Is it possible to change the adapter of Zend_Oauth_Consumer?
On the customer his server they rely on Zend_Oauth_Consumer to login a user through facebook or twitter. Sadly enough the normal adapter (Zend_Http_Client_Adapter_Socket) throws an error.
So, can that be changed?
Related
I'm trying to understand the functionalities of Keycloak and trying to find a way to monitor request flows (like in Wireshark) in a local environment (localhost). What tool could I use for this purpose in a Windows environment? I've got an Angular app that is integrated with Keycloak, and it works. When I request localhost:4200, the browser takes me to Keycloak login screen.
To view logs, I changed the log level in the Keycloak server at ..\keycloak-4.8.3.Final\standalone\configuration from INFO to ALL. It did expand the log entries that showed in the console but it didn't show any logs when my angular application redirects to Keycloak and when I enter user credentials in Keycloak login screen.
I would like to see the request flow from browser to Keycloak and all the auth requests and so on. Is there a tool that I could use for this purpose?
Configure the events part of the server the way you prefer. They are stored in the DB.
Keycloak provides a rich set of auditing capabilities. Every single
login action can be recorded and stored in the database and reviewed
in the Admin Console. All admin actions can also be recorded and
reviewed. There is also a Listener SPI with which plugins can listen
for these events and perform some action. Built-in listeners include a
simple log file and the ability to send an email if an event occurs.
Still I don't know if this covers the specific case of your application redirecting to the KC login screen. If not, you might need to log this in your application, but it might be a little bit tricky if you use the Angular adapter, as it gets executed in client side (you would need to do POST to some server that you own to get it logged, or directly switch to any server side based KC adapter).
another way to get the event is from the
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("localhost")
.realm("myRealm")
.grantType(OAuth2Constants.PASSWORD)
.clientId("myclient")
.clientSecret("xxxx-xxxxx-xxxx-xxx")
.username("foo")//the admin user
.password("password")
.build();
List<EventRepresentation> events = keycloak.realm("myRealm").getEvents();
then you choose the type of event you want to target
When using LogonUser() with LOGON32_LOGON_NETWORK to validate a user's Windows login and password, it does not seem to cause their account to be locked even if the wrong password is checked more times than the user's security policy allows.
There is a similar question:
Incorrect password passed to LogonUser() but the Active Directory account is not locked as expected
But in their case, they were using LOGON32_LOGON_INTERACTIVE instead.
In my case, the domain controller is available to authenticate the logon, but it is not clear from the documentation whether using LOGON32_LOGON_NETWORK means it does not authenticate with the domain controller, only that it will not cache the credentials if they are correct.
What I'm looking for is a policy setting that will lock a Windows domain account if LogonUser() is used with the wrong password too many times.
EDIT: Additional information to help clarify the situation.
When calling LoginUser() on my XE2 development machine with the correct domain\user but incorrect password, the result is false. Calling SysUtils.SysErrorMessage(System.GetLastError) gives me:
The operation completed successfully
The same test performed on any of the machines at the client site shows:
Logon failure: unknown user name or bad password
Continuing the test on any of their machines eventually has it reporting:
The referenced account is currently locked out and may not be logged on to
What I am trying to determine is why that client is behaving differently, as we'd like to have systems on our domain also lock accounts. Perhaps it is a property of the Windows account?
The policy setting you are looking for is the Account Lockout Threshold.
I don't believe this has anything what-so-ever to do with the fact that Delphi is the language involved in calling the API. This is purely a Windows API / security policy question.
I need to use Twitter Oauth to login my windows phone app,
What i need exactly is
1)when the user click twitter log in button from my app, i need to show the twitter llog in page in a browser,
2)when he enters his credentials and accept the app, then i should get the user information like, name, gender, bday, what ever i can take.
That,s it, then i can close the browser and make my app active.
I just need to make the user to log in via twitter.
I referred lot of examples, that are all quit confusing and doing all the stuffs in twiiter.
I tried this example
and got this error
'TweetSharp.TwitterService' does not contain a definition fError 2 'TweetSharp.TwitterService' does not contain a definition for 'GetAccessToken' and no extension method 'GetAccessToken' accepting a first argument of type 'TweetSharp.TwitterService' could be found (are you missing a using directive or an assembly reference?)
and i tried enter link description here
failed on that too.
Can anybody help me to do the authentication via twitter for my app.
Thank you.
I tried this example and got success, I contacted the person who have posted that example and got help from him to solve the issues raised from this example.
Actually this Example works fine for twitter integration,
What you have to do is
1)Register your app in twitter, here the link for app registration,
log in and register your app.
2)Make sure you have given the Call Back URL(i forget to give that, and that makes me face lot of issues)
3)Note down the Consumer Key, Consumer Secret and Call back url(we need specify this 3 in our code)
4)Go to Settings, and set your app access to Read and Write
5)down load the above link and change the Consumer Key, Consumer Secret and Call back url as per your app, and then run the example, it will work fine.
Thank you.
If you just want to authenticate using Twitter and don't want to post anything, perhaps you can try Azure Mobile Service Authentication. You can find more information here: mobile services authentication
I'm trying to implement Soundcloud connect and having a weird issue.
First thing I do is send my users to
https://soundcloud.com/connect?client_id=MY_CLIENT_ID&redirect_uri=http://myredirecturl.example.com&state=RANDOM_STRING&display=page&response_type=code&scope=email
When users connect they get redirected to
http://myredirecturl.example.com?error=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed.&state=RANDOM_STRING
The same happens if I use scope=*.
However, if I use scope=non-expiring it lets me go through, but I need the users email and that type of scope doesn't have enough grants.
I thought it had something to do with my app being in development mode, but Osman at Soundcloud said it doesn't.
Thanks.
The 'email' scope is not available to all integrations. It's used for a few custom integrations that have provided us with accepted terms of service / privacy policies. There is no way to get a user's email address using the SoundCloud API.
You should however be able to use the '*' scope to get an expiring access token. I'll check with our app team to see why this is giving you an error. I'll edit my answer once I have more information there.
For your purposes, I would stay with the 'non-expiring' scope and simply prompt a user for their email address (providing them with a way to agree to your terms of use / privacy information).
Using scope=* sometimes doesn't work because the url is not properly encoded. If you are getting this error while using the * wildcard, try properly encoding the url, using a function like urlencode() (for PHP).
I'm trying to write a web application that would use Twitter via OAuth.
I run my local server as 'localhost', so I need the callback URL to be something like http://localhost/something/twitter.do but Twitter doesn't like that: Not a valid URL format
I'm probably going to do a lot of tests, but once I've approved my app with my username, I can't test again can I? Am I supposed to create multiple twitter accounts? Or can you remove an app and do it again?
You can use 127.0.0.1 instead of localhost.
You can authorize your app as many times as you like from the same twitter account without the necessity to revoke it. However, the authenticate action will only prompt for Allow/Deny once and all subsequent authenticate requests will just pass through until you revoke the privilege.
Twitter's "rate limiting" for API GET calls is based on IP address of the caller. So, you can test your app from your server, using the same IP address, and get (once approved) 15,000 API calls per hour. That means you can pound on your app with many different usernames, as long as your approved IP address remains the same.
When you send the e-mail to Twitter to ask for an increase to your rate limit, you can also ask for the increase to apply to your Twitter username too.
I believe Twitter requires you - if you need to change your IP address, or change the username that is using the app - to send in another request asking for the rate limit increase for that new IP address or username. But, in my experience, Twitter has been pretty quick at turning around these requests (maybe less than 48 hours?).
use like this
for Website :http://127.0.0.1
and for callback URL: http://127.0.0.1/home
or any of your page address like http://127.0.0.1/index
Have you tried creating your own caching mechanism? You can take the result of an initial query, cache it on thread local, and given an expiration time, refresh from Twitter. This would allow you to test your app against Twitter data without incurring call penalties.
There is also another solution (a workaround, rather) which requires you to edit your hosts file.
Here is how you do it on a linux box:
Open your /etc/hosts file as root. To do this, you can open a terminal and type something like sudo vi /etc/hosts.
Pick a non-existent domain to use as your local address, and add it to your hosts file. For example, you will need to add something similar to the following at the end.
127.0.0.1 localhost.cep # this domain name was accepted.
So, that's pretty much it. Pointing your browser to localhost.cep will now take you to your local server. Hope that helped :)
In answer to (1), see this thread, in particular episod's replies: https://dev.twitter.com/discussions/5749
It doesn't matter what callback URL you put in your app's management page on dev.twitter.com (as long as you don't use localhost). You provide the 'real' callback URL as part of your request for an OAuth token.
1.) Don't use localhost. That's not helpful. Why not stand up another server instance or get a testing vm slice from slicehost?
2.) You probably want a bunch of different user accounts and a couple different OAuth key/secret credentials for testing.
You were on the right track though: DO test revoking the app's credentials via your twitter account's connections setting. That should happen gracefully. You might want to store a status value alongside the access token information, so you can mark tokens as revoked.