I was testing Zend Gdata 1.10.1 in my localhost.
I downloaded Zend Gdate from this link:
http://framework.zend.com/download/webservices
Inside the Zend Gdata zip file, there was a folder called demos.
I extracted it and used the YouTudeVideoApp to upload a sample video to Youtube.
But every time after I logged into Youtube, before it redirected me to my localhost,
I received a warning message like this warning message:
localhost: This website is registered
with Google to make authorization
requests, but has not been configured
to send requests securely. We
recommend that you continue the
process only if you trust the
following destination:
localhost:8080/youtube/operations.php
So I googled on how to resolve the problem of getting this warning message when
I saw some people suggesed changing the value of $secure to True in operation.php.
Here is the script mentioned:
function generateAuthSubRequestLink($nextUrl = null)
{
$scope = 'http://gdata.youtube.com';
$secure = true;
$session = true;
if (!$nextUrl) {
generateUrlInformation();
$nextUrl = $_SESSION['operationsUrl'];
}
$url = Zend_Gdata_AuthSub::getAuthSubTokenUri($nextUrl, $scope, $secure, $session);
echo '<a href="' . $url
. '"><strong>Click here to authenticate with YouTube</strong></a>';
}
After I altered the value of $secure to True,
I found that the warning message changed to this:
localhost: Registered, secure. This
website is registered with Google to
make authorization requests
The new warning message is somehow shorter and looks better than the previous warning message.
But once I pressed the Allow Access button, it turned out to be this:
ERROR - Token upgrade for
CI3M6_Q3EOGkxoL-_____wEYjffToQQ failed
: Token upgrade failed. Reason:
Invalid AuthSub header. Error 401
ERROR - Unknown search type - ''
I don't know why this happened.
Could you help me solve the problem please?
edit your php.ini file and enable the openssl extensions
extension=php_openssl.dll
restart the httpd or IIS server
Related
I am trying to integrate AzuerAD OAuth authentication with graph-db following the instructions https://graphdb.ontotext.com/documentation/free/access-control.html and can't understand the reason it is failing.
My graphdb.properties config is as follows:
graphdb.auth.methods = basic, gdb, openid
graphdb.auth.openid.issuer = https://login.microsoftonline.com
graphdb.auth.openid.client_id = 596251be-....from AD
graphdb.auth.openid.username_claim = email
graphdb.auth.openid.auth_flow = code
graphdb.auth.openid.token_type = access
Also had failed attempted with:
graphdb.auth.openid.issuer = https://login.microsoftonline.com/da0adc10-UUID/oauth2/v2.0/token
I can successfully login to:
https://login.microsoftonline.com/da0adc10-UUID/oauth2/v2.0/authorize?client_id=596251be-from-AD&scope=openid&response_type=code. It's a success because after signing it prompts me with a reminder for a setting.
However, when the redirection happens to http://localhost:7200/login, it fails. (Also tried setting redirect uri to http://localhost:7200/login which was also a failure).
Failure (seen on Network tab of browser):
http://localhost:7200/login?code=0.AUIAENwK2txuskGrQ9UmuxHFYL5RYlkgP---lenghty-stuff---&session_state=dd3f6443-some-string
...eventually...
Request URL: http://localhost:7200/rest/security/authenticatedUser
Request Method: GET
Status Code: 401
Can you provide any guidance?
The redirect URL should be the basic URL of the GraphDB server, which in your case seems to be http://localhost:7200/. It won't work with http://localhost:7200/login.
I'm getting started on Alexa Skill MAnagement SMAPI, so I need to get a refresh token. In the documentation it is specified that 'ask util generate-lwa-tokens' should be used, but in the current version 2.0 of 'ask' this option is no longer available. Thus, I obtained access tokens using postman as described here:
https://gist.github.com/marcelobern/fe44cee1dd5ed624e03b690a447e47fd
But when running some example of smapi what I get is a server error. The example and the error:
from ask_smapi_sdk import StandardSmapiClientBuilder
smapi_client_builder = StandardSmapiClientBuilder(client_id='***',
client_secret='***',
refresh_token='***')
smapi_client = smapi_client_builder.client()
try:
result = smapi_client.list_skills_for_vendor_v1(vendor_id='***', full_response=True)
print("==========================================")
print(result.headers)
print(result.body)
print("==========================================")
except Exception as e:
print(e.body if hasattr(e, 'body') else e)
The error:
{'error_description': 'The server encountered an internal error trying to '
'fulfill the request',
'error_type': 'ServerError'}`
Thank you,
Fernando
This command is now added in the ask-cli v2.1.0, you can check the changelog at
https://github.com/alexa/ask-cli/blob/develop/CHANGELOG.md#210-2020-04-16
Solved. You have to be sure to use a refresh token since access token will throw a server exception
I had Discord Oauth2 implemented so that my users could log into my website by authenticating through Discord. For months, everything worked great and now all of the sudden it stopped working.
Per Discord's oauth2 instructions,https://discordapp.com/developers/docs/topics/oauth2#shared-resources, I am able to successfully acquire the access code that is meant to be traded for the access token. However, when I try to receive the access token I receive an 'invalid_client' error.
First, I am hitting this endpoint:
https://discordapp.com/api/oauth2/authorize?client_id=${process.env.CLIENT_ID}&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Flogin%2Fdiscord%2Fcallback&response_type=code&scope=identify%20email%20gdm.join
which successfully returns the following:
http://localhost:5000/login/discord/callback?code={some_access_code}
The access code is then sent back to discord to obtain the access token. Here is the code that is failing:
export function getDiscordAccessToken(accessCode, call) {
const redirect = call === 'login' ? process.env.DISCORD_LOGIN_REDIRECT : process.env.DISCORD_CONNECT_REDIRECT
return new Promise((resolve, reject) => {
axios
.post(
`https://discordapp.com/api/oauth2/token?client_id=${process.env.DISCORD_CLIENTID}&client_secret=${process.env.DISCORD_SECRET}&grant_type=authorization_code&code=${accessCode}&redirect_uri=${redirect}&scope=identify%20email%20gdm.join`
)
.then(res => {
resolve(res.data)
})
.catch(err => {
// log error to db
console.log("Here is your error: ", err.response)
reject(err.response)
})
})
}
This code was working for months with no problems. Then, all of the sudden it stopped working. I even checked the Discord change logs which can be found here, https://discordapp.com/developers/docs/change-log, but I found no reference to authentication changes.
Any help you can provide is greatly appreciated!
The query parameters should be in the BODY of the POST request, not the URL for the oauth/token url.
Discord recently pushed a update to the oAuth2 which makes it confine more with the standard. This means they no longer support parameters in the URL for POST, but instead require them to be in the body and form encoded (basically the same, but in the body and without the leading ?).
So you basically need (not tested):
axios.post(
`https://discordapp.com/api/oauth2/token`,
`client_id=${process.env.DISCORD_CLIENTID}&client_secret=${process.env.DISCORD_SECRET}&grant_type=client_credentials&code=${accessCode}&redirect_uri=${redirect}&scope=identify%20email%20gdm.join`
)
I know the question has already been answered, but in my case I copied a wrong secret key. Just make sure that you copy the right one.
Secret Key is located under OAuth2 Tab and not under General Information tab on discord developer's dashboard.
I am using following spring security saml repo from github:
https://github.com/spring-projects/spring-security-saml/tree/master/sample
Whenever I try to update the SSO url, for e.g. localhost:8100/saml/ddo, instead of /saml/sso, browser gets stuck in infinite loops.
(I have followed the steps mentioned in readme and updated the url on okta as well in application to test)
Sample code and config enclosed in:
Spring secuirty saml issue
EDIT:
I did what below answer suggested,but I am getting the Incoming SAML message is invalid..
On debugging, I found that attemptAuthentication in SAMLProcessingFilter, the location in endpoint that are added still contain the /api/saml/SSO instead of /api/saml/ddo
and that's why getEndpoint method in SamlUtil throws excpetion with following line:
throw new SAMLException("Endpoint with message binding " + messageBinding + " and URL " + requestURL + " wasn't found in local metadata");
because the requestUrl and endpoint location do not match.
I also checked my metadata.xml but it does not contain any info related to these urls.
In the MetaDataGenerator class method getSAMLWebSSOProcessingFilterPath, the samlWebSSOFilter is null and that's why the default filter url: /saml/SSO is returned. I am trying to figure out how to set this value at runtime?
I understand that there is a method with name: setSamlWebSSOFilter, and everything works correct if I provide the url /saml/ddo at the time of startup. But I am not able to make this work if config is changed at runtime.
Any idea how can I move forward?
Setting field filterProcessesUrl on bean samlWebSSOProcessingFilter to value /saml/ddo should solve the problem.
Our project lets users upload videos to OUR public youtube channel when they are signed into our session. We do not want to require additional OAuth2 verification, and instead follow the follow of Google API v2.
My code (php) and error are below, but my general question is: can my server make the insert-video POST using my API key/secrets without requiring the user to authenticate.
This question - Google Calendar API v3 hardcoded credentials - is very similar. Howevr if CURLing Google for the access_token is the only answer, i'll be disappointed. Thanks regardless.
Google API V3 Settings:
Client ID: xxxx.apps.googleusercontent.com
Email address: xxxx#developer.gserviceaccount.com
Client secret: xxxx
Redirect URIs: http://fbtabs.imagendigital.co/unilever/sedal/surprise/galeria
JavaScript origins: https://fbtabs.imagendigital.co
API key:
AIzaSyBgS-jMJQUPIiAyX20xC-encFWTPsR7qxQ
Referers:
Any referer allowed
Activated on: Jul 4, 2013 1:21 PM
Activated by: xxxx#gmail.com – you
Code:
<?php
require_once BASE_CD . 'app/src/Idframework/Tools.php';
require_once BASE_CD . 'app/vendor/google-api-php-client/src/Google_Client.php';
require_once BASE_CD . 'app/vendor/google-api-php-client/src/contrib/Google_YouTubeService.php';
$client = new Google_Client();
$client->setApplicationName('Google+ PHP Starter Application');
$client->setClientId('xxx.apps.googleusercontent.com');
$client->setClientSecret('xxxx');
$client->setRedirectUri('http://fbtabs.imagendigital.co/unilever/sedal/surprise/galeria');
$client->setDeveloperKey('xxxx');
$youtube = new Google_YoutubeService($client);
$snippet = new Google_VideoSnippet();
$status = new Google_VideoStatus();
$video = new Google_Video();
if (isset($_POST['tip_desc'])) $snippet->setDescription($_POST['tip_desc']);
$snippet->setTitle($_POST['tip_name']);
$snippet->setTags(array("sedal","hair","pello","cabello"));
$status->privacyStatus = "public";
$video->setSnippet($snippet);
$video->setStatus($status);
$filename = $_FILES['videoInp']['tmp_name'];
$mime = \Idframework\Tools::get_mime($filename);
try {
$part = "status";
$obj = $youtube->videos->insert($part, $video,
array("data"=>file_get_contents($filename),
"mimeType" => $mime));
} catch(Google_ServiceException $e) {
print "Caught Google service Exception ".$e->getCode(). " message is ".$e->getMessage(). " <br>";
print "Stack trace is ".$e->getTraceAsString();
}
Error:
Notice: Undefined index: content-type in C:\DATA\IDInteractive\SedalSurprise\app\vendor\google-api-php-client\src\service\Google_MediaFileUpload.php on line 99
Caught Google service Exception 401 message is Error calling POST https://www.googleapis.com/upload/youtube/v3/videos?part=player&uploadType=multipart&key=AIzaSyBgS-jMJQUPIiAyX20xC-encFWTPsR7qxQ: (401) Login Required
Stack trace is #0 C:\DATA\IDInteractive\SedalSurprise\app\vendor\google-api-php-client\src\io\Google_REST.php(36): Google_REST::decodeHttpResponse(Object(Google_HttpRequest)) #1 C:\DATA\IDInteractive\SedalSurprise\app\vendor\google-api-php-client\src\service\Google_ServiceResource.php(186): Google_REST::execute(Object(Google_HttpRequest)) #2 C:\DATA\IDInteractive\SedalSurprise\app\vendor\google-api-php-client\src\contrib\Google_YouTubeService.php(789): Google_ServiceResource->__call('insert', Array) #3 C:\DATA\IDInteractive\SedalSurprise\youtuber.php(56): Google_VideosServiceResource->insert('player', Object(Google_Video), Array) #4 {main}
First off, letting arbitrary users upload videos into a "master" YouTube channel is not recommended, for the reasons outlined in this blog post.
That being said, if you're determined to do it, then you need to include an access token associated with your channel in each upload request. The appropriate way to get a fresh access token (they expire after an hour) is to take a refresh token that you've previously generated and stored somewhere and make an HTTP request to the appropriate URL to get back an access token, as explained in the OAuth 2 documentation. There's no way around that—I'm not sure whether there's a native method in the Google APIs PHP client library that will automate the process for you, but that's what needs to happen under the hood.
The information in Google Calendar API v3 hardcoded credentials does seem relevant.