I am facing issue with account linking in google action console. What should be parameter in the https://oauth-redirect.googleusercontent.com for successful account linking and redirecting me back to simulator?
Firstly I have used auth0 for account linking. It was successful v.i.a simulator i.e It was opening the auth0 login page where I logged in and it was showing me "Account Linking Successful" and redirecting me back to google simulator page for further testing. But when I used my website for authentication It is returning error while Account linking.
https://oauth-redirect.googleusercontent.com/r/airpurifier-dlfvrq?state=MY_STATE&access_token=KkvQ85d36b1ebcf0cea06a5148236tdVEp&token_type=bearer
returns "The parameter "code" or "error" must be set in the query string". as error message
When I intentionally add
https://oauth-redirect.googleusercontent.com/r/airpurifier-dlfvrq?state=MY_STATE&access_token=KkvQ85d36b1ebcf0cea06a5148236tdVEp&token_type=bearer&code=200
An error occurred in returning the result.
I have followed the entire documentation from https://developers.google.com/actions/identity/oauth2
Any help will be appreciated. Thanks.
As per the documentation the return URL should be in below format:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
Notice that you are using "?" after project ID which should be "#". Change it and try. It should work.
Related
I've cloned https://github.com/ananay/passport-apple-example and replaced the config with this:
clientID: "com.myname.web",
teamID: "myteamid",
callbackURL: "https://myurldev.com/auth/apple/redirect",
keyID: "mykeyid",
privateKeyLocation: path.join(__dirname, "../apple-key.p8")
I've also added SSL certificate on my machine and starting the server with https, all works fine & is recognized by my browser. I'm also starting the app on port 443 and proxying using my hosts file myurl.dev.com -> 127.0.0.1.
I have the same auth setup for facebook, google & microsoft and everything works fine.
I have:
Created a new APP identifier and enabled Sign in with Apple for it, named it: com.myname.dev
Created a new SERVICE identifier and enabled Sign in with apple, called it: com.myname.web
Added "https://myurldev.com/auth/apple/redirect" to the "Reply URLS" on the service identifier com.myname.web
Set my app identifier com.myname.dev as the main app identifier my service to be grouped with.
Created a private key and enabled sign in with apple, interface confirmed the presence of grouped ID com.myname.web bundled with com.myname.dev for which the key was created.
I have confirmed using console.log that the private key is indeed at the path being passed as parameter.
converted the .p8 file to base64 & then back to UTF-8 in an attempt to use the string for privateKeyString
successfully implemented Apple Oauth several times in the past using passport-apple
This time around, for some reason, auth simply doesn't work.
If I set the clientID as the APP identifier, not the service, I'm getting
invalid_request
Invalid web redirect url.
instead of invalid_client
Any advice on debugging this is highly appreciated. Thank you.
EDIT #1:
I have dug a bit deeper into the passport-apple package to figure out if anything goes against apple's docs around token generation, but the flow never reaches that part, indicating things go wrong on the actual configuration in Apple's console & what I'm trying to use for my project.
EDIT #2
2 of the app Ids I have created always throw "wrong redirect uri" because they're not service IDs so I can't configure redirect_uri, this will change if to "required" if I pass undefined as a redirect_uri.
One of the app ids throws only invalid client_id instead, regardless if I pass undefined or good value for redirect_uri.
EDIT #3
Went full vanilla through the OAuth code flow process and just created a url & redirected the user it, failing with this method is consistent with what is happening when using the passport-apple module.
const url = new URL("https://appleid.apple.com/auth/authorize");
url.searchParams.append("state", "fdbd287b1f");
url.searchParams.append("response_type", "code");
url.searchParams.append("scope", "name email");
url.searchParams.append("response_mode", "form_post");
url.searchParams.append(
"redirect_uri",
"https://raiseitupdev.com/auth/apple/redirect",
);
url.searchParams.append("client_id", "com.myname.web");
return res.redirect(url.toString());
[Creator of the library here.]
Did it stop working in development too? I feel this is a configuration error because the actual thing is working live on my website:
https://passport-apple.ananay.dev
Please follow up on this Github issue. Thanks!
https://github.com/ananay/passport-apple/issues/23
I'm trying to use the example project, but I keep getting this message:
DocuSign Exception!
Reason: 0
Error Reponse: null
I have configured everything following the instructions in the repository page.
I have tried debugging the class responsible for the HTTP Post, but so far I got nothing.
Probably you need to grant consent for the integration key to impersonate the user.
See https://github.com/docusign/docusign-java-client/issues/111#issuecomment-513537950
I have a User Flow for Password Reset set up with Email Verification. When I verify an email account that doesn't exist in our AD group, there's an error
There appears the error "An Account Could Not Be Found for this user ID".
Hitting 'Continue' causes a "Please wait while we process your information" message.
Hitting continue again a few times seems to take me to an error url like: B2C_1_ResetPassword/api/SelfAsserted/error?code=UX012 ... max retries reached
I have a Hacky Fix of sorts that binds Clicking on the Continue when the Error message is present to disabling the Continue button.
<script>
$("#continue").click(function (){
var claimVerification = $('#claimVerificationServerError:contains("account could not be found for the provided user")');
if(claimVerification.length > 0){
$("#continue").prop("disabled", true);
}
});
</script>
I have to "Enable JavaScript enforcing page layout (preview)" option turned on for this to sort of work though.
Is there a more correct solution to this issue?
As I tested with our default experiences as well as the current available templates, it doesn't seem like "Please wait while we process your information" will ever display persistently. Can you check if your css is not adding additional properties to the element used for displaying such message?
For the second scenario, it is for now by design to redirect to your client where you can setup certain logic to handle the error code "AADB2C90157" we return from the url.
I am banging my head trying to use Flickr API...
My goal is to be able to upload images and create albums in my Flickr account from my website...
I tried the phpFlickr library but apparently it needs updates for getting authenticated tokens...It keeps giving me "Invalid auth token".
I did some reading on how to get tokens and using DPZFlickr managed to get oauth_token & oauth_verifier but failed to exchange that with an access token...It also failed in uploading any photo to my account using the included upload.php example (Giving me an "empty" error!).
After digging in DBZ flickr.php code, I managed to get this error when trying to upload to Flickr: "oauth_problem=signature_invalid&"
So I began to search how to create a valid signature to eventually get a valid access token...and concluded that it is quite some work to be done here if I am going to build everything from scratch.
So my question is: Are there any updated php libraries that I can use to successfully create albums and upload photos to my Flickr account? Or should I go ahead and try building one?
OK..I finally got it to work with the DPZ library.
For future reference anybody facing the same problem as I had:
I managed to create an album using DPZFlickr by changing the method in auth.php to flickr.photosets.create....which indicated that the library correctly generates an access token with write permission..
However, the upload example kept giving me the "Invalid signature" error....
I checked the code. Flickr.php correctly unsets the photo parameter before signing the request then adds it back and submits the request which is exactly as indicated in: www.flickr.com/services/api/upload.api.html
I found a discussion in https://www.flickr.com/groups/51035612836#N01/discuss/72157650261711318/ that cleared out that the error was not actually a signature problem, but rather the 'photo' parameter that is being sent is the problem. It's just that Flickr doesn't know what to do with the photo parameter so it sends the signature error.
So what' wrong with the photo parameter?
Flickr API requires that the image has to be sent in binary form...The DBZ library, Flickr.php script line 677, does the hard work for us using the cURL function in php (http://au.php.net/manual/en/function.curl-setopt.php).
It sends the $parameters (which includes the uploaded photo) to the post field of the http request which should do the upload in binary format for us.
However, a brilliant comment I found in CURL PHP send image
states that:
"CURLOPT_SAFE_UPLOAD defaulted to true in 5.6.0... so you will need to add curl_setopt($ch, CURLOPT_SAFE_UPLOAD, false); before setting CURLOPT_POSTFIELDS"
Checking the manual: http://au.php.net/manual/en/function.curl-setopt.php
it says:
"Added in PHP 5.5.0 with FALSE as the default value. PHP 5.6.0 changes the default value to TRUE."
So if your php version is 5.5.0 the library will work just fine whilst if using version PHP 5.6.0 you need to add a line before 677 in Flickr.php to change the CURLOPT_SAFE_UPLOAD to false (that's why the library works with some and others not).
To solve the issue...Just add this line before line 677 in Flickr.php:
curl_setopt($curl, CURLOPT_SAFE_UPLOAD, false);
That's it. (-:
I want to implement the Google Drive API to my web application using NodeJS and I'm struggling when I try to get a token via OAuth.
I've copied the code from this guide and run the script using Node and it returns an error in this line:
var redirectUrl = credentials.installed.redirect_uris[0];
Googling around I found that I can set that variable as http://localhost:8080 and set the same value in the Authorized redirect URIs configuration in the Google Developers Console and that error goes away, fine, it works. Now it asks for a code that I should get by using an URL.
https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&response_type=code&client_id=CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8080
Then I've added the client id and enter to that URL with Chrome and then returns a connection refused error. No clue what to do in here, I searched about my problem and I can't found an answer. By looking at the direction bar in Chrome I see that there's a parameter called code and after it, there's random numbers and letters. Like this:
http://localhost:8080/?code=#/r6ntY87F8DAfhsdfadf78F7D765lJu_Vk-5qhc#
If I add any of these values it returns this error...
Error while trying to retrieve access token { [Error: invalid_request] code: 400 }
Any ideas on what should I do? Thanks.
Did you follow all the directions on the page you indicated, including all of those in Step 1 where you create the credentials in the console and download the JSON for it? There are a few things to note about creating those credentials and the JSON that you get from it:
The steps they give are a little different from what I went through. They're essentially correct, but the "Go to credentials" didn't put me on the page that has the "OAuth Consent Screen" and "Credentials" tabs on the top. I had to click on the "Credentials" left navigation for the project first.
Similarly, on the "Credentials" page, my button was labeled "Create Credentials", not "Add Credentials". But it was a blue button on the top of the page either way.
It is very important that you select "OAuth Client ID" and then Application Type of "Other". This will let you create an OAuth token that runs through an application and not through a server.
Take a look at the client_secret.json file it tells you to download. In there, you should see an entry that looks something like "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"] which is the JSON entry that the line you reported having problems with was looking for.
That "urn:ietf:wg:oauth:2.0:oob" is a magic string that says that you're not going to redirect anywhere as part of the auth stage in your browser, but instead you're going to get back a code on the page that you will enter into the application.
I suspect that the "connection refused" error you're talking about is that you used "http://localhost:8080/" for that value, so it was trying to redirect your browser to an application running on localhost... and I suspect you didn't have anything running there.
The application will prompt you to enter the code, will convert the code into the tokens it needs, and then save the tokens for future use. See the getNewToken() function in the sample code for where and how it does all this.
You need to use this code to exchange for a token. I'm not sure with nodejs how to go about this but in PHP I would post the details to the token exchange url. In javascript you post array would look similar to this ....
var query = {'code': 'the code sent',
'client_id': 'your client id',
'client_secret': 'your client secret',
'redirect_uri': 'your redirect',
'grant_type': 'code' };
Hope this helps
Change redirect uri from http://localhost:8080 to https://localhost:8080.
For this add SSL certificates to your server.