I have a scenario and for what I believe is a common scenario for many websites :)
I have a website that uses Nextjs for frontend and asp.net core as backend. It uses Azure ADB2C for managing its users.
Now When the user is registering, I will collect some basic details which would be done through the userflows in Azure ADB2C.
Before the user creation is completed, I want to come back to my website to allow the user to select the subscription option and let the user click on subscribe button.
Based on this, there will be a call to third party payment gateway service like stripe/RazorPay... which takes over and allows the user to complete payment.
The payment gateway would send the success/failure notification back to my website which I will use to decide to proceed to complete user creation or discard the creation process.
Using ADB2C seems to be quite a big task with custom policies :)
Need help/suggestions/links
Is it possible for us to come back to my website from ADB2C in between the registering process? I see an option using Custom policies with REST call, but will that really help? This is not just a REST call.
OR
Is it possible for me to let the user first choose the subscription option and then pass on that data to the ADB2C userflow. Not sure if we can pass data that way to the signup userflow. if you have any link that does that please share it with me.
The second option seems to be more easy if I have a way to send some input to the signup flow.
With custom policies, it is possible to extend the signup screen by adding subscription options.
Then call a REST API to the payment gateway.
This will return to B2C.
If all is good, write the user data to B2C.
If not, display an error message and discard the data.
Related
First of all, I apologize for eventual noob questions, we are very new to the DocuSign API and are currently trying to wrap our heads around which is the most correct way of accessing the API.
I will start with an overview of our use case. We recently purchased a DocuSign prod. Account with an Organization enabled.
We have a Partner which uses a CMS Tooling which integrates with said DocuSign Account. This Tool allows for the Backoffice to create envelopes with documents inside and a url which leads to the signin ceremony through the Templates that we create inside the DocuSign Account. This url is afterwards send to the customer for them to sign the documents in the envelope. This Part is working and is currently being used.
Now what we want to achieve on our side, we have a nextJS web-app which allows the same customers (Which are the receivers of the created envelopes in the step above, same e-mail in both steps) to sign-in our web-app. We want to show the customer in a dashboard, if there are envelopes for him open that he can sign and if this is the case we want to show him the url which leads to the signin ceremony.
We were able to see that as soon as an envelope for a certain User is created through the CMS Tooling, we can see that envelope in our DocuSign Prod Account.
Now our thought process was, to show our customer his open envelopes, we just fetch all open envelopes in our DocuSign Account which match the customers E-Mail.
Is there anything wrong with this process or are we overlooking something?
And if it is okay to proceed this way which of the OAuth Flows is the correct one to use for this case?
From my understanding, the JWT Flow seems like the most reasonable one? Since the Customers that need to sign the documents, will not have any DocuSign accounts.
What have you tried to solve the issue?
We tried using the direct API Access, which worked when set up correctly but since we didn't have a OAuth Flow in place the Access token is only valid for restricted amount of time obviously and has to be refreshed. Hence we have to think first about how to grant access correctly
I would love to hear, what the right approach would be to achieve our desired result.
Once again Apologies for this kind of question, just trying to have a better understanding before we start building :)
Best regards!
According to the use case you mentioned using JWT Grant is fine as users of your integration will use a single system account to log in, you should use JWT Grant.
I would recommend going with the below link to know more regards different use cases and check the knowledge
https://developers.docusign.com/platform/auth/choose/
https://developers.docusign.com/platform/auth/oauth2-requirements-migration/
My users using AAM API endpoint for a third-party service that requires a webhook - and I need to show usage of this endpoint in User Reports
Third-party API does not support headers and I can't pass Ocp-Apim-Subscription-Key user subscription key to it, and the request will be called anonymously.
As far as I understand that will not allow counting that request in User Reports.
But I can use a token URI parameter to manually get subscription-id and keys for it, with send-request policy.
If I do this is there a way to add the Ocp-Apim-Subscription-Key header to (running?) request in order to perform it on behalf of user subscription?
So far, I can only think about wrapping the required request in another AAM request which will use send-request and set-header policies like that
> POST /endpoint/telegram/public/token123
>> <send-request>GET /token123/keys/primary</send-request>
> POST /endpoint/telegram/token123 +H 'Ocp-Apim-Subscription-Key:key123'
I returned to this question after a couple of days and feel extremely embarrassing now.
To perform a request on behalf of the User I can use the API key in the query instead of the header, there are literally separate setting for that
That solves everything.
You may try to integrate with Application insight to monitor details : How to integrate Azure API Management with Azure Application Insights
Also, you can leverage the metrices to analyze the request pattern.
Based on any condition you may create alert to notify you as well : https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor
We are using DocuSign API via demo account for signatures. We are using Authorization Code Grant workflow and are obtaining authorizations in our demo workflow. So real access tokens are being used.
But no API calls are being shown in our demo account API Dashboard.
But I can see via our monitoring tool we are hitting DocuSign. Plus the flow of the integration is all working properly.
Why are the calls not showing up? This is affecting our ability to proceed with app review process.
Notes
The model we're using is ISV
We use Authorization Code Grant workflow
We obtain user authorization for users outside of our account since we are an ISV
My question is similar to this one but we are using real access tokens.
The information in the dashboard may be outdate by 10-20 minutes as it takes some time for the process to get the API requests to the dashboard.
Please allow for a few minutes of delay and check the dashboard a bit later if you have new API calls you're trying to view in the dashboard.
Also, for ISVs, the portal only shows your own account. You must make the API calls from your own account that was used to create the IK. If you use a different account - it would not show in the developer dashboard.
I would like to create a webservice capable of automatically sending messages in Microsoft Teams. I tried authenticating as an application, but currently Microsoft does not support granting application permissions to send messages in Teams, so the only choice here is to authenticate using a service account with real credentials (Unless there is another way?). This method only specifies using user interaction to log in as a user.
I would like to use a service account teamchatbot#domain.com to authenticate with Microsoft Graph in order to send messages on Microsoft Teams. (similar to this but since I'm not accessing a resource it is a little different.) Is there a way I can silently obtain an access token on behalf of the service account in order to send messages?
It seems that you have a misunderstanding.
Your scene is actually the same as this post.
You should use Resource Owner Password Credentials to call Microsoft Graph API to send messages.
Based on permissions, you need the Group.ReadWrite.All delegated permission. So you need to add this permission into your Azure AD app firstly.
Don't forget to click on "Grant admin consent for {your tenant}" after you add this permission.
Then you can get an access token like this:
You can see that https://graph.microsoft.com/Group.ReadWrite.All has been included in the response.
Now you could use this access token to call POST /teams/{id}/channels/{id}/messages.
There are a few other ways I can think of.
1) One is that you can create a Bot using the Microsoft Bot Framework, and once that bot is installed to the particular team, it can send "pro-active" messages (i.e. not a message in response to a user's message, but rather whenever you need).
Essentially, when you bot is added to the team, you get access to a specific event in your bot (OnMembersAdded for a general bot, and there's now a new event just for Teams). See more on this in my answer on Detect bot application open event. In this event, you get the information you need for later, which you can store in a database or wherever, and then create the message as if it's your bot posting to the channel. You can see more on that at Programmatically sending a message to a bot in Microsoft Teams.
This option above is a lot of work, but useful if there's other functionality you want from a bot (e.g. the ability to receive messages from the users)
2) Another, and even more simple way, is to create an incoming webhook directly to the channel. Here's a post on doing this using PowerShell, so you can do that for simple testing and extrapolate from there for Node.
Of course, things like Flow (Power Automate) are an option too, but you're already writing code so one of the above is probably easier.
Hope that helps
I need to be able to call a method in my backend after a developer creates an account in the APIM dev portal. Is there a way to achieve that?
I've seen in the documentation in advanced policy that I could send a one way request. So can I detect a new sub and make those 2 work together or something else?
Thanks
The only way to get proactively notified of user registration and subscription creation is delegation: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-setup-delegation