I'm trying to authenticate my account with the api, I've been following the documentation, but unable to load the api at all because of the host name. Maybe I'm misunderstanding the whole concept, but where would I find the hostname to replace 'example.com' with.
https://example.com/api/xml?action=common-info
You can find it in any of the links you might have to a existing piece of content. So if you've got a presentation at:
https://connect.myserver.com/test-training-course
you'd log in with:
https://connect.myserver.com/api/xml?action=login&login=myusername&password=mypassword
Related
Context:
I have a keycloak inside a docker, I understand that there is a "proxy reverse" doing something like transforming this url for example: "http://example.com" into "http://171.20.2.97:8082" (this is the actual place where the Keycloak is "deployed" or "up"). It is just an example, my clients when they need to consume an endpoint from one microservice of mine do not use numbers, they use example.com.
so in the Keycloak when you want to see the metadata of the realm for SAML2.0 you can do it by following this link which is in the REALM settings section:
https://example.com/auth/realms/REALM-NAME/protocol/saml/descriptor
as you can see I am using "example.com" not "171.20.2.97:8082" to access the metadata link.
The problem is that inside the METADATA, the endpoints for SingleSignOnService, SingleLogoutService, etc. Are all configured to be "http://171.20.2.97:8082/auth/realms/REALM-NAME/protocol/saml" (notice it is using the numbers and not example.com) and this causes that when the clients that want to use SAML.
Send inside their SAML REQUEST "Destination" attribute like so: "http://example.com/auth/realms/REALM-NAME/protocol/saml" and this causes an invalid request error, with reason invalid_destination, because the request attribute Destination was expected to be:
"http://171.20.2.97:8082/auth/realms/REALM-NAME/protocol/saml" like is inside the Metadata.
So my question is, how can I edit the metadata to change the endpoints numbers to example.com or if that is not possible, how can I make example.com get translated to 171.20.2.97:8082 inside my keycloak server? Or if you know another way to solve/figure out this it is very welcome
I feel like a BEAST after finding out how to achieve what I needed after like 3 weeks of searching about keycloak and SAML (I overcame many obstacles this was the lastone), finally I managed to fix this by using the "Frontend URL" setting in my REALM settings, there I can put anything I want so that it changes "http://171.20.2.97:8082/auth/" (inside the metadata urls) for whatever I configure there, so for example if I set Frontend URL to:
https://example.com/auth/
now all my metadata endpoints will be like so:
https://example.com/auth/realms/REALM-NAME/protocol/saml
instead of:
http://171.20.2.97:8082/auth/realms/REALM-NAME/protocol/saml
now my client is being able to properly login with SAML2 using keycloak.
how did I manage to find out this? Well there is not much info so this was what gave me the hint: Keycloak behind nginx reverse proxy: SAML Integration invalid_destination
The person asking said that he configured frontend-url, and I wanted to give a try to that, and after checking if that changed metadata urls, surprise it did =)
I'm trying to send my first image to gcr(google container reg.) via local bash, but somehow I couldn't do it even though I added my current user as 'owner' to the project. In the last link that gave me an error, the following was written.
{"errors":[{"code":"UNAUTHORIZED","message":"Unauthorized access."}]}
Also, my ubuntu distribution ip that I use on wsl2 was banned by google on the grounds that I tried too much. This is my 2nd problem that I need to solve.
I encountered my problem in the first item through powershell on my local computer.
What should I do in this case?
The refusal to connect to GCP might be related to the IP ban that you mentioned, was there any specified length to the ban? Usually, an email is sent with more details about the ban. Otherwise, there is specific documentation dealing with authenticating to Container Registry. The documentation lists several authentication methods:
gcloud credential helper
Standalone credential helper
Access token
JSON key file
Which of these methods are you having issues with? The documentation lists the procedure to authenticate properly with each of these methods. Is the correct account configured? It could be a different account or a service account is being used instead.
I am trying to integrate the google-one-tap with my django project on my localhost.
So I added http://localhost:8000 and http://localhost into the Authorized JavaScript origins in Client ID for Web application.
I read some blogs that the above setting does work for the google-one-tap local testing, but it doesn't work for me.
Answer provided here worked for me: The given origin is not allowed for the given client ID (GSI)
As ridiculous as it seems omitting the port and writing http://localhost as JavaScript origin makes the new Google Identity Services code work.
Now my next question is how this change will affect the redirect url, which also accepted a port before.
I finally found out the solution.
It should be set the SECURE_REFERRER_POLICY in the settings.py like this.
SECURE_REFERRER_POLICY = "no-referrer-when-downgrade"
The setup is correct according to the setup instructions here.
Aside from following the above document, please also make sure you are sending the requests from the correct origin. In your case it should be from http://localhost:8000. Please also double check to see if the HTTP headers and parameters in the request also match the authorized origins.
Would you be able to find out which request failed from the web console?
I am using this example: https://github.com/ajimix/asana-api-php-class/blob/master/examples/oauth.php to learn how to use the asana's oauth. I already registered my app on the asana's developers webpage. But, when I get the asana's response with my 'redirect_url'?code=0%XXXXXXX, localhost gives me a 500 status. I don't know why, does anyone know how I can solve it?
I tried using the other examples in there: https://github.com/ajimix/asana-api-php-class/blob/master/examples/, but I wasn't able to make them run either, I always get a 500 status. I think that the problem must be in my server, but I don't how solve it. Maybe changing something on the .htaccess file, but I don't really know what to put in there.
If you're looking to use the Asana API from PHP may I recommend the official first-party client: https://github.com/Asana/php-asana
It also contains examples of how to use with OAuth and is officially supported by us at Asana :-)
I'm adding Google Oauth2 to a Rails app, but have been unable to get past the early stages.
I've set up an app, and defined client ID and secret.But I'm getting Invalid parameter value for redirect_uri: Non-public domains not allowed: http://localhost/path/to/callback
What does this mean? Is this because I'm testing on a local dev environment?
Thanks for any ideas.
EDIT
This might be because the app's URI differs from the sending URI. But when I go to Google and try to authorize the path to my dev app, I get OAuth2 redirect is invalid. Is this a limitation of using a locally hosted app?
EDIT 2
The request I'm generating looks like this:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=###########&redirect_uri=http%3A%2F%2Fmyapp.dev%2Fusers%2Fauth%2Fgoogle_oauth2%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&approval_prompt=&access_type=offline
Is this correct. I've tried this with client_id including and excluding the .apps.googleusercontent.com section. Neither seems to work.
I was getting the redirect error for my python / tornado app running on ubuntu. Using localhost didn't work as the accepted answer highlighted. Google wants a public domain.
My solution was to piggyback "example.com" which is public and create a sub domain in my /etc/hosts file. The sub domain would work on my local dev box and google would be happy with the example.com domain. I registering the redirects via the google console and the redirect worked successfully for me.
I added the following to my /etc/hosts:
192.168.33.100 devbox devbox.example.com
In my case the IP was that of my machine. I could also have used 127.0.0.1 instead.
My Google API console (https://code.google.com/apis/console) set up for a new client ID was:
"Application Type: Web Application".
Via "Your site or hostname (more options)":
In "Authorized Redirect URIs" I entered http://devbox.example.com/
In "Authorized JavaScript Origins" I entered http://devbox.example.com/
Using xip.io you can provide a public url to redirect to like http://your_pow_app.192.168.0.1.xip.io/user/auth/google_oauth2/callback
Tested and working.
I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.
P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au
This is my answer to a related question https://stackoverflow.com/a/23517146/1320083
For anyone else finding this, my problem was combination of several things.
I could not get callbacks to work on a local machine. The console API console suggests it is possible, but I couldn't get it working. Not sure of this is down to the service, or to my network/ connection/ firewall/ etc.
In the API console you must specify the full redirect URI, not just the root url back to your app.
Google lists scope parameters here https://developers.google.com/gdata/faq#AuthScopes. It seems this information is outdated, and the correct format for these is now https://www.googleapis.com/auth/plus.me, https://www.googleapis.com/auth/youtube, etc. Maybe someone else can confirm this?
I had a few other things going on as well. I had written a full explanation on another of my questions here on SO. Unfortunately my comments were deleted instead of moved by a moderator because I posted in the wrong place. I can't now remember all that I wrote. For others facing similar issue, feel free to comment, it may jog my memory so I can offer some ideas.
Error redirect_uri_mismatch - This error can occur when you entered an incorrect bundle ID in your Google Developers Console project that does not match your app's bundle ID. Check that your client ID and bundle ID match the values that are displayed in the Developers Console.
For me it was the function that built up the google url. I put line breaks in the string, once I removed the line breaks the url worked again.
I faced this issue but found it was really not an issue. As explained in my blog you can use the public redirect URI even when you are working on your localhost development machine. Google will just return the authorization code to the public URI where you can cut and paste it to your local machine.