I'm building a desktop app using Electron and Vue as framework.
I also need to authenticate the user using Azure AD and I'm using msal-node.js as library to do that.
I'm able to authenticate with the server in azure and get the user info, but I cannot figure it out how to set the redirect URL.
First I have to say that the behaviour between dev and prod change drastically and I'm going to explain both scenarios and, in both of them I'm going to use history mode or not
DEV - using createWebHistory
Return Url in Azure and .env file: http://localhost:8080/
This is what I've got from the devTools during the normal navigation (no authenticated)
And this is what I've got after the authentication (the call to the API is successful):
Blank page in the app.
DEV - using createWebHashHistory
Return Url in Azure and .env file: http://localhost:8080/#/
After the authentication (failed):
Blank page in the app.
PROD
In prod I must use createWebHasHistory otherwise I've got blank page from the beginning.
The first problem I've got in production is the url itself.
When I create the window I call the following url:
await win.loadURL('app://./index.html')
In azure I cannot use the same url because it's not a valid url.
If I use just:
await win.loadURL('app://index.html')
I've got blank page
Any idea?
Thank you
The solution I've found it's pretty simple. Probably it's not the most "elegant", but it works, at least for prod. In dev I've still got the same weird problem described above.
Basically I'm starting a node server (localhost:3031 for example), within the app itself, then I'm catching the redirect url with it (localhost:3031/redirect) and serving the internal url from it:
expressApp.get('/redirect', async (req, res) => {
await win.loadURL('app://./index.html#about')
})
As I said, it works and I don't see any security issue with that, but, if you have any other idea or suggestion, please let me know.
Thank you
UPDATE
I've found the issue with Dev as well. In order to authenticate I'm using what Microsoft is suggesting in its documentation.
If you look at the file AuthProvider.js there is this portion of code, at the beginning:
const CUSTOM_FILE_PROTOCOL_NAME = process.env.REDIRECT_URI.split(':')[0];
Down below, in the method "getTokenIteractive" there is this other piece of code that applies the new protocol:
protocol.registerFileProtocol(CUSTOM_FILE_PROTOCOL_NAME, (req, callback) => {
const requestUrl = new URL(req.url)
callback(path.normalize(`${__dirname}/${requestUrl.path}`))
})
In Dev my REDIRECT_URI is "http://localhost:3031/redirect", but the app protocol must be "app" (or whatever you have chosen) in order to work with Vue. So, I've just wrapped this last method in a condition based on the environment and now everything works as expected everywhere.
I hope all this can be useful to someone.
I ran into a similar issue and your solution helped me out, thank you! Can I ask how you handled the logout redirect?
Also have you tried onBeforeRequest to handle the redirects, instead of a node server?
It was used as an example in an auth0 blog: https://auth0.com/blog/securing-electron-applications-with-openid-connect-and-oauth-2/
Related
I've developed an API on Firebase Cloud Functions and I want to include a docs path to it.
I'm using swagger and I could successfully test it locally (localhost:PORT/docs) but when I deploy the function to Firebase it's not working, it redirects me to an authorization page.
I think I figured out why this is:
Let's say the name of my Cloud function is cfunc. Then the base url for it is something like https://region-name-project-name.cloudfunctions.net/cfunc. Based on how I included the swagger documentation:
const swaggerDoc = require('./docs/swagger.config.json')
app.use(
'/docs',
allowCors,
swaggerUi.serve,
swaggerUi.setup(swaggerDoc, {
customCssUrl: '/assets/swagger.css',
customSiteTitle: 'My Function Title',
customfavIcon: '/assets/logo.ico',
swaggerOptions: {
supportedSubmitMethods: [] //to disable the "Try it out" button
}
})
)
the docs should be located at https://region-name-project-name.cloudfunctions.net/cfunc/docs. When I try to access that URL, watching "Network" in my browser DevTools, it attempts a GET at that URL with response 304 and then redirects to https://region-name-project-name.cloudfunctions.net/docs and that's what brings up the Google Authentication page, since there's no Cloud Function named "docs" so Google thinks I'm trying to access something else in Firebase Cloud Functions (the same thing happens if I do something like https://region-name-project-name.cloudfunctions.net/tomato)
But I still don't know how to fix this redirect or why it's happening. I tried adding the Cloud Function URL to the host parameter of the swagger.config.json file, and some modifications to CORS, like allowing more Request Methods, adding json as content type, allowing authentication on headers, but nothing seems to be working.
Hope I was clear enought, if not tell me any other info you need (it's one of my first posts here :B)
Found the SOLUTION
After testing a BUNCH of different things, I found out that the redirection was in fact happening always removing one slice of the path after, for example I changed the docs endpoint to '/something/docs' and when accessing the URL that would be https://region-name-project-name.cloudfunctions.net/cfunc/something/docs it redirected to https://region-name-project-name.cloudfunctions.net/cfunc/docs which did not bring up the Google Authentication thing but now wasn't a valid path for my docs so it returned a 'Cannot GET /cfunc/docs'.
For some reason this redirection DOES NOT happen if you add an extra forward slash ('/') at the end of the documentation URL. So, in the first case, where the endpoint for the documentation is only '/docs', accessing the URL https://region-name-project-name.cloudfunctions.net/cfunc/docs/ does it. I do not know why that is, I'm probably posting an Issue on the swagger repo, but if someone has some extra data on why or how to make it work otherwise it would be awesome to hear.
Hope this helps someone else!
EDIT:
Oh and another thing I forgot, it's apparently better if you setup swagger-ui as if you were using express Router, even if you are not (maybe Firebase loads the Cloud Function with something like a router), so instead of app.use('/docs', swagger-ui.serve, swagger-ui.setup(swagger-file)) do app.use('/docs', swagger-ui.serve) and then app.get('/docs', swagger-ui.setup(swagger-file))
✨ Hello everyone!✨
General Problem:
I have a web app that has about 50 images that shouldn't be able to be accessed before the user logs into the site. This should be a simple answer I suspect, there are plenty of sites that also require this basic protection. Maybe I do not know the right words to google here, but I am having a bit of trouble. Any help is appreciated.
App details:
My web app is built in typescript react, with a node.js/express/mongoDB backend. Fairly typical stuff.
What I have tried:
My best thought so far was to upload them into the public folder on the backend server hosted on heroku. Then I protected the images with authenication middlewear to any url that had "/images/" as a part of it. This works, partially. I am able to see the images when I call the api from postman with the authenication header. But I cannot figure out a way to display that image in my react web app. Here is the basic call I used.
fetch(url,
{
headers: {
Authorization:token,
},
}
);
and then the actual response is just an empty object when I try to copy it
{}
but I also get this when I console log the pure response, some kind of readable stream:
from following related question
I came up with the following: (which is normally wrapped in a asyc function)
const image = await fetch(url,{headers:{ Authorization:token}});
const theBlob = await image.blob();
console.log(URL.createObjectURL(theBlob));
which gives me the link: http://localhost:3000/b299feb8-6ee2-433d-bf05-05bce01516b3 which only displays a blank page.
Any help is very much appreciated! Thanks! 😄
After lots of work trying to understand whats going on, here is my own answer:
const image = await axios(url, { responseType: "blob", headers: {Authorization: token }});
const srcForImage = URL.createObjectURL(image.data)
Why it makes sense now
So I did not understand the innerworkings of what was going on. Please correct me, but the following is my understanding:
So the image was being sent in binary. What I had to do to fix that was to set the reponseType in axios as "blob", which then sent a blob, which I believe means its base 64 encoded instead. Then the function URL.createObjectURL does some magic, and must save it to the browser as part of the page. Then we can just use that as the image url. When you visit it yourself, you must type the 'blob:' part of the url it give you too, otherwise its blank, or stick it in <img src={srcForImage}/> and it works great. I bet it would've worked in the original fetch example in the question, I just never put the url in a tag or included 'blob:' as part of the URL.
That's correct, you send the auth token and the backend uses that to auth the user (check that he exists in the DB, that he has the correct Role and check the jwt too)
The server only responds with the images if the above is true
If your server is responding with an empty object then the problem is the backend not the frontend, console.log what you're sending to the frontend
I have a problem with using routes in my application, it is a template built using Shopify CLI, React and Shopify App Bridge guided by this documentation here.
Every route I trigger does get sent to the _app.js file within my project as I can log most of the output in the console, but I can't get it to actually include paths of subpages in my apps like https://{apphost}/custompage will not navigate to custompage but an error handler and the custompage gets included in the query. The route and pathname fields of the props return
{
...
router: "_error",
pathname: "_error ",
...
}
instead of
{
...
router: "custompage",
pathname: "custompage",
...
}
I expected the above to be the result but it isn't. But the custompage url does however appear in the asPath field like this asPath: "/custompage?hmac={hmac}&host={host}&shop={shop}" pretend everything in {} has actual information.
The query field gets the fields it needs as it does on a working page. So the main issue is just routing.
With this in mind I have concluded that maybe I have issues on my side and triggering the server side routes handler, but I do not know where to start redirecting to exact pages instead of the index page that came with the boilerplate code. And I looked on their documentation but they skip most parts that are required to actually explain handling routing with their boiletplate codes. I do not want to edit major functions because I am worried they might stop the whole app from working but I need to be able to handle routes on the app without getting the An unexpected error has occurred. error when trying to route to subpages. Even extensions to whitelisted urls within my app trigger that error, so I think I need help with adding routing to the app or server.
Can anyone help me figure out what I am missing?
I am still new to Shopify but I can say that working with Shopify is a nightmare.
I am not sure if this is the final solution but for now this works: make sure that all the files you are trying to route to have the same naming as your path.
If you are routing to https://{appURL}/subpath then your JS file should be subpath.js . I currently can only get it to work if the file is in the same folder as my _app.js. If I move the file from ./subpath to /dir/subpath then I need to change the extension to https://{appURL}/dir/subpath in my Shopify app settings. It seems to operate relative to the _app.js file's location so keep that in mind.
If you used the Shopify CLI and shopify node create to create your app then this could help with your routing 400 headache.
I am testing my local app on https://localhost:44367/ using Chrome for google login.
My app is Angular 6 using .Net core
When i try to login using my credentials, it gives Error saying
Couldn't sign you in
This browser or app may not be secure.
Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in.
This used to work locally but it stopped working as of today.
Please help me
thanks
I've tried a lot of methods but only one worked for me. I was working with react.js and electron.js with firebase authentication then i get the same problem. This is what i did to solve my problem.
electron.app.on("ready", ()=>{
session.defaultSession.webRequest.onBeforeSendHeaders((details, callback)=>{
details.requestHeaders["User-Agent"] = "Chrome",
callback({cancel: false, requestHeaders: details.requestHeaders})
})
createWindow()
})
Alternatively You can also try this pass the userAgent value to Chrome when loading the URL as follows.
window.loadURL('/path/to/your/index.html`, {userAgent: "Chrome"})
Good Luck ✔✔✨✨
Please try sending another User Agent header from your app when you make requests to Google. They recently banned many "less secure apps".
I'm trying to develop an app with React and Node based on this documentation:
I followed the tutorial step by step but I'm stuck in testing the app with this URL format:
I replaced the ngrok address and my shopify store but I get the 404 error (This page could not be found.)
I found the same question in this link. So I renamed the .env to process.env but I still have the same problem.
Here is the .env file:
package.json :
server.js :
The error :
I don't think my answer is going to help many , But i am going to put it here anyway. So i had the same issue recently and i tried everything in stack-overflow and shopify community. And finally the problem was i had mistakenly copied my another app's apikey. So even if the apiKey is wrong the error probably you are going to face is the same "The redirect uri is not whitelisted."
Mistake I was doing that I forgot to postpend /auth/callback to Forwarding URL to the Allowed redirection URL(s) section generated by following command:
ngrok http 3000
so redirect url will be like:
https://SOME_STRING.ngrok.io/auth/callback
Yes there is an issue with your callback URL you have to define your app URL and callback URL in your shopify partner account where you create shopify app
Shopify partner account
You have to do as follow
open apps >> yourapp >> app setup >> Insert In URLs(Whitelisted redirection URL(s))
Once you whitelist your URL there then the issue is solve
Your Whitelisted redirection URL must be https
Make sure that App URL and Redirection URL in App Setup is correct
something like -
App URL => https://example.com/
Redirection URL => https://example.com/auth/callback (make sure don't put "/" in the last)
and in your project HOST should be: https://example.com/
this will surely help you!!!
I accidentally used the http address instead of the https one.
I guess that will happen once you restart your ngrok, and your ngrok address url has changed, you have to manually update your new ngrok in the following part:
Your AppUrl and Redirection Url in App setup. (Shopify dashboard)
In your .env file, Where you defined your SHOPIFY_APP_URL. (Code Editor)
I had a '/' at the end of SHOPIFY_APP_URL in the .env file, so the redirect url was wrong with '//auth/callback'
The problem I was facing was that the SHOPIFY_API_KEY and SHOPIFY_API_SECRET in the .env file were in quotes which are the same in your case too. For this quote error also, it was showing the same error. Basically it is the wrong API keys error. Can you try removing quotes and try again?
If that doesn't work, please check you are using HTTPS URL and not HTTP
I stuck in this error for 5-6 hours and it was just because I used ngrok and the https in ngrok is not working very well...
so I upload all of my content to a real server with https subdomain and everything is working fine now
Don't forget to check these for the host variable in your env file:
There should be no trailing / on the URL.
there should be no protocol mentioned for the URL
HOST=abcxyz.com and not HOST:https://abcxyz.com/
[ Solved ] 2022-08-03
I ran into the same error when I was trying to install Shopify App on Shopify Development Store for testing.
Make sure that there are no trailing slashes when copying and pasting the ngrok url in .env file
I was getting this error because I used a trailing slash - https://<Your ngrok url>/
. Using it without trailing slash https://<Your ngrok url> fixed the issue.
Also, make sure that you include the trailing slash in your App Settings in Shopify Admin. Even if you don't include it, Shopify will save it with a trailing slash automatically.
Next, test installing your app. If you see any other error then make sure that you are using proper Shopify API scopes in your .env file.
For me, it was that, in my beginAuth method, I had the whole url as the callback. It just wants the path.
I took it from
let authRoute = await Shopify.Auth.beginAuth(
req,
res,
process.env.SHOPIFY_STORE,
'https://stuff.ngrok.io/auth/shopify/callback',
false
)
to
let authRoute = await Shopify.Auth.beginAuth(
req,
res,
process.env.SHOPIFY_STORE,
'/auth/shopify/callback',
false
)
For me it was because I accidentally commented out the code where I set accessToken and shop
This error occurs when you use HTTP instead of HTTPS in allow redirection links secession in Shopify.