I am trying to apply the coinbase wallet API with oauth to use its send functionality. I have been able to connect to the API and use its endpoints, but whenever I try to use the send functionality, I am thrown the error Invalid amount for meta[send_limit_amount]. My omniauth initializer looks like this:
provider :coinbase, , ENV['CLIENT_ID'], ENV['CLIENT_SECRET'],
scope: 'wallet:user:read wallet:user:email wallet:accounts:read wallet:transactions:send'
The reason for this error is because, in order to use the send functionality, coinbase requires additional parameter meta[send_limit_amount]. Where and how am I supposed to apply this additional scope?
UPDATE: So I've made some progress in that I am able to attach one meta scope to my initializer, which seems to be sticking (as shown when I print out the auth_info). This is the current state of my initializer:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'], scope: 'wallet:user:read wallet:user:email wallet:accounts:read ', :meta => {'send_limit_currency' => 'BTC'}
end
# wallet:transactions:send
# :meta => {'send_limit_amount' => '0.0001'}
The problem now is that I cannot seem to figure the syntax necessary to add the send_limit_amount property to the oauth meta hash.
Managed to solve the problem with the following initializer;
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'],
scope: 'wallet:user:read wallet:user:email wallet:accounts:read wallet:transactions:send',
:meta => {'send_limit_amount' => 1}
end
Now, I need to either disable the two factor authentication or determine how to Re-play the request with CB-2FA-Token header
Related
I need a way to send dynamic params using omniauth-saml from SP TO IDP. The requirement is there are 2 websites website 1 and website 2. Website 1 is controlled by another team where saml is already implemented. On my website, I have added a button and on click of it, I will send a request to website 1. Along with the request I need to send user parameters such as first_name, last_name, email & some custom attributes. In my previous stackoverflow post I was able to understand that I need to make use of omniauth-saml and some basic details. But the issue which I am still not able to send dynamic attributes.
When I am going through the documentation I believe I need to make use of
:idp_sso_target_url_runtime_params => {:original_request_param => :mapped_idp_param},
But I am not sure how can I pass dynamic params through it. In my previous post, a person referred me to do a monkey patch but it didn't work for me. Could anyone has any suggestion
Rails.application.config.middleware.use OmniAuth::Builder do
provider :saml,
#:assertion_consumer_service_url => "consumer_service_url",
:issuer => "my_application",
:idp_sso_target_url => "target_url",
:idp_sso_target_url_runtime_params => {:original_request_param => :mapped_idp_param},
:idp_cert => "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----",
:name_identifier_format => "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
end
You can pass dynamic values via middleware adapter.
Like:
app/service/saml_idp_setting_adapter.rb
class SamlIdpSettingAdapter
def self.settings(issuer)
idp = ::IdentityProvider.find_by_issuer(issuer)
if idp.present?
{
assertion_consumer_service_url: "#{ENV['APP_URL']}/users/saml/auth",
assertion_consumer_service_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
issuer: "issuer",
idp_entity_id: idp.entity_id,
idp_slo_service_url: idp.slo_target_url,
idp_sso_service_url: idp.sso_target_url,
idp_cert_fingerprint: idp.cert_fingerprint,
idp_cert_fingerprint_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha256'
}
else
{}
end
end
end
and setup initialiser file with above adaptor
Rails.application.config.middleware.use OmniAuth::Builder do
provider :saml,
:idp_settings_adapter => SamlIdpSettingAdapter
end
The initializer for the omniauth-shopify-oauth2 gem is supposed to look like this:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :shopify, ENV['SHOPIFY_API_KEY'], ENV['SHOPIFY_SHARED_SECRET']
end
However, in our Rails app resides a few different brands who offers the same functionality. Throughout the entire app, the request.domain of a request determines which brand you are exposed to (brand1.example.com, brand2.example.com, etc.).
We can easily store brand specific credentials and redirect the users to the brand specific authorization path:
https://example.myshopify.com/admin/oauth/authorize?client_id=brand1&scope=read_orders,read_products&redirect_uri=https://brand1.example.com/auth/shopify/callback
But I can't figure out how we can have different providers for the middleware, chosen based on the visited request.domain. Any idea how to set this up?
Omniauth provides documentation on Dynamic Providers, which will be helpful here. Something like:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :shopify, setup: lambda do |env|
# Do logic to get correct credentials for request.
# For example, if you store the credentials on a model called Brand,
# and have it keyed on "subdomain":
request = ActionDispatch::Request.new(env)
brand = Brand.find_by(subdomain: request.subdomain)
env['omniauth.strategy'].options.merge!({
client_id: brand.client_id,
client_secret: brand.client_secret
})
# `site` needs to be set. This is part of the shopify provider setup phase, which we are overriding
env['omniauth.strategy'].options[:client_options][:site] = "https://#{ request.GET['shop'] }"
end
end
I am using omniauth-pinterest gem to authenticate Pinterest users. In addition to the default "write_public" I need to pass "write_public" scope. What's the best way to pass "read_public,write_public" scope with the auth request?
Hello there I did not try omniauth-pinterest, but in omniauth-google-oauth2
we can pass the scope in initializer file. As I expect you can also pass the scope same as omniauth-google-oauth2 like:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :pinterest, ENV['PINTEREST_APP_ID'], ENV['PINTEREST_APP_SECRET'], scope: ["read_public", "write_public"]
end
I'm working on a dashboard for my colleagues that shows a few stats from Google Analytics next to some other statistics. To get access to the Analytics data I use OAuth2. OAuth2 requires a scope to get send along with the authentication request in order to get access tokens. I created a client ID in the APIs Console that has access to Analytics, and specify the scope in an initializer that looks like this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'http://gdata.youtube.com,userinfo.email,userinfo.profile,analytics.readonly' }
end
This uses the omniauth-google-oauth2 gem, and the scope I found in an example somewhere. However, for my implementation, I think this scope is strange. Instead of http://gdata.youtube.com,userinfo.email,userinfo.profile,analytics.readonly I would like to use https://www.googleapis.com/auth/analytics.readonly, but changing to that scope causes the request to return invalid_credentials. What is the correct way to specify only access to analytics data is needed?
Scopes should be seperated by a space character, not a comma:
https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl
if you need Youtube and Analytics scopes use:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'http://gdata.youtube.com,userinfo.email https://www.googleapis.com/auth/analytics.readonly' }
end
if you need just Analytics, use:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'https://www.googleapis.com/auth/analytics.readonly' }
end
I'm working on getting calendar data from google using OmniAuth and the google-oauth-2 strategy.
If I put nothing into the scope field it works fine and I get the default info without the auth/failure message and I can use the app normally.
However the moment I add a scope, as in the example below, I get an "auth/failure?message=invalid_credentials".
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['TEST_KEY'], ENV['TEST_SECRET'], { :scope => 'https://www.google.com/calendar/feeds/' }
end
Is there something I'm missing or something I should change?
A quick e-mail from the google-oauth-2 strategy author pointed out the following:
If you don't include the profile scopes, it fails to authenticate.
By adding userinfo.email and userinfo.profile (along with the calendar scope) to the comma separated :scope list I was able to fix the problem.
Example:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['TEST_KEY'], ENV['TEST_SECRET'],
{ :scope => 'userinfo.email, userinfo.profile, https://www.googleapis.com/auth/calendar' }
end
Funny, this didn't work for me.
I was able to make it work, removing the comma from the scope:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['TEST_KEY'], ENV['TEST_SECRET'],
{ :scope => 'https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/userinfo.profile' }
end