY has this:
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "a guid",
"TenantId": "another guid"
},
It's unclear. After adding the above, I went into Azure and I did various tasks:
My web app : Token configuration > Add groups claim
My web app : API permissions > GroupMember.Read.All (Granted)
My web app : Manifest > change to "groupMembershipClaims": "All"
I also did the same thing in Enterprise applications > MyApp | Single sign-on, I don't know what that is but it was in one of the many posts I read.
What could I possibly be missing that is preventing the groups from appearing?
Here's the answer, I hope this saves future people some insane levels of pain.
For whatever reason, your claims are cached. I've been working on trying to fix this for like, 2 days. So it caches for a long time.
Since the application is single-sign on, and resists most attempts to force it to sign out, this is the issue. Once I signed it out, it updated my claims.
So if you're having issues, REMEMBER TO SIGN OUT AND BACK IN!
Here's how:
Azure > Go to Azure Active Directory > App Registrations
Click your application, click Authentication
In the Front-channel logout URL, enter the value: https://localhost:[YOURPORTHERE]/signout-oidc assuming it's dev and you're using a port number.
Hit SAVE.
Now launch your website, and then browse to that URL. It will sign you out. Next time you hit it it will prompt you to log in again, and then all of your information will be updated.
I've created a medium application for API access a while ago, and I've been using it to connect medium accounts to my website and let them publish stories from my website. But it stopped working recently, and I can't access my app anywhere. I should mention that my medium account isn't premium, so I've been thinking that's the problem. The thing is I can't find any info anywhere about medium preventing free users from creating apps. This is where I've managed my apps in the past: Link, but now I get 403. Does anyone have any info about this?
edit: What I forgot to say is, when I try to connect my account, I receive the access/refresh token, but then when I try the "https://api.medium.com/v1/me" endpoint I get
{
"errors": [
{
"message": "Application not found",
"code": 6005
}
]
}
we have an application that utilizes auto renewable subscriptions in android.
The users are going subscribing through the app normally and the receipt is sent for our backend to be validated using the IAP Google API.
until this point everything is fine, but we recently discovred a loophole in our system, some users are subscribe and cancel their subscriptions and re-enable the auto subscription, this way google will issues a new receipt that is sent to our backend and we are giving them another year, this is easily solved by granting the only the duration given in the receipt
but then users started using the same google account with different accounts for our apps and they give everyone free subscriptions by the generated receipt
I read the API in here and I can't find any field that tells us that this receipt is only a re-activation not a new subscription
https://developers.google.com/android-publisher/api-ref/purchases/subscriptions
when we send a request for google api to get the info this is what we are getting:
status_from_google_play
{
"autoRenewing": true,
"cancelReason": null,
"countryCode": "SA",
"developerPayload": "",
"expiryTimeMillis": "1534073485784",
"kind": "androidpublisher#subscriptionPurchase",
"linkedPurchaseToken": "sometoken",
"orderId": "GPA.xxxx-xxxx-xxxx-xxxxx",
"paymentState": 1,
"priceAmountMicros": "290000",
"priceCurrencyCode": "SAR",
"purchaseType": 0,
"startTimeMillis": "1534071687580",
"userCancellationTimeMillis": null
}
There is no field that gives me this piece of information
am I missing something? is there another way to validate this?
Turns out the linkedPurchaseToken field can be used for this purpose
if the linked token is not empty it means it's a re-activation only or an upgrade/downgrade for the subscription.
It's not a direct usage as you can see but it's how you know.
I'm using firebase.auth() for my Website. I activated the firebase.auth.Auth.Persistence.LOCAL option to stay logged in (which shouldn't be necessary, since its the default in web, according to https://firebase.google.com/docs/auth/web/auth-state-persistence, but it doesn't matter, if the option is explicitly set or not).
The expected behaviour is, that the user stays logged in, until he actively signs out, no matter if the browser was closed. etc...
In my case, the user is logged out after an hour or so (didn't tracked it exactly). This happens on safari, or if I add it to the homescreen as webapp. I this the intended behaviour, or am I doing something wrong?
Update: Problem solved
I totally missed a 403 answer in the console after a few couple of minute:
{
"error": {
"code": 403,
"message": "Token Service API has not been used in project xxxxxx before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/securetoken.googleapis.com/overview?project=xxxxxx then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/securetoken.googleapis.com/overview?project=xxxxx"
}
]
}
]
}
}
I went to the url, activated the token api and voila: persistent Logins :)
Afterwards I looked up the official docs, seeing if I missed this step somewhere, but I can't find any hints on that api activation.