I want to integrate authentication with local passport in hyperledger.
When I use google and GitHub passport it works.But when I tried to use it with local passport it does not work:
export COMPOSER_PROVIDERS='{
"local": {
"provider": "local",
"module": "passport-local",
"usernameField": "username",
"passwordField": "password",
"authPath": "/auth/local",
"callbackURL":"/auth/local/callback",
"successRedirect": "/",
"failureRedirect": "/",
"setAccessToken": false,
"callbackHTTPMethod": "post"
}
}'
Thanks.
Related
We are having a problem with a feature available in the beta version of Graph. We are using this endpoint to extract sensitivity labels from drive item:
POST https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/extractSensitivityLabels
According to the documentation, we need Files.Read.All, Files.ReadWrite.All, Sites.Read.All or Sites.ReadWrite.All permissions to access this endpoint:
https://learn.microsoft.com/en-us/graph/api/driveitem-extractsensitivitylabels?view=graph-rest-beta&tabs=http#permissions
Deserialized token we used for authentication:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/xxx/",
"iat": 1655160900,
"nbf": 1655160900,
"exp": 1655247600,
"aio": "xxx",
"app_displayname": "xxx",
"appid": "xxx",
"appidacr": "2",
"idp": "https://sts.windows.net/xxx/",
"idtyp": "app",
"oid": "xxx",
"rh": "xxx",
"roles": [
"Sites.Manage.All",
"Sites.ReadWrite.All",
"Files.ReadWrite.All"
],
"sub": "xxx",
"tenant_region_scope": "EU",
"tid": "xxx",
"uti": "xxx",
"ver": "1.0",
"wids": [
"xxx"
],
"xms_tcdt": "1509395911"
}
However, we receive a 403 response with the content:
{
"error": {
"code": "accessDenied",
"message": "Cannot call this API using the current App Id.",
"innerError": {
"date": "2022-06-14T08:00:52",
"request-id": "xxx",
"client-request-id": "xxx"
}
}
}
We have tested other graph beta endpoints and had no problems with them. What could be causing this problem?
Seems that currently this only work with Delegated permissions.
I did not find any trace in the docs if there are some pre-allowed appIds that would be allowed to call this API in Application context.
First of all you are calling a particular drive's item and this looks like you don't have access for that particular file drive/item , we can suggest you to please check if are able to access particular drive and items which you want to add extract sensitivity labels ,by calling Get API .
GET /drives/{drive-id}/items/{item-id}
Thanks
I configured Chronograph to use generic OAuth 2.0 (using cloud foundry UAA). Users authentication works fine but the problem is that the default influxdb connection is not taken into consideration. In fact this configuration works:
chronograf --log-level="debug" --resources-path="/usr/share/chronograf/resources" --influxdb-url="http://influxDB.log.database:8086" --influxdb-username="usename" --influxdb-password="pass"
here is the content of /usr/share/chronograf/resources folder:
influxdb.src:
{
"id": "9999",
"name": "MyInfluxDB",
"username": "user1,
"password": "password1",
"url": "http://influxDB.log.database:8086",
"type": "influx",
"insecureSkipVerify": true,
"default": true,
"telegraf": "telegraf.autogen",
"organization": "Default"
}
Both connections are automatically created when chronoraf starts :
MyInfluxDB
http://influxDB.log.database:8086
but When I run chronograf with the following options (To use OAuth 2.0 and create an influxdb connection) :
export TOKEN_SECRET="token_secret"; export JWKS_URL="https://uaa/token_keys"; export PUBLIC_URL="http://chronograf:8888"; chronograf --log-level="debug" --resources-path="/usr/share/chronograf/resources" --generic-name="generic" --generic-client-id="id" --generic-client-secret="secret" --generic-scopes="openid" --generic-auth-url="https://uaa/oauth/authorize" --generic-token-url="https://uaa/oauth/token" --generic-api-url="https://uaa/userinfo"
The OAuth 2.0 works fine but once redirected to the chronograf dashboard I cannot see the connections and even when I created a connection manually and I log in I cannot found any connection that is created automatically on startup as wanted.
the field organization needs an id. The id for the Default orginization uses a lower case d. If you change your src file to,
{
"id": "9999",
"name": "MyInfluxDB",
"username": "user1,
"password": "password1",
"url": "http://influxDB.log.database:8086",
"type": "influx",
"insecureSkipVerify": true,
"default": true,
"telegraf": "telegraf.autogen",
"organization": "default"
}
It should now work.
you can see where the id is defined in their source here https://github.com/influxdata/chronograf/blob/9d8a49ba0ef8131cdce22d73718859f55f434db2/bolt/organizations.go#L20
I am developing Azure DevOps extension which contain service endpoint to hold secret ID/KEY. My requirement is to have endpoint just consist of Connection name, ID ,and Key in it.I have gone trough list of provided endpoints in Microsoft but I couldn't find suitable option to satisfy my requirement.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=vsts#sep-ssh
closest solution I found is as below . But it contains input box for server URL(Which I need to omit (in this example though I don't define server URL it displays in popup dialog)). Please refer below image.
Is it possible to remove Server URL from above dialog box Or it there better endpoint type I can use for this requirement? please be kind enough to share some light with me.
You'll need to create a custom service type, that will allow you to show/hide the individual text boxes. You can find an example in the Azure DevOps Extension Tasks which I maintain.
You define custom service endpoint types in the vss-extension.json along with your other extension points:
{
"id": "vsts-marketplace-endpoint-type",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "VstsMarketplacePublishing",
"displayName": "Visual Studio Marketplace",
"url": {
"displayName": "Marketplace URL",
"value": "https://marketplace.visualstudio.com",
"isVisible": "false"
},
"helpMarkDown": "Required permissions: <ul><li><b>Publish</b>: All accessible organisations, Marketplace (Publish)</li><li><b>Share</b>: All accessible organisations, Marketplace Publish</li><li><b>Install</b>: All accessible organisations or a specific organisation, Extensions (read and manage), Marketplace (acquire)</li><li><b>Query Version</b>: All accessible organisations, Marketplace (read)</li><li><b>Is Valid Extension</b>: All accessible organisations, Marketplace (read)</li></ul><br/><a href='https://www.visualstudio.com/docs/setup-admin/team-services/use-personal-access-tokens-to-authenticate'>More information</a>.",
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-basic",
"inputDescriptors": [
{
"id": "username",
"name": "Username",
"description": "Username",
"inputMode": "textbox",
"isConfidential": false,
"validation": {
"isRequired": false,
"dataType": "string",
"maxLength": 300
},
"values": {
"inputId": "username",
"isDisabled": true,
"defaultValue": ""
}
},
{
"id": "password",
"name": "Personal access token",
"description": "Azure DevOps personal access token.",
"inputMode": "passwordbox",
"isConfidential": true,
"validation": {
"isRequired": true,
"dataType": "string",
"maxLength": 300
}
}
]
}
]
}
},
You may find other extensions that set or configure the authentication dialog on GitHub, there are quite a few. Useful docs are here in an old blog post.
i am using Swagger-ui version 3.0.2, i have hosted it locally and provided it my Json file and API it opens the document fine and lists all the method in the json file, after i put basic authentication in it, i did changes in the .JSON file changes are
"securityDefinitions": {
"basic": {
"type": "basic",
"description": "Basic Authentication"
},
"token": {
"type": "apiKey",
"description": "API Token Authentication",
"name": "apiKey",
"in": "header"
}
},
when i authencate a user with username and password or with toen it shows like it is authentacated but did not attach authentication key with the CURL
here is the attachment where header is missing from the call.
for reference swagger-ui2.2.8 version screenshot.
Can anyone guide how to attach authorization in header in swagger-ui 3.0.2 version.
I have set up a application named "UserCenter" here is the .yo-rc.json
{
"generator-jhipster": {
"jhipsterVersion": "3.12.0",
"baseName": "UserCenter",
"packageName": "com.company.test.user",
"packageFolder": "com/company/test/user",
"serverPort": "19090",
"authenticationType": "oauth2",
"hibernateCache": "hazelcast",
"clusteredHttpSession": false,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "mysql",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"buildTool": "maven",
"enableSocialSignIn": false,
"useSass": true,
"applicationType": "monolith",
"testFrameworks": [
"gatling"
],
"jhiPrefix": "jhi",
"enableTranslation": true,
"nativeLanguage": "zh-cn",
"languages": [
"zh-cn",
"en"
],
"serviceDiscoveryType": false
}
}
and another application named "MsgCenter" here is the .yo-rc.json
{
"generator-jhipster": {
"jhipsterVersion": "3.12.0",
"baseName": "MsgCenter",
"packageName": "com.company.test.msg",
"packageFolder": "com/company/test/msg",
"serverPort": "19002",
"authenticationType": "session-based",
"hibernateCache": "hazelcast",
"clusteredHttpSession": false,
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "mysql",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"buildTool": "maven",
"enableSocialSignIn": true,
"useSass": true,
"applicationType": "monolith",
"testFrameworks": [
"gatling"
],
"jhiPrefix": "jhi",
"enableTranslation": true,
"nativeLanguage": "zh-cn",
"languages": [
"zh-cn",
"en"
],
"serviceDiscoveryType": false,
"skipUserManagement": true
}
}
I want to make MsgCenter to login via UserCenter Oauth2. How can I go?
Add information:
I had found this page How to perform actions on successful login via OAuth2 in jhipster
I'am not sure for this.
with your current setup, your second application, named "MsgCenter", is initially configured to have a own user management. For the moment, there is no automatically generated counter part for an oauth2 authserver for monoliths (the default option of JHipster).
How ever you can turn your MsgCenter into a oauth2 resource server by doing the following steps:
First, you change your WebSecurityConfiguration into a ResourceServerConfiguration (use #EnableResourceServer). There are samples how to do this if you generate a JHipster microservice with UAA scenario. But instead of JWT, you do the "normal" way via user info URI, and configure it like this
security:
oauth2:
client:
clientId: jhipsterOauth2SampleApplicationapp
clientSecret: my-secret-token-to-change-in-production # if still default
accessTokenUri: http://UserCenterUrl/oauth/access_token
userAuthorizationUri: http://UserCenterUrl/dialog/oauth
resource:
userInfoUri: http://UserCenterUrl/account
Refer to https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v and the links following from that
In your second step, you then should remove the user management from MsgCenter, as it is no longer needed anymore.
This approach is using the authorization flow, where the resource server is retrieving the users details by a user info uri.
The other approach is to use JWT tokens. JHipster provide a full oauth2 setup with authorization and resource servers connected to each other in the microservice UAA setup, which might help you as sample code to look for correct implementation.