I've been looking at https://github.com/rfdickerson/watson-translation-demo which attempts to show how to do authentication using Facebook OAuth on iOS and with a NodeJS Backend.
The iOS code is straightforward :
let token: String = FBSDKAccessToken.currentAccessToken().tokenString
let fbAccess = FacebookAuthenticationStrategy(
tokenURL: "https://watsonsdkdemo.mybluemix.net/language-translation-service/api/v1/token",
fbToken: token)
translateService = LanguageTranslation(authStrategy: fbAccess)
The problem is that the server/app.js has
var creds = appEnv.getServiceCreds(/facebook-authentication/) || {}
and the manifest.yml has
- services:
- facebook-authentication
But when you cf push the scripts to your Bluemix account you get:
FAILED
Could not find service facebook-authentication to bind to xxxxxxx
The problem is nowhere does the author describe what the 'facebook-authentication" service is.
In the server deployment instructions they have
$ cf login
$ cf create-service speech_to_text standard speech-to-text-service
$ cf create-service text_to_speech standard text-to-speech-service
$ cf create-service language_translation standard language-translation-service
$ cf env
$ cd server
$ cf push
Nothing stating what the facebook-authentication service is.
I apologize that the instructions are incomplete. facebook-authentication is supposed to be a user-provided service. You can create it using the cf create-user-provided-service command:
cf create-user-provided-service facebook-authentication -p "APP_SECRET_GOES_HERE"
The idea is that when you register a Facebook application, they give you an App Secret. Since that secret should not be embedded in the source code, you can set it in the environment variables VCAP by creating a custom service that provides that information for you.
Note, I did not finish actually using the app secret to check the legitimacy of the credentials. Although this is a small security vulnerability for man-in-the-middle-attacks, the facebook token checking still works because in the Facebook App settings I made it so that using the App secret is not required. For now, just create the user service and set the value to anything you would like.
Hope this helps!
Related
I have previously had Serverless installed on a server, and then when I tried to edit the function and package it back up to edit the zip file I broke it, so I have to start all over. So to begin this issue: I had Serverless running and was using it with this package - https://github.com/adieuadieu/serverless-chrome/tree/master/examples/serverless-framework/aws
When I sudo npm run deploy, I get the ServerlessError:
ServerlessError: User: arn:aws:sts::XXX:assumed-role/EC2CodeDeploy/i-268b1acf is not authorized to perform: cloudformation:DescribeStackResources on resource: arn:aws:cloudformation:us-east-1:YYY:stack/aws-dev/*
I'm not sure why it is trying to connect to a Role and not an IAM. So I check the Role, and it is in an entirely different AWS account than the account I've configured. Let's call this Account B.
When it comes to configuration, I've installed AWS CLI and entered in the key, id, and region in my Account A in AWS. Not touching Account B whatsoever. When I run aws s3 ls I see the correct s3 buckets of the account with the key/id/regioin, so I know CLI is working with the correct account. Sounds good. I check the ~/.aws/creditionals file and just has one profile [default] which seems normal. No other profiles are in here. I copied this over to the ~/.aws/config file so now both files are same. Works great.
I then go into my SSH where I've installed serverless, and run npm run deploy and it gives me the same message above. I think maybe somehow it is not using the correct account for whatever reason. So I manually set the access key and secret with the following commands:
serverless config credentials --provider aws --key XXX --secret YYY
It tells me there already is a profile in the aws creds file, so I then add --o to the end to overwrite. I run sudo npm run deploy and still same error.
I then run this command to manually set a profile in the creds for serverless, with the profile name matching the IAM user name:
serverless config credentials --provider aws --key XXX --secret YYY --profile serverless-agent
Where "serverless-agent" is the name of my IAM user I've been trying to use to deploy. I run this, it tells me there already is an existing profile in the aws creds file so I run it with --o and it tells me the aws file is now updated. In bash I go to Vim the file and I only see the single "[default]" settings, as if nothing has changed. I run sudo npm run deploy and it gives me the same Error.
I then go and manually set the access and secret:
export AWS_ACCESS_KEY_ID=XXX
export AWS_SECRET_ACCESS_KEY=YYY
I run sudo npm run deploy and it gives me the same Error.
I even removed AWS CLI, and the directory that holds the creditionals and config files - and when I manually set my account creds via serverless config it tells me there already is a profile set up in my aws file, prompting me to use the overwrite command - how is this possible when the file is literally not on my computer?
So I then think that serverless itself has a cache or something, calling the wrong file or whatever for creds, so I uninstall serverless via sudo npm uninstall -g serverless so that I can start from zero again. I then do all of the above steps and more all over again, and nothing has changed. Same error message.
I do have Apex.run set up, but that should be using my AWS CLI config file so I'm not sure if that is causing any problems. But then again I've no clue of anything deep on this subject, and I can't find any ability to remove Apex itself in their docs.
In the package I am trying to deploy, I do not have a profile:XXX set in the serverless.yml file, because I've read if you do not then it just defaults to the [default] profile you have set in the aws creds file on your computer. Just to check, I go into the serverless.yml file and set the profile: default, and the error I now get when I run npm run deploy is
Profile default does not exist
How is that possible when I have the "default" profile set in my creds file? So I remember that previously I ran the serverless config creditionals command and added the profile name of serverless-agent to it (yet didn't save in the aws creds file as I mentioned above), so I add that profile name to the serverless.yml file just to see if this works, and same error of "Profile default does not exist".
So back to the error message. The Role is an account not even related to the IAM user I'm using in my aws creds. Without knowing a lot about this, it's as if the config in serverless via ssh isn't correct or something. Is it using old creds I had set up in Apex.run? Why is the aws creds file not updated with the profile when I manually set it in serverless config command? I am using the same user account (but with new key and secret) that I used a few weeks ago when I correctly deployed and my Lambda and API was set up for me on AWS. Boy do I miss those time and wish I didn't mess up my existing Lambda functions, without setting version number prior, forcing me to start all over.
I am so confused. Any help would be greatly appreciated.
If you are using IAM role then you have to use that IAM role through assume role using powershell.
I was also facing same issue earlier, when we moved from from user to role.
I'm trying to login to an own hosted Travis Enterprise, but usual travis login and travis login --pro are trying to login to usual Travis SAAS environment
Given that your Travis is hosted at travis.fewlaps.com, run
travis login -I -t your-travis-token -e https://travis.fewlaps.com/api --github-token=personal-access-token-from-githubenterprise &&
travis endpoint --set-default -e https://travis.fewlaps.com/api
...and then, to use your own Travis instead of the common one at every travis command,
travis endpoint --set-default -e https://travis.fewlaps.com/api
Remember that Travis will need that your GitHub Enterpise has the needed permissons. Right now, we're giving to that token these permissions:
repo (all of them)
admin:repo_hook
user
For those still struggling with this, the following helped me:
travis login --pro -X --github-token ${github-token}
Make sure you set the github token for your personal account with access to the private repos as detailed here, and create the token with the following permissions:
For private projects:
user:email (read-only)
read:org (read-only)
repo
for open source projects:
user:email (read-only)
read:org (read-only)
repo_deployment
repo:status
write:repo_hook
I have been struggling with this for several months and finally figured it out (accidentally). You can use the -X option to log into enterprise accounts. This might have always been present, but I was not aware of it.
travis login -X --github-token ${my-github-enterprise-token}
Then enter the enterprise domain when prompted and use it as the default endpoint.
I am trying to encrypt some signature details using travis cli:
travis encrypt SONATYPE_USERNAME=xxxx
I get an error saying :
not logged in, please run travis login --pro
Is it required to have a pro login to use encrypt? Can I not use org login and use this command?
To encrypt, Travis-CLI will require being logged in first. The --pro flag provided with the help string is a good default (travis.com (paid) users are more likely to use the CLI), but not strictly necessary and can be replaced with --org, which will use the travis.org (free) endpoint.
for https://travis-ci.org
travis login --org
travis encrypt <string> --org
I have a installation of IBM Connections 4.5 and the SBTPlayground on my Domino Server. Anyway I want to use it with the Playground on premise. But I can't find the right information for the custom environment. It wants OAuth2 - Consumer Key, OAuth2 - Consumer Secret and so on. So I have found many documentation about all. One of this with the WebSecurityStore but for this I need also actual URL's which I not found.
My first step is to bring a OAuth2 configuration with Greenhouse Connections.
The second step with Connections on premise.
So with this documentations are all not working, the URL's are not working. Or I can't register a app on Greenhouse, or any URL gives the keys back.
http: //heidloff.net/nh/home.nsf/article.xsp?id=12152011034545AMNHECAP.htm
http: //www.xpagescheatsheet.com/cheatsheet.nsf/135E58313968CEEB8825799100478A6F/$FILE/Ni9-CS-SocialTools-8.5x11%20PDF.pdf
http://www-10.lotus.com/ldd/appdevwiki.nsf/xpAPIViewer.xsp?lookupName=API+Reference#action=openDocument&res_title=Step_2_Obtain_authorization_code_sbt&content=apicontent
http://www.openntf.org/Projects/pmt.nsf/DA2F4D351A9F15B28625792D002D1F18/%24file/SocialEnabler111006.pdf
Does anyone have an idea?
#Raphael use these URLS from the sbt.properties file
# Connections OAuth 2.0 Endpoint Parameters
connectionsOA2.url=https://qs.renovations.com:444
connectionsOA2.serviceName=SBTK
connectionsOA2.appId=SBTK
connectionsOA2.consumerKey=SBTK
connectionsOA2.consumerSecret=
connectionsOA2.authorizationURL=https://qs.renovations.com:444/oauth2/endpoint/connectionsProvider/authorize
connectionsOA2.accessTokenURL=https://qs.renovations.com:444/oauth2/endpoint/connectionsProvider/token
connectionsOA2.apiVersion=4.0
Register your oauth keys Using wsadmin.sh
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_4.5.0/admin/admin/r_admin_common_oauth_manage_list.html
Example is https://github.com/OpenNTF/SocialSDK/blob/0f7237b6ff22fed631bde9e4e16ed9744506694c/samples/scripts/oauthQSI.py
import sys
execfile('oauthAdmin.py')
OAuthApplicationRegistrationService.addApplication(sys.argv[0],sys.argv[1],sys.argv[2])
clientSecret = OAuthApplicationRegistrationService.getApplicationById(sys.argv[0]).get('client_secret')
print clientSecret
you can invoke it using a script
#
Parameters
USER=$1
PASSWORD=$2
CLIENTID=$3
APPID=$4
URL=$5
#Starts WSAdmin
cd /local/con/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/
/local/con/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -user $USER -password $PASSWORD -lang jython -port 8883 -f /local/qsi/bin/con/oauthQSI.py $CLIENTID $APPID $URL
I am working on a service which requires authentication.
I would like to base the authentication on my Redmine and grant access to registered users which are members in a private project.
The membership I have figured out:
curl -v -u account:secret \
https://myredmine/projects/private/memberships.json
But how to find out if a user can authenticate?
Use /users/current.json:
curl -v -u account:secret \
https://myredmine/users/current.json
It will return 401 if the user fails to login.
Add ?include=memberships to the URL to retrieve a list of associated projects.
I don't think it will work with OpenID though.
Use the built-in API. You can enable it for each user, once you get the key:
// Pseudo-code
api_key = '65454ftfg53543f34g34f23g'
url = "http://www.myredminesite.com/projects/my_project/issues.json?key=" + api_key
You can enable the API key if you log in and click on "My Account", then on the right should be your API access key.project.
There where some issues with older version I think. I run Redmine 2.1.2.stable and that works great.