I need some help. When I click the "I agree" button on the "Grant Application Access Page" it returns to the predefined return url just fine which is https://localhost/app/return.
My problem is the query string that eBay sends to that return url
?ebaytkn=&tknexp=1970-01-01+00%3A00%3A00&username=testuser_USERNAME
The parameter ebaytkn is completely empty and I cannot understand whats causing this issue at all.
Someone help.
Thanks,
Grady
If your eBay token return method is FetchToken (the recommended method), then this shouldn't matter. When you get to your accept page all you have to do is make a FetchToken call with the same Session Id that you used to generate the url. This is all documented in the eBay dev docs here.
Related
Recently found some weird case when trying to use mgt people picker to search my tenancy Azure AD user with below tag.
<mgt-people-picker type="any" transitive-search="true"></mgt-people-picker>
Following is summary of info used:
a) Single tenant, does not allowed personal Microsoft account.
b) All API permission requires are granted in application and in app registration.
"User.Read",
"User.ReadBasic.All",
"People.Read",
"People.Read.All",
"Contacts.Read",
"Directory.Read.All",
"User.Read.All",
"Member.Read.Hidden",
"Domain.Read.All",
"User.ReadWrite.All",
"APIConnectors.Read.All"
c) admin consent is given.
d) I'm using api/proxy to connect.
Somehow, I only can found some of the users, some of the users was not found. From mgt people picker UI, i just enter three to four character or full email address to search it but the return result is not correct. And i found that when it return incorrect result it have error on retrieving photo values. Sample error as below
I have tried to use Graph Explorer to test it. Apparently, it is also cannot return the correct result match. But only using following query test, it is able to return the correct user to me. but when using mgt people picker, it cannot. Any advise are much appreciated. I'm just guessing it is something related to Azure AD user profile settings or it is something related to my application configuration or something else. Hope can some clues for me to resolve this issue. For your information, I have all admin rights to access all resources in my organization Azure environment. If there is information that I have missing, please do let me know, I will edit the post to include it.
https://graph.microsoft.com/v1.0/users/<email address>
Test result by using Graph Explorer as reference, which only return partial only (majority not return):
In order to fix this issue that /me/people endpoint does not able to show relevant search result. I have did following code changes in my api/proxy to intercepting the process before sending the request to MS Graph as below. This maybe is a workaround to make it works. In future, if there is better option, I will make a change on it.
Hope this can help someone who faced the same issue as I'm.
var url = $"{GetBaseUrlWithoutVersion(_graphClient)}/{all}{qs.ToUriComponent()}";
if(url.StartsWith("https://graph.microsoft.com/v1.0/me/people?$search="))
{
string url2 = #"https://graph.microsoft.com/v1.0/users?$count=true&$filter=startsWith(displayname,%27{0}%27) or startsWith(userPrincipalName,%27{1}%27)";
Uri searchUri = new Uri(url);
string paramSearch = HttpUtility.ParseQueryString(searchUri.Query).Get("$search").Replace('"', ' ').Trim();
//we do not want to search for any email address, just for custom search only
if(!string.IsNullOrEmpty(paramSearch) && !paramSearch.Contains("#xxx"))
{
url = string.Format(url2, paramSearch, paramSearch);
}
}
I've been having this issue for a while now. I'm trying to add a Sign in through Steam button, which upon login, not only retrieves the user's ID, but also validates the signature. Steam uses OpenID 2.0.
I have followed the documentation here. I have followed these steps carefully, spending the better part of my day on trying to figure this out. My code is this:
let s = data['openid.signed'].split(',');
let x = Buffer.from(s.map(x => `${x}:${data['openid.' + x]}`).join('\n') + '\n', 'utf8');
let c = crypto.createHash('sha1').update(x).digest('base64');
console.log(x.toString('utf8')); // This is the key:value string
console.log(c); // This is the final result; the generated signature
Where data is the response given from the OpenID provider.
Logging x (key:value pair string) gives the expected output of:
signed:signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
op_endpoint:https://steamcommunity.com/openid/login
claimed_id:https://steamcommunity.com/openid/id/765611981[1234567]
identity:https://steamcommunity.com/openid/id/765611981[1234567]
return_to:http://127.0.0.1:8000/resolve
response_nonce:2018-12-01T17:53: [some_hash]=
assoc_handle:1234567890
However, my generated hash c does not match the given signature, openid.sig. Note that I use a \n at the end of the above key:value pair string, as that is how I interpreted the documentation.
Note. The reason why I need authentication is that I want to connect the Steam account to an account on my website, and being logged in via Steam gives you full access to your account on my website, meaning that it's of utter importance that a user cannot simply enter another users id and get access to their account (replay attack). Because of this, I need to somehow validate the signature.
I have never worked with OpenID before, so please excuse any foolish mistakes of mine. I highly recommend reading the documentation that is linked above, so that you can verify what I am doing is right.
Kinds regards,
Initial Request
Make your Steam login button link to
https://steamcommunity.com/openid/login?openid.ns=http://specs.openid.net/auth/2.0&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.return_to=https://mywebsite.com&openid.realm=https://mywebsite.com&openid.mode=checkid_setup
and replace the openid.return_to and openid.realm query string parameters.
openid.return_to: This is the URL that Steam will redirect to upon successful login with appended query string parameters.
openid.realm The URL Steam will ask the user to trust. It will appear as a message like this when the user is on the Steam login page: Sign into {openid.realm} using your Steam account. Note that {openid.realm} is not affiliated with Steam or Valve.
Handling the response
Upon successful login, Steam will redirect to a URL like
https://mywebsite.com/?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=id_res&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=https://steamcommunity.com/openid/id/76561198002516729&openid.identity=https://steamcommunity.com/openid/id/76561198002516729&openid.return_to=https:/%mywebsite.com&openid.response_nonce=2020-08-27T04:44:16Zs4DPZce8qc+iPCe8JgQKB0BiIDI=&openid.assoc_handle=1234567890&openid.signed=signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle&openid.sig=W0u5DRbtHE1GG0ZKXjerUZDUGmc=
To verify the user, make a call from your backend to https://steamcommunity.com/openid/login copying every query string parameter from that response with one exception: replace &openid.mode=id_res with &openid.mode=check_authentication. So the final call will be to this URL:
https://steamcommunity.com/openid/login?openid.ns=http://specs.openid.net/auth/2.0&openid.mode=check_authentication&openid.op_endpoint=https://steamcommunity.com/openid/login&openid.claimed_id=https://steamcommunity.com/openid/id/76561198002516729&openid.identity=https://steamcommunity.com/openid/id/76561198002516729&openid.return_to=https://mywebsite.com&openid.response_nonce=2020-08-28T04:44:16Zs4DPZce8qc+iPCe8JgQKB0BiIDI=&openid.assoc_handle=1234567890&openid.signed=signed,op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle&openid.sig=W0u5DRbtHE1GG0ZKXjerUZDUGmc=
Steam will return a text/plain response like this:
ns:http://specs.openid.net/auth/2.0
is_valid:true
If true the user is valid, false invalid. Note this call will only return true once and subsequent calls with the same parameters will always return false. From here, you can decide how to maintain the user being logged in (such as creating a unique cookie) and return a redirect response to something like your site's homepage, last page before they clicked the Steam login button, or user detail page, etc...
I want to implement the Google Drive API to my web application using NodeJS and I'm struggling when I try to get a token via OAuth.
I've copied the code from this guide and run the script using Node and it returns an error in this line:
var redirectUrl = credentials.installed.redirect_uris[0];
Googling around I found that I can set that variable as http://localhost:8080 and set the same value in the Authorized redirect URIs configuration in the Google Developers Console and that error goes away, fine, it works. Now it asks for a code that I should get by using an URL.
https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&response_type=code&client_id=CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8080
Then I've added the client id and enter to that URL with Chrome and then returns a connection refused error. No clue what to do in here, I searched about my problem and I can't found an answer. By looking at the direction bar in Chrome I see that there's a parameter called code and after it, there's random numbers and letters. Like this:
http://localhost:8080/?code=#/r6ntY87F8DAfhsdfadf78F7D765lJu_Vk-5qhc#
If I add any of these values it returns this error...
Error while trying to retrieve access token { [Error: invalid_request] code: 400 }
Any ideas on what should I do? Thanks.
Did you follow all the directions on the page you indicated, including all of those in Step 1 where you create the credentials in the console and download the JSON for it? There are a few things to note about creating those credentials and the JSON that you get from it:
The steps they give are a little different from what I went through. They're essentially correct, but the "Go to credentials" didn't put me on the page that has the "OAuth Consent Screen" and "Credentials" tabs on the top. I had to click on the "Credentials" left navigation for the project first.
Similarly, on the "Credentials" page, my button was labeled "Create Credentials", not "Add Credentials". But it was a blue button on the top of the page either way.
It is very important that you select "OAuth Client ID" and then Application Type of "Other". This will let you create an OAuth token that runs through an application and not through a server.
Take a look at the client_secret.json file it tells you to download. In there, you should see an entry that looks something like "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"] which is the JSON entry that the line you reported having problems with was looking for.
That "urn:ietf:wg:oauth:2.0:oob" is a magic string that says that you're not going to redirect anywhere as part of the auth stage in your browser, but instead you're going to get back a code on the page that you will enter into the application.
I suspect that the "connection refused" error you're talking about is that you used "http://localhost:8080/" for that value, so it was trying to redirect your browser to an application running on localhost... and I suspect you didn't have anything running there.
The application will prompt you to enter the code, will convert the code into the tokens it needs, and then save the tokens for future use. See the getNewToken() function in the sample code for where and how it does all this.
You need to use this code to exchange for a token. I'm not sure with nodejs how to go about this but in PHP I would post the details to the token exchange url. In javascript you post array would look similar to this ....
var query = {'code': 'the code sent',
'client_id': 'your client id',
'client_secret': 'your client secret',
'redirect_uri': 'your redirect',
'grant_type': 'code' };
Hope this helps
Change redirect uri from http://localhost:8080 to https://localhost:8080.
For this add SSL certificates to your server.
I have spent few hours on signing in to web site by using jsoup. But it always gives same login page. To clarify the issue I tried with facebook site. It also gives same result.
Below I mentioned my code
String url ="http://www.facebook.com/";
Document doc;
doc = Jsoup.connect(url)
.data("email","abc#gmail.com","pass","xyz")
.userAgent("Mozilla").post();
System.out.println(doc);
can anybody point me where I made a mistake and how can i fix this issue?
In data portion "email" and "pass" are input field id of facebook login page.
Thank you.
Try this:
String url ="http://www.facebook.com/";
Document doc;
doc = Jsoup.connect(url)
.data("email","abc#gmail.com")
.data("pass","xyz")
.userAgent("Mozilla")
.post();
Anyway, Jsoup is not bad at all, you only need how to use it properly, but also you need to keep in mind that Facebook is expecting a lot more parameters to make a successfull login via POST emulating a web page navigation.
By example:
charset_test
default_persistent
lgnjs
lgnrnd
locale
lsd
pass
persistent
timezone
If you need to authenticate and get proper data I suggest that you must give a try to a Facebook SDK for Android:
https://github.com/facebook/facebook-android-sdk/
I am trying to create an html object dynamically with the necessary header information depending on the query string in the link I provide to Facebook. I am hoping that Facebook open graph will call this html link as I provided. However it seems that query string info are not getting passed to my server. Do anyone know how to make this work or what is the more appropriate way to do this. BTW, I am writing my code in Node.js.
To get more info about Facebook open graph api, look here, https://developers.facebook.com/docs/beta/opengraph/actions/.
For example, the link I am trying to pass to Facebook is, "http://xxx-url.com/getFacebookObject?objectId=&description=first dynamic post", so I sent a request with the link as, "https://graph.facebook.com/me/app-name:action-name?object=http://xxx-url.com/getFacebookObject?objectId=&description=first dynamic post". However, when I check the log on the server, I don't see anything in the query string.
Instead of using the query string, you can embed the data in the URL:
http://some-domain.com/getFacebookObject/id/description
Then, depending on what node.js packages you're using, extract the data from the request:
// expess.js style
app.get("/getFacebookObject/:id/:description", function(req, res) {
var id = req.params.id,
desc = req.params.description;
// your code...
});
(See http://expressjs.com/guide.html.)
Sorry, Facebook will strip off all query string information from the URL when they launch your site in the iframe. If it was a page tab app, then you could add it to the app_data query string parameters which in turn gets passed to your iframe's page tab app via the app_data part of the signed_request parameter.