I'm trying to use cross client authentication with google-endpoins. In my android client I'm successfully getting the authorization token for my server using:
String plusLogin = Scopes.PLUS_LOGIN;
String mScopes = "oauth2:" + plusLogin;
String token = GoogleAuthUtil.getToken(context, Constants.accountName, mScopes);
then i'm accessing the desired endpoint in an AsyncTask task and passing this token to the server. Now... i have this token on the server side but I do not know what i have to do to decode the user information from int. Basically i'm interested to get the user id and the user email on the server side.
It is true that i'm new to this but I'm struggling for more then 2 weeks.
The Google documentation on this it is only pointing in the direction that you have to follow but with no working examples that you can use as a model to start from.
https://developers.google.com/+/web/signin/server-side-flow
I think you cannot decode any user information from the tokens provided by the Google API server to your App, as these tokens are signed tokens which is sent by the Google API server to your application. It is a onetime token sent by the Google API Server to your application and then your application sending this to your server to get the refresh token from the Google Server.All these tokens are cryptographically signed JWT (Jason Web token) which is signed by Google, si you cannot decode those tokens.
Also, the docs you provided is for Google+ API and they have some sample code for how to implement the feature of onetime code in your project [1].
[1] https://developers.google.com/+/quickstart/
Related
I have no front end. I want users to use my API e.g (postman) with a basic auth header (email:password) and then using this header I can get the users data from firebase.
however I find no method to authenticate the actual user?
<dependency>
<groupId>com.google.firebase</groupId>
<artifactId>firebase-admin</artifactId>
<version>6.11.0</version>
</dependency>
I have correctly connected to DB using
FileInputStream serviceAccount =
new FileInputStream("path/to/serviceAccountKey.json");
FirebaseOptions options = new FirebaseOptions.Builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount))
.setDatabaseUrl("https://DBNAME.firebaseio.com")
.build();
FirebaseApp.initializeApp(options);
I have tried to look into the methods:
FirebaseAuth.getInstance().
FirebaseDatabase.getInstance().
but I see no options to sign in the user from my server...
seems very easy from nodejs server... e.g
firebase.auth().signInWithEmailAndPassword(email, password)
does this method exist in java/ how can I do this in java for server and no client??
The way Firebase Auth generally works is like this. The client app should be signing in to get an ID token, and passing along that token to the backend for each call. The backend should verify the token received from the client with each request using the Firebase Admin SDK.
Typically, client apps will use one of the client SDKs for mobile and web apps. It will manage all the details of authenticating the user, getting a token, and refreshing the token every hour.
If you can't use one of the client SDKs, you will essentially have to write your own, or search the internet to see if someone else has already done it. If you write your own code, you will have to invoke the Firebase Auth REST APIs directly to get and refresh that token. You don't really have any alternatives to this with Firebase Auth - that's the way it was designed.
"Attempting to send an email through Amazon SES by using the AWS SDK for Java...
The email was not sent.
Error message: The security token included in the request is invalid. (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: af51a62a-1fdc-11e8-9ae1-d5b4f9a354b8)"
The statement above is a result from the sample program written in Java, which suppose to send an email using Amazon SES APIs.
Here is the example i found on Github:AmazonSESSample.
I have created account with AWS.
2 I have also obtain my credentials: API_KEY and API_SECRETE
I have place the credentials in aws folder under my user.home
I have set my spending limit and have my service out of the sandbox environment.
I have set my region which is US_WEST_2
In a nutshell i have done everything i got from the documentation.
What is the cause of the 403 error is what i can not explain.
Please any one with help to this issue.
I really appreciate in advance.
SES does not support using IAM User AccessKeys to send email. SES uses Amazon SES SMTP credentials.
Sign in to the AWS Management Console and open the Amazon SES console
at https://console.aws.amazon.com/ses/.
In the navigation pane, choose SMTP Settings.
In the content pane, choose Create My SMTP Credentials.
In the Create User for SMTP dialog box, you will see that an SMTP user
name has been filled in for you. You can accept this suggested user
name or enter a different one. To proceed, choose Create.
Choose Show User SMTP Credentials. Your SMTP credentials will be
displayed on the screen; copy them and store them in a safe place. You
can also choose Download Credentials to download a file that contains
your credentials.
Here is a link to a document that explains the different type of credentials and how they are used with SES.
Using Credentials With Amazon SES
Here is a link to obtaining credentials:
Obtaining Your Amazon SES SMTP Credentials
I tried connecting to Google cloud IOT MQTT Brocker. I am getting Not authorized to connect (5) as Exception in Java client.
The device_id and other details are correct.The public key set for the device in the cloud iot.
using the example code for the below repo.
https://github.com/GoogleCloudPlatform/java-docs-samples/tree/master/iot/api-client/mqtt_example
Another point to look at is the configured GCP IoT Core cloud region.
Had similar problem with this. I configured GCP IoT Core cloud region as "asia-east1" while on the client application side, its default cloud region is "us-central1".
If the cloud region is not configured correctly, the python/NodeJS IoT Core examples (mqtt, http, end2end) would return errors such as
Creating JWT using RS256 from private key file rsa_private.pem
Publishing message 1/100: 'test/test_1-payload-1'
('on_connect', 'Connection Refused: not authorised.')
('on_disconnect', '5: The connection was refused.')
To solve this, just pass the correct cloud region parameter to the command --cloud_region=asia-east1
Example:
python cloudiot_mqtt_example.py --project_id=project_id --registry_id=registry_id --device_id=device_id --private_key_file=rsa_private.pem --algorithm=RS256 --cloud_region=asia-east1
Couple things to check:
1) Are you sure the format of the SSL key matches what you registered? RS256 vs. RS256 with X509, etc?
2) Did you setup the TLS on the mqtt client and grab the Google root certificate?
2a) >=TLS 1.2?
3) Verify the JWT has the correct 'aud' value (project-id, not project-name), and that it's got a proper issue and expiry time?
So this is kind of puzzling. I have an iOS app that uses Facebook login. the app gets a user token and sends that token to the server, where I'm using restfb with that token like so:
FacebookClient facebookClient = new DefaultFacebookClient(facebook_token, Version.VERSION_2_3);
com.restfb.types.User fbuser = facebookClient.fetchObject("me", com.restfb.types.User.class, Parameter.with("fields", "email,first_name,last_name,picture.type(large),about,hometown,languages"));
This works fine in dev server but in production server it gets stuck at that first line. Nothing logs after that.
On iOS, the only line that changes from dev to prod is the api URL string.
I was testing the following scenario. Sign in with GitKit and use Facebook as the provider.
All works well, but and the token cookie contains a.o.: "provider_id":"facebook.com","verified":false
Note that verified is false, albeit Facebook emails are verified by Facebook. I understand if GitKit might not want to hard code this assumption, but..
If we then send the user a verification email from our server using getEmailVerificationLink(gitkitUser.getEmail()) again all goes well.
(link is .../signin.html?mode=verifyEmail&oobCode=sFKXzFsKQ4ckr4A-HtofNPkRq_A&apb.cs=1)
The user sees "Success! Your email address has been verified."
But when then redirected to our server the token cookie still says "verified:false"!
My question is if this is the expected behavior?
Because if it is then I don't get it and I would very much appreciate some clarification.
Note, if I sign in with a simple password account, then the token cookie does give "verified:true" after the user followed the getEmailVerificationLink().
It sounds like a bug for social login account. The verified flag should be true after the verification. I will update here once we confirm the root cause.