I am trying to integrate Skype for Business with my app using Skype Web SDK, but I cannot even complete authorization. This is my code based on the code from this video: https://youtu.be/EyHL1HH9FzE?t=20m20s
public connect() {
var client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
if (!/^#access_token=/.test(location.hash)) {
console.log("no token");
location.assign(
"https://login.microsoftonline.com/common/oauth2/authorize"
+ "?response_type=token"
+ "&client_id=" + client_id
+ "&redirect_uri=" + location.href
+ "&resource=https://webdir.online.lync.com"
);
} else {
console.log("token present");
}
}
I am being redirected to the microsoft page, where I can log in, however next I am being redirected back to my app with the following url: http://myapp/ui/index.html#error=invalid_resource&error_description=AADSTS50001%3a+Resource+identifier+is+not+provided.%0d%0aTrace+ID%3a+0efb74b9-6063-4046-9710-836d43641d00%0d%0aCorrelation+ID%3a+7fcbee4c-e543-4b00-a485-152779f346bb%0d%0aTimestamp%3a+2018-06-13+13%3a52%3a30Z
So it says the error is
an invalid resource and that the resource identifier is not provided.
I have copied the resource part from the video and have seen it in multiple other tutorials
+ "&resource=https://webdir.online.lync.com"
In azure I have set oauth2AllowImplicitFlow to true and delegated permissions for Skype for Business Online are also added to that app.
an invalid resource and that the resource identifier is not provided.
I also can reproduce the issue you mentioned if I use location.assign. It seems that CORS prevent it. It is not related with resource=https://webdir.online.lync.com
Note that security settings, like CORS, may prevent this to effectively happen
Solution:
window.location.href = href
Please have a try to use the following code, then it works correctly on my side. For more information, please refer to this article.
var client_id = "xxxx"
window.sessionStorage.setItem('client_id', client_id);
var href = 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=';
href += client_id + '&resource=https://webdir.online.lync.com&redirect_uri=' + window.location.href;
window.location.href = href;
Related
I am trying to implement Microsoft SSO authentication in ionic 5.
Undefine occurs in the console when the code below is executed. Which part is the problem?
login(){
let authContext: AuthenticationContext = this.msAdal.createAuthenticationContext('https://login.windows.net/common');
authContext.acquireTokenAsync('https://graph.windows.net', 'clientID', 'http://localhost:8200')
.then((authResponse: AuthenticationResult) => {
console.log('Token is' , authResponse.accessToken);
console.log('Token will expire on', authResponse.expiresOn);
})
.catch((e: any) => console.log('Authentication failed', e));
}
error =>
https://ionicframework.com/docs/v3/native/ms-adal/
const browser = this_.iab.create("https://login.microsoftonline.com/" + tenant_id +
"/oauth2/authorize?response_type=id_token&client_id=" + client_id
+"&state=SomeState&nonce=SomeNonce"
, '_blank', 'clearsessioncache=yes,clearcache=yes,toolbar=no,location=no,toolbarposition=top,hidenavigationbuttons=yes,toolbarcolor=#0072bb')
browser.on("loadstart").subscribe(event => {
IAB is inappbrowser. Msal we had also tried to use when we needed this type of authentication for azure AD b2c. Similarly you have to do for your case.
There is enterprise level plugin available which cost around 8 lakhs INR.
So this is the work around. Tenant id and client id you will get when you register your app under applications in azure account.
So once the login is successful that load listener will listen to pages which IAB is visiting. And if found occurrence of #token_id(after sucesfull login).
Automatically the iab will close and ionic app page will resume or you can put some new route entry in that event listener.
May be for your case the base url might change. So try first visiting chrome with the url which opens your case login. And accordingly change.
MAKE IT WORK USING IAB AND NOT MSAL
I am trying to get an access token to access one drive of the user inside the word online add-in. I am following the instructions on this link.
I used following URL to request authorization code from within ms word online add-in which I am developing.
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http://localhost/myapp/
&response_mode=query
&scope=offline_access user.read mail.read
&state=12345
I generate GET request with the following code:
function getAuthorizationCode() {
var xhr = new XMLHttpRequest();
xhr.open(
"GET",
"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?\
client_id=6731de76-14a6-49ae-97bc-6eba6914391e\
&response_type=code\
&response_mode=query\
&scope=offline_access%20user.read%20mail.read\
&state=12345",
true
);
xhr.send();
xhr.addEventListener("readystatechange", processRequest, false);
xhr.onreadystatechange = processRequest;
function processRequest(e) {
if (xhr.readyState == 4 && xhr.status == 200) {
var response = JSON.parse(xhr.responseText);
}
}
}
But server is throwing error saying
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:3000' is therefore not allowed access.
If the above link is copied and pasted into the browser it works fine.
What should I do? Is there any other way to get access token inside MS Word Online add-in.
Office Web Add-ins include support for pulling a token based on the application user. This provides an SSO experience and eliminates the need to have them re-authenticate using the same credentials that they've already logged into the application with.
You can read about this functionality at Enable single sign-on for Office Add-ins.
I'm trying to post to a Facebook page AS the page using the Unity Facebook SDK running on iOS. As I understand, to do that, I need the pages access token with manage_pages and publish_pages. I know that I can get it from /me/accounts?fields=access_token, but how do I tell AccessToken.CurrentAccessToken to use my pages access token instead?
Right now i'm using the following:
var wwwForm = new WWWForm();
//wwwForm.AddField ("access_token", "A-T I NEED");
wwwForm.AddBinaryData("image", screenshot, "InteractiveConsole.png");
wwwForm.AddField("message", "herp derp. I did a thing! Did I do this right?");
FB.API("/PAGE-ID/photos", HttpMethod.POST, HandleResult, wwwForm);
I tried putting the access token manually, but that didn't work (so I commented it out).
With this as it is I'm getting an error, telling me that I need publish_actions, wich is not correct since I'm not trying to post as the user. If I also get publish_actions the Post goes online, but is posted to the page as the user speaking. (User is also Admin)
Any Ideas ? Thanks!
So, I filed a bug report to facebook and as it turns out: "… at this time this functionality is not supported." Wich simply means there is now way to use the Page Access Token you acquired via the FB.API within the FB.API. And they are not going to tell you abot it in the documentation.
As a workaround I simply use a UnityWebRequest like this:
IEnumerator UploadToPage(byte[] screenshot) {
var wwwForm = new WWWForm();
wwwForm.AddField("message", "herp derp. I did a thing! Did I do this right?");
wwwForm.AddBinaryData("image", screenshot, "Test.png");
string url = "https" + "://graph.facebook.com/"+ PageID + "/photos";
url += "?access_token=" + PageAccessToken;
using (UnityWebRequest www = UnityWebRequest.Post(url, wwwForm))
{
yield return www.Send();
if (www.isError)
{
Debug.Log(www.error);
}
else
{
Debug.Log("Form upload complete!");
}
}
Debug.Log(url);
}
I am trying to run a google apps script, in a document, that sends an email with an attached google spreadsheet as an .xlsx file automatically, running every few hours.
Below is the solution that works if I use a manual OAuth2 code coming from the google OAuth2 playground :
function downloadXLS() {
var AUTH_TOKEN = "xxxx";
var auth = "AuthSub token=\"" + AUTH_TOKEN + "\"";
var file = Drive.Files.get('xxxx');
var response = UrlFetchApp.fetch('https://docs.google.com/spreadsheets/d/xxx/export?format=xlsx',{headers: {Authorization: auth}});
var doc = response.getBlob();
app = DriveApp.createFile(doc).setName(file.title + '.xls')
MailApp.sendEmail("xxx#xxx.com", "oh man", " Body", { attachments: app })
}
To try to auto-generate the authorization token I followed exactly all the steps here:
https://github.com/googlesamples/apps-script-oauth2
Changing on the script :
.setClientId('...')
.setClientSecret('...')
I also put in the URI the the Project Id inside the https://script.google.com/macros/d/myprojectkey/usercallback of the google developer console
But when i run the function makeRequest() it tells me : "Access not granted or expired"
So i wonder which step i missed.
Do you have any clue on what is going on ?
Help is much appreciated,
Thanks
You need to do step 2: Direct the user to the authorization URL
When the sidebar loads you will click the link and the Oauth dialog will open. After you allow access you can use the getAccessToken() method.
EDIT:
For your specific case you do not need a separate OAuth flow. You can use Apps Script to get the token you need to do that export. As you are already requesting access to drive your token will work for the export call.
function downloadXLS() {
var file = Drive.Files.get('xxxx');
var response = UrlFetchApp.fetch('https://docs.google.com/spreadsheets/d/xxx/export?format=xlsx',{headers: {Authorization: "Bearer " + ScriptApp.getOAuthToken()}});
var doc = response.getBlob();
app = DriveApp.createFile(doc).setName(file.title + '.xls')
MailApp.sendEmail("xxx#xxx.com", "oh man", " Body", { attachments: app })
}
I'm trying to get user profile information upon logging in with google-oauth2. User successfully logs in and i can get the access_token and can refresh the token when needed.
Though i could not manage to get any information about the user despite reading the docs and trying for hours.
From "Retrieving profiles" section of developers guide :
https://www.google.com/m8/feeds/profiles/domain/domainName/full
should be enough. i've tried with "gmail.com", "google.com", "gmail", "google", "orkut", "orkut.com" , myregisteredappsdomainname (and .com) as domainName. i've also tried it with
https://www.google.com/m8/feeds/profiles/domain/domainName/full?access_token=access_token_for_user
all i managed to get was 401 error, where it says "That’s an error.". Regarding 401 error, I've refreshed the token and tried again with new token, but kept getting 401s.
How can i get profile information and image address for user upon logging in?
The scope you're looking for is:
https://www.googleapis.com/oauth2/v1/userinfo
This has been already answered here
I was getting similar errors requesting profiles even after correctly defining the scope and getting access tokens etc.. The trick for me was to include the API version on my requests. See here for more info http://code.google.com/googleapps/domain/profiles/developers_guide.html#Versioning
Maybe little late yet could this be helpful to someone. Below is the working code I wrote to get gplus user profile
In HTML below markup will display goolge signIn button
<span id="signinButton">
<span
class="g-signin"
data-callback="signinCallback"
data-clientid="YOUR GPLUS CLIENT ID"
data-cookiepolicy="single_host_origin"
data-scope="email">
</span>
</span>
Below is the java script
var access_token;
/**
* Called when the Google+ client library reports authorization status.
*/
function signinCallback(authResult) {
access_token = authResult.access_token;
gapi.client.load('plus', 'v1', function () {
gapi.client.plus.people.get({ userId: 'me' }).execute(printProfile);
});
}
/**
* Response callback for when the API client receives a response.
*
* #param resp The API response object with the user email and profile information.
*/
function printProfile(resp) {
if (resp.code != 403) {
console.log('name:' + access_token.givenname);
console.log('last name:' + access_token.lastname);
console.log('email:' + access_token.emails[0]);
console.log('gender:' + access_token.gender);
console.log('profile image url:' + access_token.image.url);
}
}
Please make sure that you load google api javascript asynchronously within the body tag as below
<script type="text/javascript">
(function () {
var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = 'https://apis.google.com/js/platform.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
})();
</script>
To handle logout refer to the answer I provide in below link, you will need to store access_token in backend so that during logout call this to be used, in my case I have stored in session and getting through ajax call
gapi.auth.signOut(); not working I'm lost
Hey why don't you look at the code given at:
http://www.codeproject.com/KB/aspnet/OAuth4Client.aspx
It definitely helps you. The project is actually an oauth playground to send correct oauth header to correct endpoints.