How to configure Azure Notification Hub to use APNS token authentication mode? - azure

I am trying to add APNS connection in Azure Notification Hub with Token as authentication mode.
I have searched around but I am not able to find any guides anywhere to make this work.
Maybe someone has a link to a guide showing how to find the information needed?
I tried to create a "APNs Auth Key" in Apple developer console, but that gives me a .p8 file and the token inside that file does not seem to be accepted, so I guess I need to find the token somewhere else.
I hope someone have a link to a guide for setting this up and find the information needed.

Update (Apr 2018): #Krumelur reports in the comments that the blog article is out of date. Check out his suggestion on how to fix it to avoid getting errors.
Update (June 2017): There is now an official Microsoft post about Token-based (HTTP/2) Authentication for APNS.
Original answer (May 2017):
Token Based Authentication and HTTP/2 Example with APNS is a good step by step guide of how to get those values from your Apple Developer Account.
Key ID in Azure Portal is what APNS_KEY_ID is in the sample above
App Name in Azure Portal is your app name
App ID in Azure Portal is what TEAM_ID is in the sample above
Token in Azure Portal is the contents of the file referred to in APNS_AUTH_KEY variable in the sample above
Do not forget to keep track which keys and tokens are sandbox and which are production endpoint ones.

Looks like this is out of date. It is now looking for
Key ID
Bundle ID
Team ID
Token

Everything is described now in the documentation here.

Related

Issue when trying to create a sendgrid account on azure server

I am trying to use sendgrid on azure, but when I am creating the account, it gives me an error saying:
The portal is having issues getting an authentication token. The experience rendered may be degraded.
Additional information from the call to get a token:
Extension: SendGrid_EmailService
Details: code: 500, statusText: error, message: There was an error processing your request. Please try again in a few moments., stack:
It has been giving me this since morning, pretty annoyed. And also it disables two fields, and marks them as loading:
Screenshot of the two fields marked as loading (For a very long time)
Since sendgrid wasnt working I thought I'd try and use SparkPost- The signup was successful, but its been taking hours to deploy.
Then I thought of manually configuring the smtp settings so the host and user and stuff could be sendgrid, but I wasnt able to find a way to do so.
Could someone help me out please! Thanks in advance!!
EDIT: This problem has been solved by the Microsoft Team.
Looks like SendGrid has some technical problems. You should check first SendGrid official support website if this is the issue. I was using SendGrid for a while, but I had to move to another solution. When you are registering SendGrid account via Azure you getting standard SendGrid plan. That means that you are sending your mails through shared SendGrid IPs. This is probably ok for marketing emails, but if you intend to send any transactional emails like password reset, bills etc you will end up eventually with tearing your hair off the head, because shared SendGrid IPs are in most existing spam blacklists out there.
SendGrid app status
I was able to enter to SendGrid using the following steps from Aaryaman Maheshwari in this comment:
Steps from Aaryaman's answer:
Step 1: In order to find ur username for SendGrid, first, go to the
SendGrid resource and then click properties. Now copy the resource id.
Step 2: Now, in the azure online shell, open bash and type the
following command: az resource show --ids [THE COPIED RESOURCE ID]
Make sure to replace [THE COPIED RESOURCE ID] with the resource Id you
copied in step 1
Step 3: In the json string that the terminal outputs, look for the
username property and note that down
Step 4: After you do that you can manually go to sendgrid.com and then
enter the username you just retrieved and then the password which you
used to sign up with.
Thanks Aaryaman Maheshwari
In order to incresase security, Sendgrid has recently requested to enable 2 factors authentication to connect to your account (it started one or two weeks ago).
Since this moment, the "automatic" connection from Azure to Sendgrid stopped to succes, and we have the same 500 error.
Also, "basic authentication" (username / password) will stop to work (starting from 10 decemeber I believe) in your api.
I'm not sure this is the reason, but it happens at the same time ;)
Just to update:
There was bug identified on Azure Portal and our product engineering team have fixed the issue.
Provisioning SendGrid account via https://portal.azure.com/ and managing works as expected.
The alternate https://rc.portal.azure.com/ URL was shared during the impact and is no longer required to be used.
We had a discussion on Q&A thread. Once again apologies for all the inconvenience. Much appreciate the follow-up and great collaboration.

API Keys section missing in Dialogflow settings > General section

I could see API Keys section, when I initially created an agent and I could get the client access token under this and use this in my app successfully. But then, when I updated Dialogflow agent with some more input, it wasn't reflected, when I ran the app.
Then I thought, the client access token could have been updated and checked for API Keys section. To my surprise, this section is completely missing now. Even deleting the agent and recreating a new agent, didn't help. API Keys section is still missing. Please help
API Keys were a feature of v1, which has been shut down.
You should be using Google Cloud service accounts with Dialogflow v2.

Azure account email forgotten

A few months ago I created a Microsoft account for Azure services. I got an API key for an Android app, I updated the app recently and the API key is working fine. The thing is I wanted to check my account and I realized I had forgotten my MS account.
I've tried to check in my other email providers if I received some emails from that account, any password recovery or anything like that, but... nothing. The only thing I have is the API key stored in my app's server.
Is there any way I can recover my account?
Thank you.
That is insufficient to recover the account. You should contact Azure support and give your name and details (KYC) and they will be able to get you back in.

Sign in with Apple under Azure AD B2C

I would like to know if any of you have implemented "Sign in with Apple" under Azure AD B2C Environment.
I did not find clear information about how to implemented (Micrososft and Apple are not talking each other). I found trusted source at GitHub (https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-apple), I followed the instruction, but did not work. Looks like there is some pieces of code missing or Apple/Microsoft/OpenId configuration has changed and this info is not included in the Post. I do not know.
My App was rejected by Apple because I am using additional identity providers (Social Networks) to sign in to my App, so Apple request to make their Identity Provider as an option ("Sign in with Apple").
Guideline 4.8 - Design - Sign in with Apple
We noticed that your app uses a third-party login service but does not offer Sign in with Apple.
Next Steps
To resolve this issue, please revise your app to offer Sign in with Apple as an equivalent login option.
Resources
To learn more, see the Sign in with Apple Overview.
So Far, I follow the instruction/recommendation but i can not make it works.
Today Azure AD only let OpenID as the only identity provider option for Apple.
Problem 1.
If I followed the GitHub Post (above), I got the following error:
Identity Provider Save Error
Cannot save Identity Provider: The issuer 'https://appleid.apple.com' found at the metadata endpoint.
So, I changed the issuer for my App Service Id, then Azure let me Save the provider, but it is not working as expected. (problem reported here: https://github.com/azure-ad-b2c/samples/issues/20)
Problem 2.
With the "new Issuer": My App ask for the AppleId (it looks working step 1), but nothing happens then (it did not create a user in the Azure AD, because nothing came to Azure) the App login remain in the AppleId.apple.com page forever (blank/white page)
Please, I will like to know if any of you has similar situation, and how you solved it.
Many thanks in advance
EDIT:
I found some important information about OpenID and Apple
Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple link
Apple Successfully Implements OpenID Connect with Sign In with Apple, link
'Sign in with Apple' better but not perfect, says OpenID Foundation head, link
Don't understand how Apple can force us to have "sign in with Apple" as an option if it not ready yet!
Updated on original thread as well. The issue is fixed now.
Sign in with Apple guide - the metadata endpoint is already in use by an identity provider

Microsoft Cognitive Services - Computer Vision: Invalid Subscription Key

I'm trying to use the Computer Vision API from Microsoft's Cognitive Services. However, my keys don't seem to be working. I created an account using the free trial of that API and got the two keys from it. Trying to use the key with the ProjectOxford.Vision SDK always yields:
Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.
I tried the API console, however I get the same error with my key in the Ocp-Apim-Subscription-Key field. I tried both keys and neither of them work. I even got the free version of Face API and tried its console, but encountered the same issue with its keys. I even tried different datacenters, but they all seem to return the same error.
This would need to be some problem with the key then right? This can't be a problem with my C# code, since the console doesn't work either. And since it's failing in the API console, there's nothing more I can do to rule out any other possibilities is there? I'm not sure what else I can do to debug this. I'd like to regenerate my keys (I saw a tutorial video which showed an older UI of getting the API keys and they used to have a "regenerate" link) but I don't see a way of doing that anymore.
I only just made the account and registered for the APIs, so there's no way I'd be over quota. Is there something else I need to do to enable these keys or something?
I managed to skirt around the issue of 'Access Denied' by performing the following actions:
I created a free Azure account
I set up an instance of the Cognitive Services Api (this generated a pair of new keys for me to use)
Utilizing the new key, I had to use the following link:
https://westus.api.cognitive.microsoft.com/vision/v1.0/ocr
Instead of
https://westus.api.cognitive.microsoft.com/vision/v1.0/recognizeText
(I obtained this link from the Cognitive Services Test Dashboard).
Look at the request pattern on the test dashboard and you should be able to tell how to use the api.
Even when #Xuan Hu response states correctly to the solution, I scratched my head some time trying to figure out how to change the end point. Here are my 2 cents:
Go to portal.azure.com, in the dashboard of your subscription to the Cognitive Services > General Information > End Point take note of the URL. You need it.
Find in the code of your VisionAPI samples where the VisionServiceClient is instantiated:
VisionServiceClient VisionServiceCliente = new VisionServiceClient(SubscriptionKey);
and change including the URL that you found in Azure:
VisionServiceClient VisionServiceCliente = new VisionServiceClient(SubscriptionKey, StringOfMyURLTakedFromPortal);
That worked for me.
If you are using the free trial keys got from azure.microsoft.com. You need to change the API endpoint region to westcentralus. The previous default region is westus and I think that is the reason of the invalid key problem.
FYI, there is a blog post that covers all of the 401 Access Denied scenarios, including this one regarding the free API keys and region specific API endpoint. Adding it here for folks in the future who find this SO post - https://blogs.msdn.microsoft.com/kwill/2017/05/17/http-401-access-denied-when-calling-azure-cognitive-services-apis/.
Using the incorrect regional endpoint
Most of the Cognitive Services APIs are region specific, which means that during API account creation you select which region you want to create the account in. These APIs have region specific endpoints such as westus.api.cognitive.microsoft.com or eastus2.api.cognitive.microsoft.com, and an API key for an account created in one region will only work using the endpoint for that specific region. This means that if you create an API account in West US you will not be able to call the eastus2.api.cognitive.microsoft.com API endpoint.
You can verify the region and endpoint in the Azure management portal.
Trial API Keys
The free trial API keys have 30 day expiration dates, and the same restrictions for region and version. If you are using the trial keys you can go to https://azure.microsoft.com/en-us/try/cognitive-services/my-apis/ to manage your API keys (if you are not already logged in then just click one of the ‘Create’ buttons and you can go through the wizard to login and see your existing API keys), and you will also see the expiration date and endpoint.
One thing to remember if using Postman to get the results is to use GET and put your keys in the Header.

Resources