Im trying to make a Java Application in which a user can login in to his Activer Directory and update his account info like phonenumber or display name, password, etc.
im able to authenticate the user but however i cant seem to find anything on updating the data. can anyone guide me through this?
Thank You.
On work around you can use the Microsoft Graph Rest API to update the user.
Not all properties can be updated by Member or Guest users with their default permissions without Administrator roles. Compare member and guest default permissions to see properties they can manage.
Note: Your personal Microsoft account must be tied to an AAD tenant to update your profile with the User.ReadWrite delegated permission on a personal Microsoft account.
Example : Update properties of the signed-in user
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
User user = new User();
LinkedList<String> businessPhonesList = new LinkedList<String>();
businessPhonesList.add("+1 425 555 0109");
user.businessPhones = businessPhonesList;
user.officeLocation = "18/2111";
graphClient.me()
.buildRequest()
.patch(user);
For more information and examples refer this document:
Related
I am trying to build a client system which fetches the inbox of the user emails in outlook. The requirement is that the system should ask the user to login through Outlook once to authenticate and it should be able to fetch the emails and other actions enables via graph API like reply, forward etc there after without any login prompt. For this I tried using the MS Graph SDK and chose the authorization code flow for the same . I followed the following steps
Requested an authorization code by using the link : https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?client_id=clientId&response_type=code&redirect_uri=http%3A%2%2Flocalhost%2Fmyapp%2F&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read%20api%3A%2F%2F
I have stored this authorization code to the db and used the following snippet for authorization.
final AuthorizationCodeCredential authCodeCredential = new AuthorizationCodeCredentialBuilder()
.clientId("client id")
.clientSecret("client secret")
.authorizationCode("authcode from the db for that user")
.redirectUrl("http://localhost:8080/redirect/url")
.build();
final List<String> scopes = new ArrayList<String>();
scopes.add("Mail.Send");
scopes.add("offline_access");
scopes.add("openid");
final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(scopes, authCodeCredential);
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
MessageCollectionPage messages = graphClient.me()
.messages()
.buildRequest()
.get();
This works the first time the fetched authorization code is fetched by user interaction , but when the same code is reused to avoid user interactions it throws the following
AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.
Does this mean that to make this flow work I have to request my users to login everytime for a single API call via graph client. Is there any way in which we can use the access code got in the AuthorizationCodeCredential and use it with GraphServiceClient to access microsoft Graph APIs using the SDK . Will hugely appreciate any kind of help on this. thank you
I'm trying to add some key-value pairs to custom claims but can't find any function for this. How do you do it on Android?
For example, I am able to set the Display Photo this way:
FirebaseUser user = ...;
UserProfileChangeRequest profileUpdates = new UserProfileChangeRequest.Builder()
.setPhotoUri(Uri.parse(response.body().getPhotoURI()))
.build();
user.updateProfile(profileUpdates).addOnCompleteListener(task -> { ... });
Client SDK its a risk as malicious clients can also modify the data. May be claims can be added in console now which i am not certain. And that might be something that's what your looking for. From Controlling Data Access Using Firebase Auth Custom Claims:
It might sound like a good idea to add all sorts of criteria as custom claims. Perhaps you want to add a home address, additional photo URLs, or a profile description, for example. But this is not what custom claims are designed for. Data like addresses should be stored in a database, since it’s not related to authentication. Tokens are not profiles!
And from Set and validate custom user claims via the Admin SDK:
Custom claims can contain sensitive data, therefore they should only be set from a privileged server environment by the Firebase Admin SDK.
// Set admin privilege on the user corresponding to uid.
Map<String, Object> claims = new HashMap<>();
claims.put("admin", true);
FirebaseAuth.getInstance().setCustomUserClaims(uid, claims);
The new custom claims will propagate to the user's ID token the
next time a new one is issued.
And Using It:
// Verify the ID token first.
FirebaseToken decoded = FirebaseAuth.getInstance().verifyIdToken(idToken);
if (Boolean.TRUE.equals(decoded.getClaims().get("admin"))) {
// Allow access to requested admin resource.
}
OR As Client:
// Lookup the user associated with the specified uid.
UserRecord user = FirebaseAuth.getInstance().getUser(uid);
boolean claim = Boolean.parseBoolean(user.getCustomClaims().get("admin"));
You might want to read this: Firebase Custom Claim Java
It's not possible to set custom claims directly in the client app. That would be considered a security problem. Custom claims is a flexible security mechanism that allows you to grant the user access to backend resources. If users could grant themselves custom claims, then they would be an ineffective method of securing resources.
You should use the Firebase Admin SDK to assign custom claims on a backend you control, and make sure that the claims only are granted for users in the specific situations that you allow - users should not be able to assign themselves custom claims.
I am developing a solution that needs an token to request a rest API. I want in the beginning of my code to popup a window to user and receive an answer with a token.
I am developing an intention at JetBrains MPS that demands permission from the user to do so. I read this on GitHub: https://github.com/AzureAD/azure-activedirectory-library-for-java/
The problem is that I need to input the username and password as a string, not through a Azure site.
I wish my code could look like this
azureADHelper foo = new azureADHelper()
string userType = "admin"
string companyWebName = "https://stackoverflow.com/"
foo.askUserIdentity(userType, companyWebName)
if (foo.permission == true){
string token = foo.getToken()
}
Azure Active Directory provides several libraries for different platform. For java "ADAL4J" library is used.
I hope the below code screenshot will help to address your issue:
You can check the below sample to configure azure ad in java.
https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect
I was trying to use the service account of my app to access to all documents of all users in my domain following this instruction:
https://developers.google.com/drive/delegation
But it didn't work.
Could you please help me out on this??
I tried to follow URL -
http://iambusychangingtheworld.blogspot.co.uk/2013/12/google-drive-api-how-work-with-domain.html
and code -
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(TRANSPORT)
.setJsonFactory(jsonFactory)
.setServiceAccountId("SERVICE_ACCOUNT_EMAIL")
.setServiceAccountPrivateKeyFromP12File(
new java.io.File("SERVICE_ACCOUNT_PKCS12_FILE_PATH"))
.setServiceAccountScopes(scopes)
.setServiceAccountUser("abc#xyz.com").build();
its working fine But should give me details for all the user for this domain... instead it gives me only for one useraccount.. In the Service account doc it says it should be able to access all the users data under this domain.. am I missing something>?
FYI... Scopes are added , APIS are enabled for this account
Is there any way I can get it??
I have also seen below links but was not of -
Not able to access my google drive Files with service account
The service account with domain-wide delegation allows you to access each account's data one at a time.
If you want to access all the users' data in a domain, you will need to generate a different token for each user (passing the email in the setServiceAccountUser() method) and make the API call for each user.
I have a Java Web Application that gets information from the user. Before processing the information I wanted to make sure the email entered by the user belongs to the community.
I was originally going to have a file listing everyone int the community's email address. Upon submit, grab the email and ensure it exists in the master file.
Can anyone recommend how to do this with Google App Engine platform?
Thanks so much!
UserService userService = UserServiceFactory.getUserService();
User user = userService.getCurrentUser();
if (user == null) {
response.sendRedirect( "/login" );
}
out.print( user.getNickname() );
You can obtain the email address from the User class above. The code above checks if a user is already logged into the google account. There is Open authorization protocol that would enable you to see if the visitor is already logged into a site that supports oAuth protocol (like Facebook etc).