I logged into my app using my FB credentials via the standard Parse SDK instructions. All worked fine, until I was playing with the phone settings and decided to switch off the application's fb authorization in the privacy settings in my phone.
I then couldn't log into the app using my FB credentials anymore. So I tried to remove the app from my facebook apps via facebook.com and waited a while, but still I get error:
com.facebook.sdk:ParsedJSONResponseKey={
body = {
error = {
code = 190;
"error_subcode" = 458;
message = "Error validating access token: The user has not authorized application xxxxxx.";
type = OAuthException;
};
};
code = 400;
headers = (
{
name = "Access-Control-Allow-Origin";
value = "*";
},
{
name = "Content-Type";
value = "text/javascript; charset=UTF-8";
},
{
name = Pragma;
value = "no-cache";
},
{
name = Vary;
value = "Accept-Encoding";
},
{
name = "Cache-Control";
value = "no-store";
},
{
name = "WWW-Authenticate";
value = "OAuth \"Facebook Platform\" \"invalid_token\" \"Error validating access token: The user has not authorized
application xxxxxxxxx.\"";
},
{
name = Expires;
value = "Sat, 01 Jan 2000 00:00:00 GMT";
}
); }}
I ended up solving the issue on my phone by resetting my privacy settings. Its an issue with iOS for not flushing the privacy settings once a user de-authorizes the application. It should have just asked for permission but the didn't.
Related
I am using firebase UI (Vanilla JavaScript) to sign in/ signup user in my ASP.NET Core application. The login and signup works perfectly the issue arises when the token gets expired which is after 1 hour. At that point firebase SDK refreshes the access token using refresh token. But sometimes access token is not fetched instantly and takes some time, during this time my application thinks that the user is unauthorized and logs them out and brings them back to login page. But later the access token finally comes and is set as a cookie and now at this point if I refresh the login page it redirects me to user profile meaning that the user was authenticated successfully.
This is my code for setting up the cookie every time the access token is changed
firebase.auth().onIdTokenChanged(async (user) => {
if (user) {
user.getIdToken().then(function (accessToken)
{
document.cookie = #Json.Serialize(CookieConfig.Value.CookieName) + "=" + accessToken.toString() + "; path=/; expires=Fri, 31 Dec 9999 23:59:59 GMT";
});
}
});
this is my code for verifying the jwt in cookie
services.AddAuthentication(x => {
x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = "https://securetoken.google.com/project-id";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "https://securetoken.google.com/project-id",
ValidateAudience = true,
ValidAudience = "project-id",
ValidateLifetime = true
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
context.Token = context.Request.Cookies[configuration.GetSection("CookieConfiguration")["cookieName"]];
return Task.CompletedTask;
}
};
});
PS: I am saving the access token as cookie every time it is changed and verifying it.
I am trying to fetch Linkedin User's following details like Name, email-id, profilePic, id.
I am able to fetch all the details except email-id and profilePic.
Fetching details via Linkedin url
{
firstName = Apple;
formattedName = "Apple Live";
id = 7uRZgpgwgO;
lastName = Live;
picture_url = "" ;
email-id = "abc#gmail.com"
}
Fetching details via Linkedin app
{
firstName = Apple;
formattedName = "Apple Live";
id = 7uRZgpgwgO;
lastName = Live;
}
Linkedin app code
LISDKAPIHelper.sharedInstance().getRequest("https://api.linkedin.com/v1/people/~:(id,first-name,last-name,maiden-name,email-address,picture-url,formattedName)?format=json", success: {
}
The following code solved my issue
To get email address via app:
[LISDK_BASIC_PROFILE_PERMISSION,LISDK_EMAILADDRESS_PERMISSION]
To get Profile Pic:
picture-urls::(original)
I am using Postman to test OAuth 2 from a vanilla AEM install.
Postman can successfully obtain the authorization code from /oauth/authorize after I grant access:
But when it tries to use the code to obtain a token from /oauth/token it receives the following response:
HTTP ERROR: 403 Problem accessing /oauth/token. Reason: Forbidden
Powered by Jetty://
Looking in Fiddler it is doing a POST to /oauth/token with the following Name/Values in the body:
client_id: Client ID from /libs/granite/oauth/content/client.html
client_secret:
Client Secret from /libs/granite/oauth/content/client.html
redirect_uri: https://www.getpostman.com/oauth2/callback
grant_type: authorization_code
code: Code returned from previous request to oauth/authorize
Am I missing something?
Would help if you can list some code snippets on how you are building the url and fetching the token.
Here's an example of how we've implemented very similar to what you are trying to do, maybe it'll help.
Define a service like below (snippet) and define the values (host, url, etc) in OSGI (or you can also hard code them for testing purposes)
#Service(value = OauthAuthentication.class)
#Component(immediate = true, label = "My Oauth Authentication", description = "My Oauth Authentication", policy = ConfigurationPolicy.REQUIRE, metatype = true)
#Properties({
#Property(name = Constants.SERVICE_VENDOR, value = "ABC"),
#Property(name = "service.oauth.host", value = "", label = "Oauth Host", description = "Oauth Athentication Server"),
#Property(name = "service.oauth.url", value = "/service/oauth/token", label = "Oauth URL", description = "Oauth Authentication URL relative to the host"),
#Property(name = "service.oauth.clientid", value = "", label = "Oauth Client ID", description = "Oauth client ID to use in the authentication procedure"),
#Property(name = "service.oauth.clientsecret", value = "", label = "Oauth Client Secret", description = "Oauth client secret to use in the authentication procedure"),
#Property(name = "service.oauth.granttype", value = "", label = "Oauth Grant Type", description = "Oauth grant type") })
public class OauthAuthentication {
...
#Activate
private void activate(ComponentContext context) {
Dictionary<String, Object> properties = context.getProperties();
host = OsgiUtil.toString(properties, PROPERTY_SERVICE_OAUTH_HOST,new String());
// Similarly get all values
url =
clientID =
clientSecret =
grantType =
authType = "Basic" + " "+ Base64.encode(new String(clientID + ":" + clientSecret));
}
public static void getAuthorizationToken(
try {
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
Session session = resourceResolver.adaptTo(Session.class);
// Getting the current user
Authorizable auth = userManager.getAuthorizable(session.getUserID());
user = auth.getID();
password = ...
...
...
String serviceURL = (host.startsWith("http") ? "": protocol + "://") + host + url;
httpclient = HttpClients.custom().build();
HttpPost httppost = new HttpPost(serviceURL);
// set params
ArrayList<BasicNameValuePair> formparams = new ArrayList<BasicNameValuePair>();
formparams.add(new BasicNameValuePair("username", user));
formparams.add(new BasicNameValuePair("password", password));
formparams.add(new BasicNameValuePair("client_id", clientID));
formparams.add(new BasicNameValuePair("client_secret",clientSecret));
formparams.add(new BasicNameValuePair("grant_type",grantType));
UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(postEntity);
// set header
httppost.addHeader("Authorization", authType);
response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
if (response.getStatusLine().getStatusCode() == 200) {
if (entity != null) {
object = new JSONObject(EntityUtils.toString(entity));
}
if (object != null) {
accessToken = object.getString("access_token");
////
}
}
}
I found the answer myself and thought I'd share the process I went through as well as the answer because it might help other people new to AEM.
How to find the cause of the error:
Go to CRXDE Lite.
Select console.
Then deselect the stop button to allow new console logs to appear (this is very counter-intuitive to me).
From here I was able to see the cause of the issue:
org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /oauth/token
Because postman does not place a referrer in the request header I had to tell Apache Sling to allow empty request headers.
To do this:
Go to /system/console/configMgr
Open the Apache Sling Referrer Filter Config
Select the Allow Empty check box
Good way to allow this to list the allowed hosts, otherwise this is against best practices for AEM security checklist.
Its fine for development environment not for production.
I'm updating the example Todo app from Microsoft Azure Mobile Services for iOS to use Table Storage instead of the default MSSQL backend. At the moment, when I try to insert a new item, I am getting the following error in the client:
2014-11-22 11:06:44.895 xxx[6942:869598] ERROR Error Domain=com.Microsoft.WindowsAzureMobileServices.ErrorDomain Code=-1201 "The server did not return the expected item." UserInfo=0x7a6b1040 {NSLocalizedDescription=The server did not return the expected item., com.Microsoft.WindowsAzureMobileServices.ErrorResponseKey=<NSHTTPURLResponse: 0x7a764cc0> { URL: https://xxx.azure-mobile.net/tables/TodoItem } { status code: 200, headers {
"Cache-Control" = "no-cache";
"Content-Encoding" = gzip;
"Content-Length" = 126;
"Content-Type" = "application/json";
Date = "Sat, 22 Nov 2014 19:06:44 GMT";
Server = "Microsoft-IIS/8.0";
Vary = "Accept-Encoding";
"X-Powered-By" = "ASP.NET";
"x-zumo-version" = "Zumo.master.0.1.6.4100.Runtime";
} }, com.Microsoft.WindowsAzureMobileServices.ErrorRequestKey=<NSMutableURLRequest: 0x7a7797a0> { URL: https://xxx.azure-mobile.net/tables/TodoItem }}
I have not changed the client code. The docs at https://github.com/Azure/azure-mobile-services/blob/master/sdk/iOS/src/MSJSONSerializer.m suggest that this error is an 'errorForExpectedItem' error, and it gets thrown in itemFromData:withOriginalItem:ensureDictionary:orError:.
This error started happening as I was trying to get the todoitem.read.js script to work; I am so far unable to get usable entities back from that script. Here's my todoitem.read.js as it now stands:
var azure = require('azure-storage');
var tableSvc = azure.createTableService();
function read(query, user, request) {
query = new azure.TableQuery()
.select()
.where('PartitionKey eq ?', 'learningazure');
console.log('query: ', query);
tableSvc.queryEntities('TodoItem',query, null, function(error, result, response) {
if(!error) {
// query was successful
// add the count to the response dictionary
response.count = response.body.value.length;
response.results = result.entries;
request.respond(200, response);
} else {
console.log('Error calling read()');
console.log(error);
}
});
}
Any suggestions?
Derp. My error: in todoitem.insert.js, in the insert() function, I was never calling request.respond().
Now the node.js code is returning data, but it's still not showing up in the iOS client. More reading required.
I have been trying to insert a Google calendar event via Google service account that was created for an app in my dev console, but I am continually getting a helpless 404 response back on the Execute method. In the overview of the dev console I can see that the app is getting requests because there are instances of errors on the calendar.events.insert method. There is no information on what is failing. I need this process to use the Service account process instead of OAuth2 so as to not require authentication each time a calendar event needs to be created.
I have set up the service account, given the app a name, have the p12 file referenced in the project. I've also, gone into a personal calendar and have shared with the service account email address. Also, beyond the scope of this ticket, I have created a secondary app, through an administration account and have granted domain wide access to the service account only to receive the same helpless 404 error that this is now giving.
Error Message: Google.Apis.Requests.RequestError
Not Found [404]
Errors [Message[Not Found] Location[ - ] Reason[notFound] Domain[global]
Any help identifying a disconnect or error would be greatly appreciated.
var URL = #"https://www.googleapis.com/calendar/v3/calendars/testcalendarID.com/events";
string serviceAccountEmail = "createdserviceaccountemailaq#developer.gserviceaccount.com";
var path = Path.Combine(HttpRuntime.AppDomainAppPath, "Files/myFile.p12");
var certificate = new X509Certificate2(path, "notasecret",
X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { Google.Apis.Calendar.v3.CalendarService.Scope.Calendar },
}.FromCertificate(certificate));
BaseClientService.Initializer initializer = new
BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Test App"
};
Google.Apis.Calendar.v3.CalendarService calservice = new Google.Apis.Calendar.v3.CalendarService(initializer);
string timezone = System.TimeZone.CurrentTimeZone.StandardName;
var calendarEvent = new Event()
{
Reminders = new Event.RemindersData()
{
UseDefault = true
},
Summary = title,
Description = description,
Location = location,
Start = new EventDateTime()
{
//DateTimeRaw = "2014-12-24T10:00:00.000-07:00",
DateTime = startDateTime,
TimeZone = "America/Phoenix"
},
End = new EventDateTime()
{
//DateTimeRaw = "2014-12-24T11:00:00.000-08:00",
DateTime = endDateTime,
TimeZone = "America/Phoenix"
},
Attendees = new List<EventAttendee>()
{
new EventAttendee()
{
DisplayName = "Joe Shmo",
Email = "joeshmoemail#email.com",
Organizer = false,
Resource = false
}
}
};
var insertevent = calservice.Events.Insert(calendarEvent, URL);
var requestedInsert = insertevent.Execute();
I had the same problem. The solution was to add an email client, whose calendar event you want to send.
Credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = Scopes,
User = "example_client_email#gmail.com"
}.FromCertificate(certificate));
So I found out that for this to work, You need to make sure that you access the google.Admin account for referencing the service account Client ID of the app you created.
Another thing that helps is making sure the timezone is in the following format "America/Phoenix"
I have now successfully created events through the service account WITHOUT authentication.