I have to trigger an email when the user logs in.
My login API header requires the following data
Content-Type => application/json
tenant-id =>
event-id =>
Device-id =>
Api-Key =>
When I am setting key as "Api-Key" it throws an error as below.
David here, from the Zapier Platform team.
I'm not sure which page that's for, but it looks like you're adding a trigger field when you probably want the API key to be in the authentication instead.
Check out the docs here: https://zapier.com/developer/documentation/v2/authentication/
If you do have a header that needs a - in it, you can add this in scripting as described here
some_header_pre_poll: function(bundle) {
var request = bundle.request;
request.headers["X-Project-ID"] = bundle.trigger_fields.project_id || "None";
return request;
},
Related
I'm trying to implement SSO via SAML and using my application as both the IdP (routes are based off localhost:3000) and SP (routes based off lvh.me:3000). I used the saml_idp gem to set up the IdP and the omniauth-saml gem for the SP side.
I can get a request sent to the IdP and a response sent back if I bypass the validate_saml_request method in the SamlIdpController in the gem. The response I get returns the user's email and first/last name per what I configured in the config/saml_idp.rb file.
I really don't want to bypass the validate_saml_request. When I looked to see why my request is not being validated, I see that the logs return '[] compare to lvh.me' and 'No acceptable AssertionConsumerServiceURL, either configure them via config.service_provider.response_hosts or match to your metadata_url_host'.
For SPs, my config/saml_idp.rb file looks like:
service_providers = {
"my-application" => {
fingerprint: ENV['SAML_CERT_FINGERPRINT'],
metadata_url: "http://lvh.me:3000/auth/saml/metadata",
response_hosts: ["lvh.me:3000"]
},
}
I confirmed that the metadata does exist at that metadata_url as well. Not really sure why it's not pulling anything via the metadata_url or response_hosts via the config.
On my SP side, the config/omniauth.rb file looks like:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :saml,
:assertion_consumer_service_url => "http://lvh.me:3000/auth/saml/callback",
:issuer => "portal",
:idp_sso_target_url => "http://localhost:3000/saml/auth",
:idp_sso_target_url_runtime_params => {:original_request_param => :mapped_idp_param},
:idp_cert => ENV['SAML_CERT'],
:idp_cert_fingerprint => ENV['SAML_CERT_FINGERPRINT'],
:idp_cert_fingerprint_validator => lambda { |fingerprint| fingerprint },
:name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
end
While I was unable to get it working using this piece of configuration in the config/saml_idp.rb file, I only needed to have the IdP interact with one SP and was able to get it working by adjusting what I passed to response_hosts and using another part of the code given in the config file (example below):
config.service_provider.finder = ->(issuer_or_entity_id) do
{
fingerprint: ENV['SAML_CERT_FINGERPRINT'],
metadata_url: "http://lvh.me:3000/saml/metadata",
response_hosts: ["lvh.me"]
}
end
I had Discord Oauth2 implemented so that my users could log into my website by authenticating through Discord. For months, everything worked great and now all of the sudden it stopped working.
Per Discord's oauth2 instructions,https://discordapp.com/developers/docs/topics/oauth2#shared-resources, I am able to successfully acquire the access code that is meant to be traded for the access token. However, when I try to receive the access token I receive an 'invalid_client' error.
First, I am hitting this endpoint:
https://discordapp.com/api/oauth2/authorize?client_id=${process.env.CLIENT_ID}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Flogin%2Fdiscord%2Fcallback&response_type=code&scope=identify%20email%20gdm.join
which successfully returns the following:
http://localhost:5000/login/discord/callback?code={some_access_code}
The access code is then sent back to discord to obtain the access token. Here is the code that is failing:
export function getDiscordAccessToken(accessCode, call) {
const redirect = call === 'login' ? process.env.DISCORD_LOGIN_REDIRECT : process.env.DISCORD_CONNECT_REDIRECT
return new Promise((resolve, reject) => {
axios
.post(
`https://discordapp.com/api/oauth2/token?client_id=${process.env.DISCORD_CLIENTID}&client_secret=${process.env.DISCORD_SECRET}&grant_type=authorization_code&code=${accessCode}&redirect_uri=${redirect}&scope=identify%20email%20gdm.join`
)
.then(res => {
resolve(res.data)
})
.catch(err => {
// log error to db
console.log("Here is your error: ", err.response)
reject(err.response)
})
})
}
This code was working for months with no problems. Then, all of the sudden it stopped working. I even checked the Discord change logs which can be found here, https://discordapp.com/developers/docs/change-log, but I found no reference to authentication changes.
Any help you can provide is greatly appreciated!
The query parameters should be in the BODY of the POST request, not the URL for the oauth/token url.
Discord recently pushed a update to the oAuth2 which makes it confine more with the standard. This means they no longer support parameters in the URL for POST, but instead require them to be in the body and form encoded (basically the same, but in the body and without the leading ?).
So you basically need (not tested):
axios.post(
`https://discordapp.com/api/oauth2/token`,
`client_id=${process.env.DISCORD_CLIENTID}&client_secret=${process.env.DISCORD_SECRET}&grant_type=client_credentials&code=${accessCode}&redirect_uri=${redirect}&scope=identify%20email%20gdm.join`
)
I know the question has already been answered, but in my case I copied a wrong secret key. Just make sure that you copy the right one.
Secret Key is located under OAuth2 Tab and not under General Information tab on discord developer's dashboard.
I am trying to send over a Post request to sendgrid to generate an API key for a subuser.
This is what my code currently looks like
body = JSON.parse('{
"name":"My API Key",
"scopes": [
"mail.send",
"alerts.create",
"alerts.read"
]
}')
header = {'On-Behalf-Of' => 'my#email.com'}
sg = SendGrid::API.new(api_key: ENV['SENDGRID_API_KEY'])
response = sg.client.api_keys.post(request_body: body, request_header: header)
This code generates the API but on the main account instead of the Subuser account. The header is what drives where the API key is generated and I can seem to find any sources online that how the correct syntax for sending over the header to sendgrid.
If you could please help I would really appreciate it. Thanks!
I recently had to do this. You need to set the On-Behalf-Of headers when you instantiate the client not when you make the request:
```
#send_grid = API.new(api_key: #api_key, request_headers: {
'On-Behalf-Of' => #username
})
```
Then when you make a request with #send_grid it will send on behalf of the subuser -- and the API key will not show up in the list of api keys on the parent account
If I understand correct, you want to send email "From" another user. On Behalf of is non standard way of doing things.
For eg. https://sendgrid.com/docs/Classroom/Troubleshooting/Authentication/my_emails_are_displaying_as_on_behalf_of_or_via_in_some_mail_clients.html
You may want to try setting from instead of on-behalf-of
"from": {
"email": "from_address#example.com"
},
Refer to: https://sendgrid.com/docs/API_Reference/Web_API_v3/Mail/index.html
I'm trying to use Google's API to sign up and log in users to my rails webapp. I've been playing around with the authentication, but I'm getting stuck on this error after I get the authorization code.
Here's what I'm trying to do:
path = Rails.root.to_s + PATH_TO_JSON_FILENAME_FROM_GOOGLE_API
client_secrets = Google::APIClient::ClientSecrets.load(path)
auth_client = client_secrets.to_authorization
auth_client.update!(
:scope => 'https://www.googleapis.com/auth/drive.metadata.readonly',
:redirect_uri => REDIRECT_URI
)
auth_client.code = ACCESS_CODE_RETURNED_BY_GOOGLE_WHEN_USER_LOGS_IN
auth_client.fetch_access_token!
A few questions:
All I really want to be able to pull is the users name, and their email address. I'm unclear on what the proper value for :scope should be.
For the redirect_uri I'm setting it to one of the redirect uri's that are in my Google API console. Something along the lines of http://localhost:3000/auth/callback. Despite this, I'm getting the following json response:
{
"error" : "redirect_uri_mismatch"
}
Thoughts on what I might be doing wrong here?
Finally figured this out. I needed to set the redirect_uri to postmessage, because that's how I originally requested the authorization code. Here's my complete solution:
I load the Google Authentication library with the following:
function start() {
gapi.load('auth2', function() {
auth2 = gapi.auth2.init({
client_id: 'MY_CLIENT_ID',
});
});
};
I created an HTML button, which on click makes the call to the following function:
function(e){
e.preventDefault();
auth2.grantOfflineAccess({'redirect_uri': 'postmessage'}).then(this.signInCallback);
},
Right now the signInCallback function is just logging my authorization code so I can test out the ruby server code I'm writing:
function(authResult) {
console.log(authResult.code);
}
Here's what my ruby file looks like:
client = Google::APIClient.new
client.authorization.client_id = MY_CLIENT_ID
client.authorization.client_secret = MY_CLIENT_SECRET
client.authorization.redirect_uri = "postmessage"
client.authorization.code = CODE_THAT_WAS_LOGGED_TO_CONSOLE
client.authorization.fetch_access_token!
A little more info: you have to use 'postmessage' calling grantOfflineAccess. I tried putting in one of the actual redirect uri's from my developer console, and it didn't like that (see this SO question for more). What I figured out is that if you do this, then you need to do the same thing on the server side when you try to exchange the authorization code for an access token.
Redirect URI mismatch error definitely means that the redirect URI is not the same that is registered. Make extra sure that the URIs are identical.
I'd like to have a dynamic redirect URL for my Facebook OAuth2 integration. For example, if my redirect URL is this in my Facebook app:
http://www.mysite.com/oauth_callback?foo=bar
I'd like the redirect URL for a specific request be something like this, so that on the server, I have some context about how to process the auth code:
http://www.mysite.com/oauth_callback?foo=bar&user=6234
My redirect gets invoked after the authorization dialog is submitted, and I get back an auth code, but when I try to get my access token, I'm getting an OAuthException error back from Facebook. My request looks like this (line breaks added for clarity):
https://graph.facebook.com/oauth/access_token
?client_id=MY_CLIENT_ID
&redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar%26user%3D6234
&client_secret=MY_SECRET
&code=RECEIVED_CODE
All of my parameters are URL-encoded, and the code looks valid, so my only guess is that the problem parameter is my redirect_uri. I've tried setting redirect_uri to all of the following, to no avail:
The actual URL of the request to my site
The URL of the request to my site, minus the code parameter
The URL specified in my Facebook application's configuration
Are custom redirect URI parameters supported? If so, am I specifying them correctly? If not, will I be forced to set a cookie, or is there some better pattern for supplying context to my web site?
I figured out the answer; rather than adding additional parameters to the redirect URL, you can add a state parameter to the request to https://www.facebook.com/dialog/oauth:
https://www.facebook.com/dialog/oauth
?client_id=MY_CLIENT_ID
&scope=MY_SCOPE
&redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar
&state=6234
That state parameter is then passed to the callback URL.
If, for any reason, you can't use the option that Jacob suggested as it's my case, you can urlencode your redirect_uri parameter before passing it and it will work, even with a complete querystring like foo=bar&morefoo=morebar in it.
I was trying to implement a Facebook login workflow against API v2.9 following this tutorial. I tried the solutions described above. Manuel's answer is sort of correct, but what I observed is url encoding is not needed. Plus, you can only pass one parameter. Only the first query parameter will be considered, the rest will be ignored. Here is an example,
Request a code via https://www.facebook.com/v2.9/dialog/oauth?client_id={app-id}&redirect_uri=http://{url}/login-redirect?myExtraParameter={some-value}
You'd get a callback for your url. It will look like http://{url}/login-redirect?code={code-from-facebook}&myExtraParameter={value-passed-in-step-1}. Note that facebook would make a callback with myExtraParameter. You can extract the value for myExtraParameter from callback url.
Then you can request access token with https://graph.facebook.com/v2.9/oauth/access_token?client_id={app-id}&client_secret={app-secret}&code={code-from-facebook}&redirect_uri=http://{url}/login-redirect?myExtraParameter={value-extracted-in-step-2}
Additional parameter passed in step 1 after the first query parameter will be ignored. Also make sure to not include any invalid characters in your query parameter (see this for more information).
You're best off specifying a unique callback for each oAuth provider, /oauth/facebook, /oauth/twitter etc.
If you really want the same file to respond to all oAuth requests, either include it in the individual files or setup a path that will call the same file on your server using .htaccess redirects or something similar: /oauth/* > oauth_callback.ext
You should set your custom state parameter using the login helper as such:
use Facebook\Facebook;
use Illuminate\Support\Str;
$fb = new Facebook([
'app_id' => env('FB_APP_ID'),
'app_secret' => env('FB_APP_SECRET'),
'default_graph_version' => env('FB_APP_VER'),
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = [
'public_profile',
'user_link',
'email',
'read_insights',
'pages_show_list',
'instagram_basic',
'instagram_manage_insights',
'manage_pages'
];
$random = Str::random(20);
$OAuth2Client = $fb->getOAuth2Client();
$redirectLoginHelper = $fb->getRedirectLoginHelper();
$persistentDataHandler = $redirectLoginHelper->getPersistentDataHandler();
$persistentDataHandler->set('state', $random);
$loginUrl = $OAuth2Client->getAuthorizationUrl(
url('/') . '/auth/facebook',
$random,
$permissions
);
Hey if you are using official facebook php skd then you can set custom state param like this
$helper = $fb->getRedirectLoginHelper();
$helper->getPersistentDataHandler()->set('state',"any_data");
$url = $helper->getLoginUrl($callback_url, $fb_permissions_array);