Loopback Error 401 (Unauthorized) while accessing APIs - angular7

I am facing an issue in loopback, 401 (Unauthorized). Initially all APIs are working perfectly.
Now I set ACL for some of the models. After that I got an error 401 (Unauthorized) while accessing APIs
Sample Code
Eg: One of my model.json file
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "DENY"
}
I got the accesstoken after login. I think the access token is not getting in in my API headers.

you can also define ACS level. you DENY for all unauthorized user but also set permission for authorized user like.
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "ALLOW"
}
]
principalId is define in my ROLE collection if you did't define any princepalId you can also use this.
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
}

Related

Keyclock is not returning the refresh_token

How do i get the refresh token ? I only get this response:
{
"state": "XXX",
"session_state": "XXX",
"id_token": "XXX",
"access_token": "XXX",
"token_type": "Bearer",
"expires_in": "86400"
}
https://URL/auth/realms/XXX/protocol/openid-connect/auth?client_id=XXX&redirect_uri=XXX&nonce=fe6c4327-ad30-4fd0-bd50-2e42d1537cd3&state=fe6c4327-ad30-4fd0-bd50-2e42d1537cd3&response_type=id_token+token&response_mode=fragment&scope=openid&login_hint=XXX
Does someone know what we have to do ? I am getting the URL from the backend. How do i get the refresh token out of it? Thanks in advance
you are only asking for the openid scope, you need to also ask for the offline_access scope, to get the refresh token.

How to use Firebase authentication token to list user blogs using js

I'm trying to retrieve authenticated user blogs (granted scope):
var token = await firebase.auth().currentUser.getIdToken();
fetch('https://www.googleapis.com/blogger/v3/users/self/blogs', {
"headers": {
"Authorization": "Bearer " + token
},
"method" : "GET",
"muteHttpExceptions": true
}).then( r => console.log(r) );
but i get error:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
Could you tell me please what I'm missing to achieve this without using back end ?
A Firebase Authentication ID token is a JWT. Blogger expects an OAuth 2 token, which the Firebase Authentication token isn't.
While it is possible within Firebase to create an ID Token based on an OAuth token, the reverse isn't possible. You will have to sign in the user with an OAuth 2 provider instead, and pass that token to blogger.

When getting a team using v1.0 API, beta resources are also being returned

I send a GET for a team at least one resource the resources is in beta. The resource teamDiscoverySettings shouldn't be returned when the request is made to v1.0 API
I sent a GET https://graph.microsoft.com/v1.0/teams/{{teamID}} and the server responds with:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#teams/$entity",
"id": "...",
"displayName": "...",
"description": "...",
"internalId": "...",
"webUrl": "...",
"isArchived": false,
"discoverySettings": {
"showInTeamsSearchAndSuggestions": false
},
"memberSettings": {
"allowCreateUpdateChannels": true,
"allowDeleteChannels": true,
"allowAddRemoveApps": true,
Shouldn't the beta resources only be returned withing the beta version of the APIs?

Microsoft Graph API keeps returning 401 Unauthorized

Please do not report as duplicate because all other topics have not solved my issue, thanks.
I'm using Microsoft Graph API to list and create calendar events, however, I can't seem to make the findMeetingTimes endpoint work.
This is my authorization URL:
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize
?client_id=xxxxx
&response_type=code
&redirect_uri=xxxxx
&response_mode=form_post
&scope=openid profile User.ReadWrite User.ReadBasic.All Sites.ReadWrite.All Contacts.ReadWrite People.Read Notes.ReadWrite.All Tasks.ReadWrite Mail.ReadWrite Files.ReadWrite.All Calendars.ReadWrite
&state=12345
Then I request an access token using the same scopes:
$request = json_decode($guzzle->post('https://login.microsoftonline.com/common/oauth2/v2.0/token', [
'headers' => ['Content-Type' => 'application/x-www-form-urlencoded'],
'form_params' => [
'client_id' => 'xxxxx',
'scope' => 'openid profile User.ReadWrite User.ReadBasic.All Sites.ReadWrite.All Contacts.ReadWrite People.Read Notes.ReadWrite.All Tasks.ReadWrite Mail.ReadWrite Files.ReadWrite.All Calendars.ReadWrite',
'code' => $auth_code,
'grant_type' => 'authorization_code',
'redirect_uri' => 'xxxxx',
'client_secret' => 'xxxxx'
],
])->getBody()->getContents());
After that I'm trying the findMeetingTimes endpoint using:
$request = json_decode($guzzle->post('https://graph.microsoft.com/v1.0/me/findMeetingTimes', [
'headers' => [
'Authorization' => 'Bearer ' . $accessToken,
'Content-Type' => 'application/json',
],
'body' => '{
"attendees": [
{
"type": "required",
"emailAddress": {
"name": "My Name",
"address": "myemail#hotmail.com"
}
}
],
"timeConstraint": {
"activityDomain":"work",
"timeslots": [
{
"start": {
"dateTime": "2019-04-02T09:00:00",
"timeZone": "Pacific Standard Time"
},
"end": {
"dateTime": "2019-04-03T17:00:00",
"timeZone": "Pacific Standard Time"
}
}
]
}
}',
])->getBody()->getContents());
However, it keeps returning:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
Does anyone know what I'm missing? Note that I'm not using a Microsoft work/school account, just my regular one. (Does it matter?)
Its not possible to call this endpoint with personal accounts, this is metioned very cleary in the documentation

Creating a new user from Twitter using auth0 get nil email

I am using auth0 for my rails application,I tried to sign in with social connection using auth0, this works fine with google and facebook but when I tried with twitter I am getting blank email for user and not able to sign in with the user having blank email.
Here is the response which I am getting
{
"name": "XXXX",
"picture": "XXXX",
"lang": "en",
"screen_name": "XXXX",
"clientID": "XXXXXX",
"user_id": "XXXXX",
"nickname": "XXXX",
"identities": [
{
"access_token": "XXXX",
"access_token_secret": "XXXX",
"provider": "twitter",
"user_id": XXXX,
"connection": "twitter",
"isSocial": true
}
],
"created_at": "2015-04-07T06:00:51.515Z"
}
How do I get user email for twitter using auth0
Not possible. Twitter API doesn't give email address of the user.
Is there a way to get an user's email ID after verifying his/her Twitter identity using OAuth?

Resources