Why do you have to prepending SU: to actor ID in a getstream-io feed update?
data = {'actor' : 'SU:ronald',
'message': 'hello',
'object' : 'object',
'verb' : 'post'
}
Without SU: I get the error: The policy "Don't impersonate other users" (900) blocked this request.
{'detail': 'The policy "Don\'t impersonate other users" (900) blocked this request, please consult the documentation https://getstream.io/docs/',
'status_code': 403,
'code': 17,
'exception': 'NotAllowedException',
'duration': '0.17ms'}
The answer I got from Stream.io support...
We are prefixing the userID within the Stream API with this.
SU: prefix means stream user reference such that when you call
enrich endpoints to read feeds, it will replace strings with referenced user object.
Actor colon rule is for prefixes, and simply ignore rule for regular exact string match.
Related
I am trying to custmoize the User Flows (Policies) by changing the Page layout. I followed this example, first putting my html file on a public folder on my webspace, then also setting up the Blob Storare and CORS (Tested with test-cors.org).
In both cases, once I set the Custom page URI, when I Run user flow I get the following exception:
ArgumentException: An item with the same key has already been added. Key: MicrosoftIdentityError
System.Collections.Generic.Dictionary<TKey, TValue>.TryInsert(TKey key, TValue value, InsertionBehavior behavior)
System.Collections.Generic.Dictionary<TKey, TValue>.Add(TKey key, TValue value)
Microsoft.AspNetCore.Mvc.ViewFeatures.TempDataDictionary.Add(string key, object value)
Microsoft.Identity.Web.TempDataLoginErrorAccessor.SetMessage(HttpContext context, string message)
Microsoft.Identity.Web.AzureADB2COpenIDConnectEventHandlers.OnRemoteFailure(RemoteFailureContext context)
Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions+<>c__DisplayClass5_2+<<AddMicrosoftIdentityWebAppInternal>b__5>d.MoveNext()
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
If I load it through my DemoApp I get the following error:
Message contains error: 'server_error', error_description: 'AADB2C90047: The resource 'https://emab2cblobstorage.blob.core.windows.net/root/customize-ui.html' contains script errors preventing it from being loaded. Correlation ID: ba1a35d8-4727-4a2a-b06e-30a5ca7a9ea1 Timestamp: 2021-03-15 13:49:30Z ', error_uri: 'error_uri is null'.
Don't find any help on the web.
Edit:
This are the Azure CORS settings:
I don't see the correct Access-Control-Allow-Origin header coming back when I make a request to your HTML.
Add https://your-tenant-name.b2clogin.com to the Allowed Origins on the storage account.
https://learn.microsoft.com/en-gb/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-user-flow#3-configure-cors
I found out the problem. When I set up the CORS settings i did not read Use all lowercase letters when entering your tenant name of the guide. If uppercase letters are used, this exception is thrown. Switching to lowercase was the key!
I have a GraphQL API that is governed by a permission system that I implemented.
I tried going with Graphql-shield but I didn't want to error out on the whole request if the client requests a forbidden field, so instead I implemented my own permission system.
Now, I need to solve a problem:
The way I implemented the permission system means that every field is checked if it is permitted and if it is not then null is returned. However, I would like to return some indication that the field was not actually null but that the field was "not permitted".
I thought about doing it in two ways:
During each check I append to some query-wide variable all fields that are not accessible and return it along with the query (probably in some middleware of some sort)
I extend all of the objects in my schema with a "permitted" field in which I return the value of the permission
Any suggestions ?
IMHO not worth the effort ... api faq or docs (available in graphiql/playground) can contain notice about 'unexpected null', ACL resons etc. It's enough for majority of use cases.
If you still want to include some [debug] info in response extensions are for that, f.e. https://github.com/apollographql/apollo-tracing , - in this case:
just attach a list of 'field access denied' [structured] notices;
collect them (in/from resolver) in some context object, attach in middleware (?), before overal response return;
Make it configurable (debug mode), too.
If you are familiar with Paypal api, you would know that after the payment gets aprroved you gett redircted to a success page where it has transaction Id peramter for completing the payment.This parameter id can be invalid if the user alter it or it doesn't exists.
When the id is invalid you get this errror RESOURCE_NOT_FOUND.
What I want to do is to check if the id exist. I tried using this method but it is still making the error:
const request = new paypal.orders.OrdersGetRequest(orderID);
const order = await client().execute(request);
Your edited question makes more sense, you are concerned about a "RESOURCE_NOT_FOUND" error after a return from PayPal, and asking how to avoid this error.
A 'Get' request on a bad resource ID will result in the same "RESOURCE_NOT_FOUND" error.
Well, that is expected. Do your Get, and if RESOURCE_NOT_FOUND, there you go -- that's the answer to your check -- it's not valid.
In Azure API Management, I need to check whether or not a query parameter is set. To achieve this, I'm trying to use context.Request.Url.Query.GetValueOrDefault(queryParameterName: string, defaultValue: string).
According to the documentation, this expression works as follows -
Returns comma separated query parameter values or defaultValue if the parameter is not found.
With that in mind, I used the example from the MS blog Policy Expressions in Azure API Management, to create the following <inbound> policy -
<set-variable name="uniqueId" value="#(context.Request.Url.Query.GetValueOrDefault("uniqueId", ""))" />
However, whenever I include this policy, execution fails with 404 Resource Not Found. Upon inspection of the trace, I can see that the execution was aborted without error before a single policy was evaluated (no matter where within <inbound> the above policy is placed.
This behavour results in the following <backend> trace, which explains the 404
"backend": [
{
"source": "configuration",
"timestamp": "2017-09-07T12:42:13.8974772Z",
"elapsed": "00:00:00.0003536",
"data": {
"message": "Unable to identify Api or Operation for this request. Responding to the caller with 404 Resource Not Found."
}
}
],
Given that the MS documentation seems to be inaccurate, how can I check whether or not a query parameter is set?
So the answer here is that there is (another) MS bug.
When the API operation was originally created, the uniqueId query parameter was set as required. I changed this so that it was not required before adding the policy described in my question, however a bug within the new Azure Portal means that when you uncheck the Required box adjacent to the query parameter and then save your changes, they are ignored.
I was able to work around this behaviour be editng the YAML template in the OpenAPPI specification view, removing the declaration required: true for the query parameter in question. The expresion within my policy now works as expected.
Please note: that this workaround sheds light on yet another bug, where saving the template results in your policies being deleted, so make sure you take a copy first.
If I have an Office 365 Group/Microsoft Team with the ID "testteam#example.onmicrosoft.com", and I want to query it using one of the beta APIs such as this one, I need to query a URL such as https://graph.microsoft.com/beta/groups/{id}/threads. However, I am stuck on encoding the team name. https://graph.microsoft.com/beta/groups/testteam#example.onmicrosoft.com/threads, https://graph.microsoft.com/beta/groups/testteam#example%2Eonmicrosoft%2E/threads, and https://graph.microsoft.com/beta/groups/testteam#example/threads, https://graph.microsoft.com/beta/groups/"testteam#example"/threads, and https://graph.microsoft.com/beta/groups/"testteam#example.onmicrosoft.com"/threads all return the following error
"error": {
"code": "Request_BadRequest",
"message": "Invalid object identifier 'whatever_I_entered'."
As far as I understand it's just regular URL Encode. For example in JS you may use function encodeURIComponent(str). If you want to try use online URL encoder. For example encoded version of testteam#example.onmicrosoft.com will looks like testteam%40example.onmicrosoft.com and your graph request would be https://graph.microsoft.com/beta/groups/testteam%40example.onmicrosoft.com/threads
EDIT:
In the request you need to use Id of the group. For example: Get Group request may looks like ... and the group id is c28c1cc9-e1ab-4c4d-98d1-d8fdf128b60f
https://graph.microsoft.com/v1,0/groups/c28c1cc9-e1ab-4c4d-98d1-d8fdf128b60f?$select=description,allowExternalSenders