Umbraco headless Node.js client cannot authenticate headless client - umbraco

I have been trying to implement the Node.js client for Umbraco headless. I have done the following:
Set up Umbraco headless via my Umbraco cloud subscription
Implemented a simple app in Vue.js
Copied the example code from https://our.umbraco.com/documentation/Umbraco-Cloud/Headless/Headless-Node-Client/
when I run this code (via my localhost:8000) I get an authentication error
https://{MyUmbracoCloudUrl}/umbraco/rest/oauth/token 400 (Bad Request).
My config has the correct domain name for the cloud instance and the correct user name an password.
I get a 400 response from https://{MyDOMAIN}/umbraco/rest/oauth/token.
Does anyone have any ideas? I am not sure if this is a cors issue becuase I am trying to run this from my local host?
Cheers
L

Related

Getting oAuth Token using MSAL PublicClientApplication acquire_token_interactive method from Databricks is not working : InteractiveBrowserCredential

I am trying to get oAuth2.0 token to the protected resource using InteractiveBrowserCredential flow.
This is working from my local jupyter notebook however when i am trying to run it from Databricks notebook, it is unable to open browser (as Databricks cluster has no browser installed) and giving me below message
Found no browser in current environment. If this program is being run inside a container which has access to host network (i.e. started by `docker run --net=host -it ...`), you can use browser on host to visit the following link. Otherwise, this auth attempt would either timeout (current timeout setting is None) or be aborted by CTRL+C. Auth URI: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?client_id={client_id}&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A44093&scope={resource_id}%2Fuser_impersonation+offline_access+openid+profile&state=EvgdkFcNZTuJG&code_challenge=KR8zwfjhkuKYTGSlbaYAJNLVjXZHiE&code_challenge_method=S256&nonce=33a1a12813342535455f398GHATf9c2cf21a8&client_info=1
I am trying to find out if there a way i can make it work, (by somehow using public redirect_uri to the Databricks cluster and driver node or in similar way). I can alternatively use device_code flow (it is working) however i want to see if i can by-pass one extra step of entering device code and directly authenticate using browser.
Please find the sample code i am using now below
import msal
app = msal.PublicClientApplication(self.CLIENT_ID, authority=self.AUTHORITY,token_cache= msal.TokenCache())
result = app.acquire_token_interactive(scopes=self.SCOPE)

Identity Server 4 in Docker using OIDC and Selenium Testing

I am currently trying to run an integration test with Selenium on the following setup:
IdentityServer4 hosted in a net core 3.1 REST service - running in its own docker container (securityservice)
MVC Test Web User Interface running under net core 3.1 - running in its own docker container (testuserinterface)
The selenium test is running on my local pc under a net core 3.1 test project
Where I am getting the issue is when i attempt to access a secure page on the Web Application the redirect is attempted to the identity server to show the user login page, however the url that the redirect is setup with id that of the docker container (e.g. http://securityservice/accouunt/login). This url is not accessible from my local browser so my test is failing locally.
Is there a way that the login url can be customised (only for test purposes) to be that of the local machine and the locally exposed docker port (e.g. http://127.0.0.1:dockerport/account/login).
I have tried many different examples and combinations with currently no success.
Any help in this area would be most appreciated.
Thanks in advance,
Stuart
What I have done for local development and testing in some cases is to create a local HTTPS certificate using mkcert and then in my local host file add an entry to map the domain of the certificate to 127.0.0.1
So I can use urls like https://identityservice:6001 to point to my IdentityServer.

Access Pivotal SSO tile in local development

Our OPS team have configured a SSO tile that connects to ADFS. I am building a sample application that utilize an SSO service instance. I can deploy my application to PCF and remote debug my SSO configuration. These things work.
What I need is a way to access the SSO service instance while I am developing on my PC. Otherwise only way to verify my code really works is to deploy my application to PCF and either add log statements or configure remote debugging. Both of these are pretty time consuming.
I looked into configuring ssh access to pivotal services. That works for database service instances, but not for SSO service instance. Has anyone figured it out?
After repeated trials and error, I found the solution. Posting it here in case someone else has similar issue
In PCF, for your SSO add a new application. Auth redirect url for this application should point to your localhost. In my case it is http://localhost:8080
run cf env . Copy the p-identity section only and save to vcap_services.json. Then update the clientId and clientSecret with the values from the new application created in previous step.
Use the following command to start your application
VCAP_APPLICATION=true VCAP_SERVICES=$(cat vcap_services.json) SPRING_PROFILES_ACTIVE=... ./gradlew bootRun

Ngrok + IIS Express and Windows Authentication

Im trying to expose a web application I have developed in ASP.NET MVC 5 through ngrok and Im having no luck with the Windows Authentication. My plan was to test the app using other VMs with IE8 (insert rage here) and a few mobile devices connecting through ngrok.
My setup details are as follows.
VM with Server 2008 (Domain Controller), Visual Studio 2013, SQL etc and development tools
Domain XYZ setup in VM with test users
The Web App is running by F5'ing VS in IIS Express and uses Windows Authentication. IIS express is configured to support Windows Authentication.
I have configured ngrok bindings in the applicationhost config file and also run the netsh command "netsh http add urlacl url=URLPLUSPORT user=everyone"
I can access and use/debug the app fine on the VM using localhost, this has always worked. However, when I run ngrok and then access the app from outside the VM I get the login credential prompt (was expecting this). I enter the correct user/password and I still get 401 Unauthorised and cannot access the app.
Can anyone help? Do I need any extra configuration to allow the authentication to pass through? Is this even possible?
I am pretty much stumped right now and the ngrok site is down although I cant imagine there is much documentation on this scenario :(
Thanks for your help

oauth: Meteor authentication issue on own server

I'm working on an app the requires a log-in by using oauth mechanisms from LinkedIn, Twitter, Google.
On the common meteor server this authentication method works fine.
However, I recently deployed the meteor server on my own server, and I get an authentication error when I try to log in. I tried linkedin and twitter and receive the same error, so I guess something is wrong on my server.
The error is in a browser window:
The requested URL /_oauth/linkedin was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.22 (Ubuntu) Server at exomodal.com Port 80
The meteor server is at port 3000.
Any ideas how to resolve this issue?
Thanks in advance
As far as I know, in Google, it asks for a redirect url and an origin url. During development, you registered these as localhost:3000/. But when you deploy, you are not using localhost anymore. Update these URLs in your "API console" (That's what they call it in Google) if any exists. As far as I know, Google and Facebook requires some sort of url registered.
Also, API configurations (client/consumer id and secret) are usually stored in the DB. Upon deploy, you don't usually ship your development DB, leaving behind the configurations which were on your development machine. What we did was to hard-code these into the server code, so that every time the server is restarted or redeployed to a "clean server", it inserts those configs to the DB.

Resources