When I try to register a new user throw the Node API I get, in the API logs: "Registration of sam failled: identity is alrady register". This is also visible from the CA logs.
However, when I invoque some transaction with that user, I get: "Identity not found in wallet", which is incoherent with the previous logs. Also, if I inspect the API container, there is no ID for sam in the wallet folder.
I would apreciate help! Thaks.
Can you check the wallet path, from where it's reading the identity of sam?
Related
I have a Firebase Cloud Function that invokes an Admin SDK service account to request the Remote Config template to compare changes to the previous version. I have this working in 2 other Firebase instances, but in this instance, I'm getting this error in the cloud function logs:
Function execution started
rejected token
"status": "PERMISSION_DENIED"
error encountered:
"error": {
"code": 403,
"message": "[AUTHORIZATION_ERROR]: User does not have the following permission: GET_TEMPLATE",
Function execution took 139 ms, finished with status: 'ok'
I have tried adding these permissions to the service account:
Cloud Functions Admin
Editor
Firebase Analytics Viewer
Firebase Remote Config Admin
Service Account Token Creator
I have also tried deploying this cloud function on 3 different service accounts and they all receive the same error.
Any suggestions would be most welcome.
This issue was resolved by adding the required permissions (cloudconfig.configs.get, cloudconfig.configs.update, and firebaseanalytics.resources.googleAnalyticsReadAndAnalyze) to the 'App Engine default service account'. This was confusing because we had thought that the default Firebase Admin SDK 'firebase-adminsdk-*****#projectId.iam.gserviceaccount.com' would be the default service account used to access the Remote Config GET_TEMPLATE. I know for certain we also tried manually specifying this service account when initializing the app in the Cloud Function. We even tried changing the 'Runtime service account' in the Cloud Function -> Edit -> 'Runtime, build, connections and security' settings to use the service account and that didn't work (which seems like that might be a bug). Only adding the correct permissions to the App Engine default service account seemed to work in this instance.
The only Remote Config permissions are cloudconfig.configs.get , cloudconfig.configs.updateand firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase IAM Permissions lists the roles required for each product.
Also, it is important to note that "To authenticate a service account and authorize it to access Firebase services, you must generate a private key file in JSON format". Steps on how to do it and the same error similar to yours can be found in this thread
my solution was adding the Firebase Remote Config Admin role to the XYZ-123#appspot.gserviceaccount.com. not great that this is buried...!
Error
When calling admin.auth().createCustomToken() I am getting the following error:
Error: The caller does not have permission; Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens for more details on how to use and troubleshoot this feature.
The provided documentation leads me to believe that the service account I am initializing the Firebase Admin SDK with does not have sufficient permissions. I don't believe this to be the case, so I want to ask and see if I've missed anything.
Configuration
Firebase Admin SDK is initialized in the backend like so:
admin.initializeApp({
serviceAccountId: 'firebase-adminsdk-xxxxx#my-project-id.iam.gserviceaccount.com'
});
Technically the value is referenced from an env var, but I have confirmed this value to be correct.
The service account being used has the following roles:
roles/firebase.sdkAdminServiceAgent
roles/iam.serviceAccountTokenCreator
Per the documentation, the required permission for creating custom tokens is iam.serviceAccounts.signBlob. This permission is part of the iam.serviceAccountTokenCreator role as per this output:
❯ gcloud beta iam roles describe roles/iam.serviceAccountTokenCreator
description: Impersonate service accounts (create OAuth2 access tokens, sign blobs
or JWTs, etc).
etag: AA==
includedPermissions:
- iam.serviceAccounts.get
- iam.serviceAccounts.getAccessToken
- iam.serviceAccounts.getOpenIdToken
- iam.serviceAccounts.implicitDelegation
- iam.serviceAccounts.list
- iam.serviceAccounts.signBlob
- iam.serviceAccounts.signJwt
- resourcemanager.projects.get
- resourcemanager.projects.list
name: roles/iam.serviceAccountTokenCreator
stage: GA
title: Service Account Token Creator
Lastly, the code in question that is erroring out is as follows:
try {
const loginToken = await admin.auth().createCustomToken(uid);
return response(200).json({ loginToken });
} catch (err) {
...
}
The uid comes from signing in a user via a GoogleUser credential - the provided uid is confirmed to be accurate, and this flow works locally when referencing a JSON key file for the same service account.
Server is running on GKE, in case it could be a cluster permission error.
Any help would be greatly appreciated!
EDIT - RESOLVED
Hiranya's answer did the trick - the K8s deployment had been configured with a service account whose original intent was only to enable Cloud SQL Proxy. Giving this service account the serviceAccountTokenCreator role solved the issue.
You need to make sure the service account that the SDK is authorized with (not the one specified as serviceAccountId) has the token creator role. This is the service account auto-discovered by Google Application Default Credentials. In case of Cloud Functions this is the service account named {project-name}#appspot.gserviceaccount.com. You need to figure out the equivalent service account for GKE and grant it the token creator role.
I have an app that displays user's instagram media(like some of the dating apps).
Also, my app has been reviewed successfully for permissions - instagram_graph_user_profile and instagram_graph_user_media and is in live mode.
But in the Facebook Developer Console, the instagram icon is not turning up green.
Please refer the screenshot.
https://drive.google.com/open?id=1VnMHLqjTf1oRbvcm2g8Ol80AfB3JqMOg
Flow to display the media is as follows.
1. My app ask users to authorize using
https://api.instagram.com/oauth/authorize?client_id=instagram-app-id&redirect_uri=redirect_uri&scope=scope&response_type=code&state=state
2. Above api responds with a code.Then backend calls -
https://api.instagram.com/oauth/access_token
with params - client_id, client_secret, code, grant_type, redirect_uri
3. Once I receive token from above API, I request long lived token from short-lived token using -
https://graph.instagram.com/access_token?grant_type=ig_exchange_token&client_secret=xyz&access_token=abc
4. Using the long lived token, server requests user info using API -
https://graph.instagram.com/me?fields=id,username&access_token=abc
5. Using the same long lived token, server makes request to get user media using API -
https://graph.instagram.com/me/media?fields=id,media_type,media_url,username,caption,timestamp&access_token=abc
This flow works only for test users(Instagram test users who accepted invitation of being a tester in Instagram Developer Platform).
When non-test user tries to view media, on step 3, I get an error saying -
{ "error": {
"message": "Unsupported get request.",
"type": "IGApiException",
"code": 100,
"fbtrace_id": "A0A24rNXCScki9Ck-8J_55b" } }
Am I missing something?
This is how I see my Business API Settings.
Please refer the screenshot.
https://drive.google.com/open?id=1Dfdihf20krEcYEmoh8z43_a1T5UQStXr
Under my App review section, I do not see any relevant permission that needs to be reviewed again.
Edit 1 -
Note - My app is in beta mode (not yet live on play store).
Could this be the reason?
I just went through a similar process getting my app ready for the old API to officially depreciate. I finally found this— hope it helps:
https://developers.facebook.com/community/threads/2219648518091109/
"After your app has been approved, you can get the contract from your Business Manager. You need to do it on a Computer (mobile wont work) and have to be an Admin on the Business.
From your business Manager you just go to Business Info -> Business Contract (https://business.facebook.com/settings/info)
Please, let us others if this answer helped you!"
Thanks to Juanu for sharing!
Generating the public key but not able to generate the private key of admin user while registering a new user through REST services in blockchain network and also getting below mentioned error.
Error:Failed Error: Private key missing from key store. Can not
establish the signing identity for user admin.
Followed the below steps :
Created a network in hyperledger fabric.
Created new a node application to publish the rest services by
referring the existing "balance-transfer" application.
Then started the node application.
Testing the rest services url in postman tool.
Getting the above mentioned error while testing the url http://localhost:4000/users in Postman tool.
Error at code level:
app.js--->helper.js
let adminUserObj = await client.setUserContext({username: admins[0].username, password: admins[0].secret});
Please suggest.
Remove the folders holding key-value store for organizations -> fabric-client-kv-* from the balance-transfer fabric sample.
rm -rf fabric-client-kv-*
Then create the network again. This resolved the issue for me.
have you tried to restart the network completely? (by using the "runApp.sh" script for that?) Take a look inside this script to the restartNetwork() function, where the "fabric-client-kv-org" folders in your balance-transfer folder are removed.
Does it work?
Error: 3-2-13-P---(TESTMODE) The merchant login ID or password is invalid or the account is inactive.
Error: Failure in Processing the Payment (ps_authorize)
I'm getting this kind of typical error while i'm checkout order.....
I've done all the process that need for Authorize payment gateway....
both the component are in test mode...even i've apply API login id and transaction key..
still this kind of error occurs....
help me out.. my project deadline is on my head...
Assuming you have the API login and transaction key correct, most likely you are querying the incorrect server. In Virtuemart > Store > List Payment Methods > Credit Card > Configuration check your Authorize.net Server Hostname. In test mode it should be test.authorize.net and secure.authorize.net for live transactions.