I was testing the following scenario. Sign in with GitKit and use Facebook as the provider.
All works well, but and the token cookie contains a.o.: "provider_id":"facebook.com","verified":false
Note that verified is false, albeit Facebook emails are verified by Facebook. I understand if GitKit might not want to hard code this assumption, but..
If we then send the user a verification email from our server using getEmailVerificationLink(gitkitUser.getEmail()) again all goes well.
(link is .../signin.html?mode=verifyEmail&oobCode=sFKXzFsKQ4ckr4A-HtofNPkRq_A&apb.cs=1)
The user sees "Success! Your email address has been verified."
But when then redirected to our server the token cookie still says "verified:false"!
My question is if this is the expected behavior?
Because if it is then I don't get it and I would very much appreciate some clarification.
Note, if I sign in with a simple password account, then the token cookie does give "verified:true" after the user followed the getEmailVerificationLink().
It sounds like a bug for social login account. The verified flag should be true after the verification. I will update here once we confirm the root cause.
Related
java.lang.RuntimeException: javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/?p=BadCredentials v7-20020a4a8607000000b0041bdf977c6dsm58061ooh.31 - gsmtp
I am receiving this error when attempting to use javax.mail API to send emails over my GMail account. I attempted to check my settings to verify it allows less secure apps to use my GMail account but the Google website says
To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Does anyone know where I can find a current guide on how to build hooks to send/receive mail messages with my GMail account that gets around these new requirements?
Access the page with your Gmail/Google Account -> https://myaccount.google.com/security
In the Signing in to Google section, enable the 2-Step Verification
After enabling 2-Step Verification, return to Signing in to Google section
Click on App passwords
Select app as Mail and select device as Other - choose a name
Done! Copy the password and use it with the username account
I'm trying to use cross client authentication with google-endpoins. In my android client I'm successfully getting the authorization token for my server using:
String plusLogin = Scopes.PLUS_LOGIN;
String mScopes = "oauth2:" + plusLogin;
String token = GoogleAuthUtil.getToken(context, Constants.accountName, mScopes);
then i'm accessing the desired endpoint in an AsyncTask task and passing this token to the server. Now... i have this token on the server side but I do not know what i have to do to decode the user information from int. Basically i'm interested to get the user id and the user email on the server side.
It is true that i'm new to this but I'm struggling for more then 2 weeks.
The Google documentation on this it is only pointing in the direction that you have to follow but with no working examples that you can use as a model to start from.
https://developers.google.com/+/web/signin/server-side-flow
I think you cannot decode any user information from the tokens provided by the Google API server to your App, as these tokens are signed tokens which is sent by the Google API server to your application. It is a onetime token sent by the Google API Server to your application and then your application sending this to your server to get the refresh token from the Google Server.All these tokens are cryptographically signed JWT (Jason Web token) which is signed by Google, si you cannot decode those tokens.
Also, the docs you provided is for Google+ API and they have some sample code for how to implement the feature of onetime code in your project [1].
[1] https://developers.google.com/+/quickstart/
As far as I can determine I have followed the steps as detailed at https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0200_DevKits_for_Intuit_Partner_Platform/Sample_Apps/Java_Sample_App_for_AggCat_Services/0010_Creating_the_App for running the java demo application.
After enabling the logs, I see following entries in the log output
DEBUG: com.intuit.aggcat.logger - Response code=401
DEBUG: com.intuit.aggcat.logger - OAuth access tokens = null
DEBUG: com.intuit.aggcat.logger - Could not get oAuth tokens: null
So I think server thinks I don't have permissions, however intuit developer website shows I have test access permissions for Customer Account Data API. Can someone please let me know what I am doing wrong.
By the way I think documentation at above link is cut off. Very Last statement says "run as" but does not say run as what
I would recommend that you try using the API explorer (developer.intuit.com/apiexplorer) with the same set of keys to verify that the keys and cert used are correct. If you are able to retrieve the tokens through the API Explorer, then you should be able to do the same through the Java sample app.
You should login to the sample app with the username "user"
I have a (java) web-application, and i have enabled NTLM Authentication.
When the logon prompt is presented by the browser in our (windows) intranet environment.
The behavior i see is:
NTLM prompt does not seem to be doing any authentication at all, i am able to type any random string in userid prompt and it allows the user to proceed into the application. The prompt never fails the user.
So, what do i need to check at the server end to find if authentication succeeded or not?
The idea behind NTLM auth is that the logged on user can proceed with connection without explicitly entering his username and password again. So whatever your application asks you is irrelevant (as you can see it yourself) and instead your system credentials are used.
NTLM authentication has been broken for a number of years -- NTLM 2 shipped with NT 4, so hopefully people have moved on by now. If you want to use Active Directory login information, you should use Kerberos instead.
i'm trying to make an application with the Keberos protocol and the GSS-API in Java, and i've already made the authentication and the context establishement before calling the doAsPrivileged method.
In this method I get the mutual authentication sending a simple token from the client to the server, but after that i want to make some other things.
I want to open a new window with a table of products to let the client select them and buy something and that was connected to a database in the server.
my question is about how can a i use this context in other frames that are diferent from the original doAsPrivileged action class.
i get an error GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) and i don't know how can i find this TGT to send it more than one time to the server.
thank you.
I ran into a similar issue as well.
Your code fails because Java tries to use GSSAPI with the default login config name. Which is com.sun.security.jgss.initiate. To perform a GSS call for someone else or with another login conf name you have to use the LoginContext, obtain the subject and then do a doAs. As far as I can see, every action involving ticket exchange has to be done in a PrivilegedAction if you don't stick to the defaults. That's why our stuff's failing :-(