I need to know the email validation logic in d2l to implement the same in another system which integrates with d2l. we are having issues as the email which is valid in our system is getting an error when creating the same user in d2l. It appears it does not like "." and "#" consecutively however the full regex for this validation will be useful.
The email integration between Brightspace and your institutional services is, I believe, documented, but is also complex. Because this is a service configuration topic that's typically part of deployment of the service, and not actual use of the service day to day, the documentation is not publicly accessible at this time but may be available by request through your institution's account. I would recommend that you pursue this line of inquiry via your Brightspace account manager or approved support contact.
Related
Problem: I am currently working on making a REST Api available to clients (the client in this case is not the normal end user who orders the articles, but the client's Web Api that communicates with my system). In order to order different products in my system, each customer may have several accounts for each country separately. Authentication is done by authenticating the client's WebApi application to my system (machine to machine). So it looks like this should be done using OAuth2 Client Credentials Flow based on the article https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios#scenarios- and-supported-authentication-flows, but I have doubts about the issue of client accounts for each country separately.
Question: This should be solved by creating a ClientId and ClientSecret for each client account per country separately or, however, one client account should be created, while the country should be sent by the client in each request to the Api or before adding the country as a scope or claim to access token.
Additionally, I am not sure if Client Credentials Flow is a good choice in this situation, so I would be very grateful for any suggestions.
CLIENTS
Ideally each client company should have a single client credential for getting access tokens. In sone cases, such as when there are different legal subdivisions, this can be extended. By default use a single value, but you need to understand your clients.
A client credentials flow between companies can involve stronger credentials if needed, such as JWT client assertions or Mutual TLS - as in this advanced tutorial.
CLAIMS
In your system you should map domain specific data needed for authorization against each client ID. This might include country specific access to products or whatever makes sense for your scenario.
This data can then be either included in access tokens at the time of issuance, or looked up when an access token is first received, then cached for subsequent requests with the same token. Step 3 of my Authorization Blog Post explains a couple of design patterns here.
API REQUESTS
How the client gets data in API requests is interesting:
Is data for all countries owned by the caller? If so let them select the data they want via a country parameter during API requests.
If the API client shoild never be able to see data for a country, that suggests that in at least some cases you need different clients per country.
SUMMARY
Define clients in terms of what makes sense for those companies. Avoid an explosion of clients in order to manage access rights for the same data owner. Exact solutions depend on your domain specific requirements. OAuth is a framework that is meant to be adapted.
If your entire existing data-model silos 'countries' by a concept of an account, then a set of credentials per account might be the easiest.
But it sounds to me that your data-model doesn't fully capture your actual business well. It sounds to me like you have a concept of a 'customer/client' that has access to one of more 'accounts', each representing a country.
So a more correct way to model this might be to structure your API so that a single API client can access all of the related accounts, and your API should perhaps be structured so that the idea of an accountId is somehow passed (usually in the URL for REST apis). For example, each API endpoint can be prefixed with /account/123.
To me this is more of a data-modelling and API architecture question than anything OAuth2-specific.
I am working on a service that logs into JIRA and performs few operations that are not associated with a particular user. Right now, I'm using a virtual account and authenticating the JIRA by the accounts username and password. The use case requires a significant number of such services to be created. The current solution will be messy to maintain, because I need to keep a track of service level logs, which will require creation of a large number of virtual accounts, whose management is difficult. Is there a service account like concept in JIRA that allows a service to perform authentication as an application like on Google cloud?
Their reference about the REST API.
I played with it once, remember it requires API key or token maybe.
UPDATE: I failed to mention earlier that we want solution that will be flexible with authenticating users from within our databases or by asking other servers to tell us if the user is authenticated. It is also worth mentioning that these other servers are not under our control so we can't enforce a specific user model.
I had a long and hard read on OAuth and OpenID but they are both not a suitable solution for our situation and will make the process harder to the user. This is something that has been solved a thousand times, yet I cannot find the solution.
What we are looking for is a framework that can be used in a REST services server to authenticate users (no third-party clients involved) with their username and password.
The solution must not pass the username and password except the first time on login and use tokens for further authentication. Even though OAuth does use tokens, it is designed to allow third-party clients access to the service-providers resources. That is not the case here, the services are for our own application only, the only thing needed is user authentication.
What do you guys think is the most appropriate solution?
Configuration:
-Spring server that provides RESTful services with our thinking going towards using Spring Security with some user management and token management framework.
-iOS Device that will be making HTTPS calls to the server.
What we ultimately want is to have the device send a login request and receive a token if the login was successful, later on make requests using that token. Just like Facebook, excluding third-party involvement.
Is there something that is ready to be configured in our server? Or should we consider building our own token management, comparison and generation software?
Is using Spring-Security with an iOS application without involving storing cookies or redirecting to pages possible?
OpenStack offers as part of it's many projects related to open source cloud... the project Keystone. Which does this pretty much exactly what you want.
You might want to check it out here:
http://docs.openstack.org/developer/keystone/
I want to apply FedEx API in my e-commerce website.
but I did't know how to apply that API.
I have done "Test Key registration" and get Test Account information.
so what I am doing next.
Thanks
The following answer is concerning the tracking service which is part of the shipping services:
After receiving your test credentials (key, password, account number and meter number), use them to send SOAP requests (as you normally do using your programming language) to the service at https://wsbeta.fedex.com:443/web-services/track
Use 123456789012 as a test tracking number.
When you are ready to move to the production environment, change the service path to https://ws.fedex.com:443/web-services/track (or https://gateway.fedex.com:443/web-services/track) and use the production credentials that can be obtained from here
Please refer to the documentation to be informed on how to use the services with your programming language.
According to FedEx, they are retiring their API soon. I believe the target date is the end of May, 2012. Now they are going to web services instead of an API. Here is more on the announcement:
http://www.fedex.com/us/developer/migration.html
As far as the web services are concerned, they have good documentation on their site for both how to access the web services directly and how to put a widget on your site that will allow a customer to look up their shipping. Here are those resources:
http://www.fedex.com/us/developer/solutions.html
There are also demos and tutorials here:
http://www.fedex.com/us/developer/web-services/index.html
I hope that helps you get started.
If you feel you are ready to test live shipments you wil now need to contact the fedex help desk and ask to get a user key that will be associated with your fedex account.
The test key only gets you to the testing side of web services. To get real rates and such you will need to point to the live gateway using a real user key.
I'm working on a small Rails application in which I'd like users to be able to prove that accounts they have at other sites, Live Journal, Stack Overflow, Reddit, etc. are in fact theirs.
Can anyone provide any guidance on how best to accomplish something like this?
I've outlined some potential options for account verification.
Ask users to basically pass their log in credentials to the application via SSL and allow it to verify that it can log in. Then, of course, log out and delete any user session data/credentials. Problems:
People are not going to psyched about the idea of exposing their credentials to a third party system.
Handing off log in information may well be against many
website's ToS agreements.
The idea makes me queasy.
Provide the user with a hash and ask them to insert it into some field of the their public profile. Putting "aTWIUqHRgxEpSVaQzCYc" in the location field of my Stack Overflow account for example and then having the application verify the hash via either API or screen scrape depending on the website.Problems:
This is tedious to do for more than one or two websites.
Some sites don't have any sort fields with user supplied information. Reddit for example.
Again, provide the user with a hash but ask them to send that hash via the website's message system to a specified user account. A server process would routinely check that account's inbox and then link the hash with the account. This seems like the easiest solution.
3B. Have the user friend the specified account when applicable.
I've not yet done enough due diligence investigating what options OAuth or OpenId might provide to speak intelligently about them.
I realize the headache of having to verify accounts this way is going to cause a barrier to entry. Not only that but failing to have a single consistent method for doing it.
I would go with OAuth / OpenID, there is a gem called omniauth and it supports a wide variety of external providers. Ryan Bates has made 3 railscasts about omniauth so you could start there! It's really easy to get it up and running. If you follow the railscasts by Ryan Bates you can allow your users to use more than 1 provider (e.g twitter, openid and facebook).