I need users to login from a page that has query parameters in the URI, and they need to be redirected back to this page after login. AAD doesn't allow response URIs to contain query parameters though. To make matters worse, the login page URI is dynamic (the query parameters determine the specific page the user is on), so I couldn't put just one response URI anyway. I also have no way of determining the exact parameters, so I can't list several either.
URI examples:
https://example.com/content?page=5211
https://example.com/content?page=6952
What can I do to have users redirected back to the login page so I can get an access token?
This has an answer here.
The answer refers to Google, but the same reason applies to Azure AD
Related
I am using Power Automate for all my API calls to Docusign. I want to be able to capture the authorization code when a user logs into Docusign and then run a flow to get access and refresh tokens.
My flows work when I manually copy the authorization code from a localhost redirection browser session and get the user tokens. I want to be able to redirect to a power automate webhook URL so that when the user logs in, the authorization code is redirected to the power automate webhook trigger where I can grab the authorization code and process it to get user tokens. As an example, I have set up a power automate HTTP webhook trigger and have a URL provided by MS to point to.
https://prod-63.westus.logic.azure.com:443/workflows/887839a887d945919f8a0bb1aa89d2fa/triggers/manual/paths/invoke?api-version=2016-06-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=_3pQLhhEORjAAe3V_IjCPNgBYnHnw2nrdP-oEoIPvyA
I registered this in Docusign as a redirect URL. No configuration or format error was indicated when registering this URL.
When I attempt to log in via a browser session, after entering my credentials, I get a redirection URL not properly registered error.
Are there format or length or other parameters that prohibit the use of this type of URL as a redirection in Docusign?
I'm 90% certain that the URL you are using is dynamic
The sig=_3pQLhhEORjAAe3V_IjCPNgBYnHnw2nrdP-oEoIPvyA
Represent something that will not be the same next time and therefore, my hunch is that it won't do no good to add this type of URL to the list of redirectURI.
You can check to make sure I'm right by looking at the URL you get when you get the error.
If I'm right, then you would have to change your approach to this.
If I'm wrong, then maybe there's some issue with some special character or some other inconsistency and I can ask our engineers to look into this.
It looks to me like you should use the Custom Connector Authorization section of your connector instead of your current approach.
See this doc
I have created a custom policy for signin and another for sign up. What I would like to do is send my users back to their original source page once they have hit the callback from the policy.
E.g. If they were on a blog page /some-article and hit signin, I would like them to end up back here, rather than just at the base callback url.
I couldn't see any clear way to send in data to a custom policy and return it so I can parse it at the call back. Or if there is a better way?
Azure AD B2C supports the state parameter. You can use this for whatever you want. I generally use it to save the last visited url via base64encoding.
IS there a way to have a parameterized ( or a uri with some wild cards) URI set to redirect
URI in the api portal of DocuSign?
From code I would set something like this.
ReturnUrlRequest.ReturUrl = "example.com/id=100"
On DocuSign API management portal, could I set Redirect URIs
example.com/id=[wildcard]
or
example.com/[wildcard]
where wildcard can be matched to anything?
Thanks
The term redirect_uri is used in multiple places within DocuSign systems.
The redirect uri used as part of the OAuth Authorization Code and Implicit grant flows can not be parameterized.
The redirect uri's that can be set via branding can include query parameters.
The redirect uri's used for embedded sending and other embedded flows can include query parameters.
Correct. To accomplish this, you can create and edit a custom brand for your signing experience. The Redirect URI (referred here as landing pages) can be customized.
To initialize your new custom brand, use the following endpoint.
POST /restapi/v2.1/accounts/{accountId}/brands
Then, in your app logic, you can update the landingPages property to your wildcard value. Note that this property accepts an array of name/value pairs specifying the pages to which the user is redirected after the following events occur:
Signing Completed
Viewed
Exit
Finish Later
Decline Session
Timeout
Authentication Failure
Full Guide on Branding here - https://developers.docusign.com/esign-rest-api/guides/concepts/branding
Here is the API Reference on Branding - https://developers.docusign.com/esign-rest-api/reference/Accounts/AccountBrands/create
I have a site with dynamic URLs, Now I want to set the Redirect URL in stripe standard account at runtime. I mean, For now, I am compelled to go to my account settings to redirect URL, is there any way we can add new redirect URLs using some API?
One way to solve this is to use the state property when you create an authorize link. This will be passed through the OAuth process.
https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_123&scope=read_write&state=special-value
When the user is redirected back to your site, you can grab the state value from the query string (special-value in my example) and then use that to help determine where to redirect the user to a final destination page after you fetch the user's credentials.
I am setting up a static website on Azure Storage that will basically be a single page where a user must fill in a value and then press a button. I generated a SAS that expires after 24 hours, but the other part I am struggling with is to limit access to the generated URL to a single-use only.
I've tried reading through the Azure docs on Microsoft's site but I couldn't find a way to do it
Basically I expect a user to click on the link and it should take them to the html page. But if they try and click on it a second time, it should throw an error saying that they cannot access the page or just give like a 403 response
It is not possible to define a SAS URL with number of times it can be used. As long as SAS token associated with the URL is valid, a user will be able to use that URL.
For this, you would need to use some kind of middleware. Essentially instead of taking user directly to SAS URL link, you take them to a separate link with a unique token. When the user lands there, you check if the token has already been used (by looking up in a database) and then take appropriate action i.e. either allow the user to the final destination or deny access.