Diaglogflow account linking failed for Visual Studio Online - oauth

I have spent a lot of time lately trying to link MS VSTS account with Dialogflow. Unfortunately all my attempts failed and I am unable to find out the reason for this.
What I have done so far is:
Went to registered new VSO application (https://app.vsaex.visualstudio.com/app/register), filling in the correct callback URI (https://oauth-redirect.googleusercontent.com/r/MY_PROJECT_ID) also defining the proper scopes.
Got back to Google's action console overview page (https://console.actions.google.com/project/MY_PROJECT_ID/overview/accounts) to fill in the details for the newly created application (authorize URL, token URL etc.) selecting Authentication Code grant type.
Went to Dialogflow to set the "sign in required" for the welcome intent.
Update the action and got the "It looks like your account is not linked yet" message in simulator, but after using the DEBUG URL to complete the process, I received "account linking failed" message for no obvious reason.
I have also tried the linking procedure with 2 other OAUTH providers and it was working flawlessly, but the MS implementation apparently is not standard.

Related

google action account linking Accounts failed to link

I want to account for linking google action to my web app. followed the OAuth Client Information. I have implemented
Set Up an OAuth2 Server Using Passport in Laravel( tutorial link).Where I did authentication. finally, I find my application at my home mobile app but when goes to click on MY created app it gives me account linked and after that an error "something went wrong and close" but when I open my
it gives me an error
Accounts failed to link. Please close your browser and try again
The documentation at Add authentication to your project indicates that you need to use the Authorization Code auth type instead of the Implicit flow.

Google Smart Home Actions add device '[test] ACTION is linked' to immediate 'Something went wrong. Try again'

I am creating a new Google smart home Action, and step one is to create an OAuth 2.0 server for account linking.
https://developers.google.com/actions/identity/oauth2?oauth=code&hl=ko&refresh=1
I have follow all of the steps on the Google documentation under the Auth code UP UNTIL 'start the authentication flow'. I do not know if this is required or where this code would go, but that is a different topic.
However, there is an error with my Authentication page. Linking is done with my iPhone's Google Home app, currently which has the generated [test] prefix. When I click the [test] MYAPP, the service runs through till the redirection correctly. The webpage closes and informs me 'MYAPP is linked. As soon as this notification disapears, a new notification 'Something went wrong. Try again' appears.
Clicking the [test] MYAPP to link any time afterwards leads to a blank webpage that says 'Account now linked', but the MYAPP does not move to the 'linked' portion of the Google Home app.
https://developers.google.com/actions/smarthome/develop/error-logging
After checking the logs, I was initially getting 'OPEN_AUTH_FAILURE' for days. Now, I am getting 'BACKEND_FAILURE'.
What is the next step? How can I debug this?
You can use the Google OAuth Playground to verify that your account linking implementation is working properly. Here is how you can configure this tool to test your endpoint:
Open the Settings gear, change OAuth endpoints to Custom
Enter your authorization and token URLs from the Actions console
Enter your client ID and secret from the Actions console
You won't be authorizing any Google APIs, so for Step 1 you can just enter something like "devices" and click Authorize APIs. You can follow through with the flow in Step 2 to verify that the authorization and token exchange work properly. The tool will report if any errors occur in the flow.
If you can successfully verify your account linking implementation, but you are still seeing errors returned in the Cloud console, please file an issue.

OAuth v2 Issues with Microsoft Account connection

I have been trying to implement the OAuth v2 for Microsoft Accounts for my website. Its currently in development stage and so am testing on localhost. The Website is an ASP.NET Core MVC 5 Application.
I have followed the tutorial here to implement OAuth for Twitter, Google and Facebook accounts. I found this to be quite simple with only a few small issues that I was able to solve with simple google searches.
However I have spent several days trying to understand what is happening when trying to use Microsoft Account authentication on my site.
I have watched the video here on registering an application in the Microsoft App Registration Portal. At around minute 6 in the video a short demo shows how to set up the App. You can see my App details in the following screen shot:
In the video at about 7.5 mins in, there is a small section explaining how to test the App by building a URL string.
On submitting the query string to the browser the page is redirected as expected to my App page as you can see here:
In this instance I was all ready signed into my Microsoft Outlook account. If I wasn't signed in I would be prompted to login to a Microsoft account. Logging in, in this case choosing my already signed in Outlook account causes the page to be redirected back to my site as seen in the following screen shot but because the site didn't send the request its not expecting a token sent back for login so nothing really happens. This is expected behaviour, at this point as I was only testing that the Apps end point was working as expected.
[
The next stage is to test the functionality from my website. This is where I always have issues. To activate the OAuth functionality for Microsoft Account login requires simply un-commenting a couple of lines of code within the Startup.Auth.cs file in my websites App_Start folder and passing in the Apps ClientKey and ClientSecret values as can bee seen in the following code snippet:
app.UseMicrosoftAccountAuthentication(
clientId: System.Configuration.ConfigurationManager.AppSettings["MicrosoftOAuthClientID"],
clientSecret: System.Configuration.ConfigurationManager.AppSettings["MicrosoftOAuthClientSecret"]);
This code basically adds a little button to the login page that allows you to choose Microsoft login as can be seen here:
[
When I click the Microsoft button I get the following error page:
And the query string returned contains the following:
https://login.live.com/err.srf?lc=2057#error=unauthorized_client&error_description=The+client+does+not+exist.+If+you+are+the+application+developer%2c+configure+a+new+application+through+the+application+management+site+at+https://apps.dev.microsoft.com/.&state=JMxMRuKaOiYWCQw_Uqkhv3gLQn3ULlkG2miM4ymcHhTK5niXVQl5n4L0a6VoWeEKmFM7T1ciU2oQAh26_Y0i2DMjdt6BOAtpjNeMaSpBq4wbCjva9lOuctOUIWwoFdTEGvxJ4M904lUsoudd9e9cYi6eiH3JF81HB5ouQSus2ddE1sVUQLw-YB1GjUL79y2muFaBFIOIOk75oCV2IxX4cFO2rJU04K9Se6gxu698WpzR8taUB2c6tK9u0dBisckhavf0IvKB9dWQq-IVwQgvaA
Anybody know why or what is happening????
Now I have read in several of my many searches while trying to understand whats happening when I try to test the App from my site rather than a URL directly in the browser that I should have
/signin-microsoft
appended to my Redirect URL in the App Portals configuration. I have Tested with my Redirect URL set like that and this does not work. I get a HTTP ERROR 500 sent back because the page signin-microsoft does not exist. So this is not my problem.
Please help if anyone has had the same issues and solved it.
EDIT: I should have mentioned that I was initially trying this using Local IISExpress but after reading some posts saying it can be done only on IIS so I published my site locally to IIS.

Wiring Up Azure AD to an ASP.NET MVC Site

I am attempting to wire up Azure AD to a test MVC site.
I have followed the steps in the blog posts by Rick Rainey here and by Rick Anderson here (which appear to essentially be the same).
When I run the project, and try to sign on, I receive an error page with the messages "Sorry, but we're having trouble signing you in.", "We received a bad request.", and "AADSTS50000: There was an error issuing a token.". I have searched the web for the last error message and found a couple of things but nothing that provided any detail.
Any suggestions as to what might be missing? Everything (such as the application, and database) appear to have been created and configured in Azure as expected / described.
I was able to get it working (with the help of Rick Anderson). The issue was that I was not (completely) following directions and was trying to use the wrong account. When I created a new directory, it pulled in the Azure AD account that I was logged in with. This wasn't a Microsoft account (as mentioned in the article) but it still didn't work. When I created a user in the directory, this user was able to logon.

SalesForce API: OAuth authorization error 1800

I am brand new to SalesForce development, and want to explore the API and its capabilities. I have created a new Developer Edition account. I have not yet tried to access the API programmatically, but I am trying (unsuccessfully) to access it via both the Workbench ( https://workbench.developerforce.com/login.php ) and the Apigee Console ( https://apigee.com/console/salesforce ).
For some reason, in both cases I'm redirected to a URL with OAuth error code 1800 (e.g. https://na15.salesforce.com/setup/secur/RemoteAccessErrorPage.apexp?oauth_error_code=1800&display=popup in the Workbench case). At this URL, I am getting a screen with the text "Remote Access Authorization Error" - "There was a problem in setting up your remote access". What am I doing wrong?
Some additional details:
I can log into SalesForce just fine, the problem only occurs with API/OAuth access
I have not touched anything in my brand-new Developer Edition account, except for (1) populating it with some sample data (Leads, Accounts, Contacts), and (2) resetting the security token (through "My Personal Information" -> "Reset My Security Token")
On the WorkBenh login screen, it does not matter which API version I choose (tried 24, 25 and 26), and I am using "Production" for the Environment since my login doesn't seem to work at all for Pre-Release or Sandbox
(not a real answer, I expect to update it frequently as the situation develops)
Weird.
Yes, Developer Edition is a "Production" as far as connecting apps are concerned. You might have to file a Case with Salesforce Support (Help&Training link in the upper right corner).
Workbench does use API (and probably so does this Apigee thingie) but if you're using your username & pass I don't see how it might go to OAuth...
Can you download any other SF-related tooling (Data Loader, Force.com IDE, Real Force Explorer, Excel Connector, some iPad/Android app... hell, Chatter for Desktop even) and try the connectivity?
Sometimes API products don't display special field for the security token (which you can bypass by entering longer string in the password field: "passwordSecurityToken") but Workbench never asked for a token when I was accessing my Dev. Edition.
There was an issue with OAuth on NA15, but should be resolved now. I tested with Workbench with a brand new NA15 org and its working as expected.
I've run into this when I try and "short circuit" the auth url by decoding the startUrl param and going straight to it in a tab that's already logged in. For example
login to some org on na14.salesforce.com
click sfdx authorize an org in vs code with default url
get sent to a url like https://login.salesforce.com/?startURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fsource%3D<long_base64_encoded_string>
use a url decoder (i.e. https://meyerweb.com/eric/tools/dencoder/) to translate that to https://login.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
change the url to match the domain i'm logged in as, i.e. https://na14.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
go through the standard oauth grant
success
For the most part that works fine, but in some cases I get that wonderful oauth error 1800. In those cases I've been able to work around the issue by specifying the specific domain my instance is on when starting the oauth authorization. Using the above example for step 2 I would chose https://na14.salesforce.com for the the url (other oauth flows typically provide a similar custom url input, but ymmv). Voila, step 7 is successful.
Can't say for sure if that's exactly what will happen for others.

Resources