I've registered a new web app in the https://portal.azure.com and I'm trying to access it through the DNN OAuth provider. Now, I've already added the https://www.dnn.pt/Login to the list of reply urls, but whenever I try to authenticate myself, I end up getting the AADSTS50011 error:
AADSTS50011: The reply address 'https://www.dnn.pt/Login' does not match the reply addresses configured for the application: 'XXXXXXXX'. More details: not specified
Btw, here's what my replyUrls looks like:
"replyUrls": [
"https://wwww.dnn.pt/Login"
],
And here's the URL that I'm using to get the authentication process rolling (removed the tenant id and app id from the url:
https://login.microsoftonline.com/{tenant id}/oauth2/authorize?scope=email&client_id={app id}&redirect_uri=https%3a%2f%2fwww.dnn.pt%2fLogin&state=Azure&response_type=code
I know that I'm doing something wrong, but can someone please point me in the right direction?
thanks guys!
As mentioned in the comment, you have an extra w in your replyUrls. Since the value mentioned there doesn't match with what's specified in the URL sent for authentication/authorization, you're getting this error.
Please change the replyUrls to:
"replyUrls": [
"https://www.dnn.pt/Login"
],
And that should fix the error.
Related
I am following the tutorial here: https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/get-started-webhooks
I am having trouble finishing step 5. Postman always gives me this error and I am not sure why.
Troubleshooting details
If you contact your administrator, send this info to them.
Copy info to clipboard
Request Id: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Correlation Id: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Timestamp: 2022-11-18T09:34:11Z
Message: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX(Postman App). Resource value from request: https://<mysite>.sharepoint.com. Resource app ID: 00000003-0000-0ff1-ce00-000000000000. List of valid resources from app registration: fe7b6ec1-3281-4dd6-8864-dff33cd1021e, 00000003-0000-0000-c000-000000000000.
Flag sign-in errors for review: Enable flagging
If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.
00000003-0000-0000-c000-000000000000 is Graph.
fe7b6ec1-3281-4dd6-8864-dff33cd1021e is SharePoint Online Client Extensibility Web Application Principal Helper.
In the error it says the app id (00000003-0000-0ff1-ce00-000000000000) that I am trying to use and then lists the valid resources form my app. I can add another resource to the app and it will be listed there in the error message but I do not know how to add my specific resource to the list. Does anyone know how I can do that or if that is even what I need to be doing?
I tried to reproduce the same in my environment and got the results successfully like below:
I created an Multi-Tenant Azure AD application and consented the below API permissions:
To generate the access token, I used below parameters:
Grant Type : Authorization Code
Callback URL : redirect_uri
Auth URL : https://login.microsoftonline.com/common/oauth2/authorize?resource=https://TENANT.sharepoint.com
Access Token URL : https://login.microsoftonline.com/common/oauth2/v2.0/token
Client ID : CLIENTID
Client Secret : ClientSecret
Access token successfully generated like below:
To get Documents list Id click on Use Token and execute the query like below:
GET https://XXXX.sharepoint.com/_api/web/lists/getbytitle('Documents')?$select=Title,Id
I am trying to sign up the users using Azure B2C(by doing this I am using MSAL with Angular),
by mail confirmation, captcha v2(google) and MFA.
For the first attempt I used just a normal sign up with the email and afterwards with MFA and had no issues creating the users.
Than I added captcha and in my sign-up, meaning that I needed to use a custom page.
To add captcha feature I used the following process from this link Link - Create Captcha with Azure B2C (regarding one step that is described in the article, the azure function was created in the portal, because locally I had some issues)
In my sign up page where you add the email address and all the claims of the user, after adding all the claims and checked the captcha feature, than press for create, appears the following message:
errorCode: "AADB2C90261" message: "The claims exchange
'PreUserWriteRestful' specified in step '1' returned HTTP error
response that could not be parsed." status: "400"
AADB2C90261 -Taken from Microsoft page - Error Code - The claims exchange '{0}' specified in step '{1}' returned HTTP error response that could not be parsed.
Also the MFA feature doesn't appear. What can be ? that I missed to do ? Or what it represents ?
Tested without MFA and the same issue persists
Did anybody that is using Azure B2C added captcha ?
Thank you.
I tried to reproduce the same in my environment and got below results:
Initially I deployed Azure Function via Portal and left index.js file as default like below:
I configured one API connector named Verify Captcha by adding above function URL in endpoint like below:
Now I added this API connector to my user flow like below:
When I ran the user flow by entering required details in Sign up page and checked the captcha feature, I got the same error as below:
To resolve the error, I tried deploying 2 Http Trigger Functions locally:
HttpTrigger1 - modified index.js file with this GitHub code
and installed required modules like below:
HttpTrigger2 - left index.js file with default code like below:
By updating properties in local.settings.json file, I deployed these functions to Azure:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "",
"FUNCTIONS_WORKER_RUNTIME": "node",
"BASIC_AUTH_USERNAME": "xxxxx",
"BASIC_AUTH_PASSWORD": "xxxxx",
"CAPTCHA_SECRET_KEY": "6LfoQ9oxxxxx21BEE23-kPQkv6QIQt8",
"B2C_EXTENSIONS_APP_ID": "dcxxx0b0-d5xf-42x-b1a4-97xxx689x1"
}
}
Response:
When I checked in Azure Portal, functions are updated successfully like below:
I configured another API connector named Verify Captcha server side by adding above function URL in endpoint like below:
Now I updated API connector with above in my user flow like below:
I ran the user flow by entering required details in Sign up page and checked the captcha feature like below:
When I selected Create account, I got response like below:
It may take some time to complete the captcha like below:
When I tried the same with default index.js like HttpTrigger2, I'm getting same error as you. So, make sure to replace code in your index.js file with this GitHub code.
You can try the same in your environment locally to resolve the issue.
I am trying to follow the tutorial for Microsoft active-directory
After inputting the client ID and secret into the code and running the code, it takes me to the login page where I login with the credentials but I get the following error:
"errorCode": "request_cannot_be_made",
"errorMessage": "Token request cannot be made without authorization code or refresh token.",
"subError": "",
"name": "ClientAuthError"
Does anybody know what is going on here?
The sample code works well: https://github.com/Azure-Samples/ms-identity-node/
When using auth code flow, we need to get authorization code with getAuthCodeUrl() first, then obtain the access token with the authorization code by acquireTokenByCode(). You may miss getting authorization code, please check yours.
Notes:
Set Supported account types as "Accounts in any organizational directory and personal Microsoft accounts". If not, change 'common' in authority with your tenant-id.
redirectUri in the sample code needs to be the same as Redirect URI in the portal.
I'm developing an API using VS 2017, which I'm testing using Postman. I've been following this blog post Getting started with Windows Azure AD Authentication using Postman. I finally got it to give me an access token and a refresh token. About 3 quarters of the way through the post I came across this:
resource : https://management.core.windows.net
which has to be put into Postman (I'm using the Windows app version of Postman). I wasn't sure what that was for, so I left it off. I eventually got an access token and a refresh token, but when I when to get more info for all subscriptions, I got errors saying that I had specified a valid resource. So, I thought what I'd have to do was start over again, but re-authenticating and getting a code from Azure. I did so, and put that into Postman, as the blog post instructs. However, issuing this POST results in this error:
"error": "unauthorized_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: d37abf69-42ce-4571-b146-f3422e73f041. Resource value from request: https://management.core.windows.net. Resource app ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013. List of valid resources from app registration: 00000002-0000-0000-c000-000000000000.\r\nTrace ID: 9f028899-6d03-409e-8db4-4e9905000300\r\nCorrelation ID: ec253a1b-9fdc-495f-9310-6b40a42e5d93\r\nTimestamp: 2018-11-19 22:20:02Z",
"error_codes": [
70002,
65005
]
I don't understand why nor what I could have done wrong. I've prespecified the resource as the tutorial instructed, so what have I done wrong?
Looking at the error message, it seems you could have missed adding relevant permissions for "Windows Azure Service Management API" to your app registration.
Steps:
Go to Azure Portal > Azure AD > App registrations > Your app (with app id: d37abf69-42ce-4571-b146-f3422e73f041)
Go to Settings > Required permissions > Add > Select "Windows Azure Service Management API"
Select the relevant permission under Delegated permissions section. Click on select and then "Done". You should get a notification in portal that successfully added permissions. You should see Windows Azure Service Management API listed under required permissions as well.
After these steps, continue as per the blog post you've mentioned with Postman steps to get the access token again.
I found myself in the same situation when i was trying to setup Postman. Its not as complicated as most blogs make seem. I created a tutorial to try to make the process easy.
http://hazelnest.com/blog/blog/2018/11/17/azure-postman-configuration/
https://youtu.be/2bfgeBKRxl4
Hope this helps.
I used to get user image through this URL
https://plus.google.com/s2/photos/profile/(user_id)?sz=150
but now what all I am getting is 404 error or no image. I know google has changed its policies and way it connects and allows other to get information, but I didn't anything to achieve same result as above.
Note: I can't use authenticate thing here since I am showing image of users to other users which are not connected at all.
OR in other way user may be not coming from Google log-in but I need to show other Google users images only.
Any help would be highly appreciated!!!
Edit:
I have checked through people.get method
https://www.googleapis.com/plus/v1/people/11595...3592320?key=AIzaSyCkdmtNN1XDg....EpepOIIs
but I am getting error saying
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
],
"code": 403,
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
}
Edit: I have this already enabled since I am using Google+ log-in already in my site, here I am attaching screenshot:
Earlier I have also the same problem for my site after so much of research and efforts I found solution from my self and i hope that will also work for you and solve your problem:
Old Trick
Google had changed their policy so the old trick for getting the Google profile image will not work now.
e.g https://plus.google.com/s2/photos/profile/(user_id)?sz=150
New Trick
Get Request:
https://www.googleapis.com/plus/v1/people/115950284...320?fields=image&key={YOUR_API_KEY}
Response :200 OK
{
"image":
{
"url": "https://lh3.googleusercontent.com/-OkM...AANA/ltpH4BFZ2as/photo.jpg?sz=50"
}
}
Where YOUR_API_KEY is your Public API Access key which is generated through Credentials under APIs & Auth from https://console.developers.google.com/
And While creating Public API access key you can choose Referers URL's from which this request should be made but for checking you should try by not adding any URL to it, if it works then go with URL of your site.
You can choose other fields to send with URL which you may need from here.
Happy Coding!!!
You can get this information using the people.get Google+ API call and specifying the userid of the user you want information for. This will include an image.url field which you can use and resize as appropriate.
Since this is public information for a user, you don't need the user to authenticate to access it. You do, however, need an API Key which you will add to the end of the URL used in the API call.
You can get an API Key by going to https://console.developers.google.com/ under the "APIs and auth" section and "Credentials" subsection. You can then click on the button under "Public API Access" that says "Create New Key".
The URL you'll use to get the info will look something like
https://www.googleapis.com/plus/v1/people/1234567890?key=api_key
and you'll get back a JSON object with the profile info.
Update:
Make sure you have also enabled the Google+ API in the developes console. You can get to this through https://console.developers.google.com/, under the "APIs and auth" section and "API" subsection, you can find the "Google+ API" on the list and turn it on.