We have an app that is integrated with Google Apps domains, which allows domain admins to provision users in their Google Apps Domain in our web app on a nightly basis.
Previously I noticed that in cases where the admin revoked access to our app in the cpanel for the domain we would get a HTTP 403 or 401 sometimes, I kinda found this out via some manual testing on my own personal test domain. However, last week we started seeing HTTP 400s even though the request was correctly formed (GET request url and params).
I have two questions
Anyone know where in the Provisioning API docs is there info on the various possible HTTP response codes that I can expect.
Anyone else see the surge in HTTP 400s lately, due to some undocumented API update ?
UPDATE: The response body for the call is
<HTML> <HEAD> <TITLE>Bad Request</TITLE> </HEAD> <BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\"> <H1>Bad Request</H1> <H2>Error 400</H2> </BODY> </HTML>
UPDATE2: This is the request URL I'm using
"https://apps-apis.google.com/a/feeds/#{domain}/user/2.0?alt=json"
Related
I'm currently making a LinkedIn app using the LinkedIn OAuth 2.0 Developer API with permissions r_liteprofile & r_emailaddress (Products added to my app include Share on LinkedIn & Sign In with LinkedIn).
Recently the profile images retrieved with this GET API (as per LinkedIn's own Developer documentation):
https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,localizedFirstName,localizedLastName,profilePicture(displayImage~:playableStreams))
Have started to return either 403 - Forbidden.
Full error message:
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>403 - Forbidden</title>
</head>
<body>
<h1>403 - Forbidden</h1>
</body>
</html>
OR
The error Access Denied e.g.
Access Denied
You don't have permission to access "http://media-exp1.licdn.com/dms/image/C4E03AQHE3A16fLv1kQ/profile-displayphoto-shrink_800_800/0?" on this server.
Reference #18.2e5c7a5c.1589838983.25cfca02
E.g. https://media-exp1.licdn.com/dms/image/C4E03AQHE3A16fLv1kQ/profile-displayphoto-shrink_800_800/0?e=1586995200&v=beta&t=zVNycwFPGiCoLZBJBkJoN6d_n7EAVVne-nK-r75RzMo
This URL gives me Access Denied when not using a VPN, and 403 - Forbidden when using a VPN.
This tells me my IP address is being logged and some security mechanism kicking in if I access the URL directly a few times.
However about two months ago, I could directly link to this profile image URL from my app and it would load just fine.
If LinkedIn has made some changes and I can no longer link to the profile image URL - how else can I access the user's profile image?
Any help you can provide would be much appreciated!
Check the identifierExpiresInSeconds of your identifier. You can see the field in the docs:
https://learn.microsoft.com/en-us/linkedin/shared/references/v2/profile/profile-picture#profile-api-sample-response
I created a Linkedin app to test this, and it works just fine for me. I can access the profile picture from different IPs, too. The response I am getting has an identifierExpiresInSeconds of 1596067200, which is in exactly two months from the time of request.
That matches with your description of the issue - it worked fine two months ago. Now your identifier seems to have expired. You will need to perform another API call to get a valid picture identifier.
1) I created a REST API for my client application and Registered in API Management (that used to get user specific data)
2) I created a BOT WEB APP in Azure portal using LUIS and it is working fine (I added sample Intents/Utterance)
3) Consumed the REST API in LUIS application as one of the Intent condition
Tested the above in BOT Emulator and Azure portal as well. (Hard-coded the user info in the calling function)
Now I want to configure the BOT in my MVC client application and pass the user specific info based on the logged in user info. I read the below article to enable the directline API. Still looking for the better resources.
Connect BOT using Directline API
DirectLine Auth
Now I want to configure the BOT in my MVC client application and pass the user specific info based on the logged in user info.
I’m using the following code sample to embed bot in my website and pass user specific information to bot, which works for me, you can refer to it.
#{
Layout = null;
}
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>Test</title>
<link href="https://cdn.botframework.com/botframework-webchat/latest/botchat.css" rel="stylesheet" />
<script src="https://cdn.botframework.com/botframework-webchat/latest/botchat.js"></script>
</head>
<body>
<div>
<div id="mybot"/>
</div>
</body>
</html>
<script>
BotChat.App({
directLine: { secret: '{your_directline_secret}' },
//you can dynamically retrieve the logged in user info in your mvc View
//and pass thoes info to your bot
user: { id: '1234', firstname: '{your_fname}', lastname: '{your_lname}'},
bot: { id: '{your_botid}' },
resize: 'detect'
}, document.getElementById("mybot"))
</script>
Test result:
Using the following code snippet to extract user information from Activity object in bot app.
if (activity.From.Properties["firstname"] != null)
{
var fname = activity.From.Properties["firstname"].ToString();
}
So basically you problem is about implementing a bot interface inside a web app. One option could be to use WebChat as a channel: https://github.com/Microsoft/BotFramework-WebChat.
The open source web chat control communicates with your bot by using the Direct Line API, which allows messages to be sent back and forth between client and bot. You can embed it in your web app by just adding the <iframe> tag as mentioned in the docs. Check more info here as well: https://learn.microsoft.com/en-us/bot-framework/bot-service-design-pattern-embed-web-site
Otherwise as you said is to use Direct Line API and implement a networking layer to this API in your MVC client APP. This would be in charge of building the messages and sending it to the bot API, and receiving them and using it to the corresponding UI needs. Personally I recommend you to use WebSockets protocol in order to establish a two way communication between your bot and avoid doing HTTP long polling. Check it here: https://learn.microsoft.com/en-us/bot-framework/rest-api/bot-framework-rest-direct-line-3-0-concepts
I'm trying to create a custom login page that is hosted in my MVC Web App however the request is being redirected to my default error page with the message
"server_error".
What can I do to find more information about this error?
My custom login page:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<h1>This is my custom login page.</h1>
<div id="api"></div>
</body>
</html>
Other Notes:
My web app is based off of the Azure AD B2C: Call an ASP.NET Web API from an ASP.NET Web App.
I'm following the article Azure Active Directory B2C: Customize the Azure AD B2C user interface (UI)
I've enabled CORS Enabling Cross-Origin Requests (CORS)
Update:
The problem was that I didn't enable CORS correctly in my web app. The documentation I was reading was for .NET Core vs .NET Framework I was using.
I added this to my view.
HttpContext.Current.Response.Headers.Add("Access-Control-Allow-Origin", "https://login.microsoftonline.com");
P.S. #spottedmahn recommendation for preserving the log in the Chrome console clearly showed why the error was occurring.
Assuming you're running locally, Enable SSL in IIS Express. The problem could be mixed content: HTTP & HTTPS.
Also, in your browser, enable preserve log; this will provide more insight into your error(s).
You could enable application insights to record the error.
Here is some documentation on how to collect logs.
We were testing our website on iOS devices with iOS11, and noticed that it was breaking, as the browser would not accept responses from our API. Using the remote debugger, we were able to determine that we were getting a CORS permission error, and the response body and HTTP Headers were being stripped. This seemed to be occurring on all mobile iOS browsers (Chrome/Safari), and continued to occur even after I changed the CORS response header to a wildcard value. However, every other browser/OS/version of iOS is working perfectly. I have attached the network response from our API, the response headers for our API, and the error we are getting from the console.
Is there something about iOS11 that might be causing this, or failing that, is there any way I can get further diagnostics?
We had a similar situation with a form hosted on domain A and posting the data to an API on domain B.
The POST request from domain A contained the header "x-api-key" that is not relevant for domain B
The response to the preflight OPTIONS request to the API contained the headers
Access-Control-Allow-Origin:https://domainA
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
That worked fine for all browsers except those on iOS.
As we finally found out, specifying the wild card * for Access-Control-Allow-Headers
does not work for iOS browsers. In the response to the OPTIONS request you need to specify all the headers that are present in the POST request, even if some headers are not relevant for the server on domain B.
Only then will iOS send the POST request.
Changing the response header to
Access-Control-Allow-Headers:Accept,Content-Type,X-Requested-With,x-api-key
did it (even if the header x-api-key is not processed on server B)
In our case, we were able to solve the problem by adding additional http header information when making an OPTIONS preflight request from our API. It appears that Safari does not like wild cards entries in CORS requests, and additionally, needs every header specified in the Access-Control-Allow-Header value, even 'standard' ones that would not be necessary in other browsers. By adding the following headers to all preflight requests, we were able to get X-Domain requests between our site and our api working again.
<!-- headers for preflight CORS response-->
<add key="Access-Control-Allow-Origin" value="<exact name of site>" />
<add key="Access-Control-Allow-Methods" value="POST, GET, OPTIONS, DELETE" />
<add key="Access-Control-Allow-Credentials" value="true" />
<add key="Access-Control-Allow-Headers" value="Accept,Origin,Content-Type,X-LS-CORS-Template,X-LS-Auth-Token,X-LS-Auth-User-Token,Content-Type,X-LS-Sync-Result,X-LS-Sequence,token" />
iOS 11 has introduced some new tracking protection which block some sites/URL
You can disable this in Settings -> Safari -> Prevent Cross-Site Tracking.
Maybe that is your problem ?
I have the same problem, this works - but I would like a way about without our users have to do this.
source: https://www.macrumors.com/how-to/safari-ios-11-tracking-prevention/
I faced the same issue.
The problem in my case was that nginx was not letting the file upload go because the body was too large and nginx did not let that request pass to the application and just killed the connection. I changed the client_body_max_size 10M and it just worked. Look into your nginx error log!
Took me about whole day to figure out.
I try and call this endpoint with an access token from auth2:
https://gdata.youtube.com/feeds/api/users/default?access_token={mytoken}&alt=json
and when I use it for a user with a channel on youtube it works fine. though, when I try to use it for an "unlinked account" user (no channel on youtube yet) it returns me this html response
<HTML>
<HEAD>
<TITLE>User authentication required.</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>User authentication required.</H1>
<H2>Error 401</H2>
</BODY>
From what I've searched I saw that I should use v2.1 instead of v2.0 and so I tried to add header to the request "GData-Version=2.1", though nothing seem to change in the response. Still same error. Also, tried to add querystring "&v=2.1" and still nothing.
Any help would be appreciated. Thanks.
Ok the v=2.1 did work at the end.