I want to realize a simple login via facebook on my website. I used SocialAuth for that and it is working pretty fine. But if i login via facebook, the facebook app needs the confirmation for a lot of access rights like, posting to the wall and so on.
I don't need this rights. Can i somehow define, which rights are requested (basically i need none - just the login). This is my code:
//Create an instance of SocialAuthConfgi object
SocialAuthConfig config = SocialAuthConfig.getDefault();
//load configuration. By default load the configuration from oauth_consumer.properties.
//You can also pass input stream, properties object or properties file name.
config.load();
//Create an instance of SocialAuthManager and set config
SocialAuthManager manager = new SocialAuthManager();
manager.setSocialAuthConfig(config);
//URL of YOUR application which will be called after authentication
String successUrl = "http://opensource.brickred.com/socialauthdemo/socialAuthSuccessAction.do";
// get Provider URL to which you should redirect for authentication.
// id can have values "facebook", "twitter", "yahoo" etc. or the OpenID URL
String url = manager.getAuthenticationUrl(id, successUrl);
// Store in session
session.setAttribute("authManager", manager);
My config looks something like this. Can i define this here in some way?
#facebook
graph.facebook.com.consumer_key = 152190004803645
graph.facebook.com.consumer_secret = 64c94bd02180b0ade85889b44b2ba7c4
graph.facebook.com.secure = true
graph.facebook.com.request_token_url = /oauth/access_token
graph.facebook.com.authorization_url = /oauth/authorize
graph.facebook.com.access_token_url = /me
graph.facebook.com.signature_method = HMAC-SHA1
graph.facebook.com.transport_name = GET
You can add custom permission like this.
graph.facebook.com.consumer_key = 152190004803645
graph.facebook.com.consumer_secret = 64c94bd02180b0ade85889b44b2ba7c4
graph.facebook.com.custom_permission = email,user_birthday,user_location
No need to set other properties. But if you want to set other properties, then only you can set request_token_url (for OAuth1.0), authentication_url and access_token_url. This feature is available from socialauth-4.2
graph.facebook.com.authentication_url
graph.facebook.com.access_token_url
Related
Using Microsoft Graph APIs I'm able to create an AAD SAML SSO application (a non-gallery application) but I notice Identifier (Entity ID) value is not getting populated in the AAD portal on the Edit popup screen, and interestingly the value is showing outside (under the "Basic SAML Configuration") (screenshot added).
When I test this SAML configuration with my some Service provider tool, SSO fails and I had to come back to AAD portal and update this Entity ID value manually in the Edit screen, then SSO works. So I kind of notice it's because of the Entity ID is getting updated inconsistently.
Programmatically my code looks as below, Please help with any inputs if I'm missing something to get this Entity Id value updated consistently.
// Create Application
Application app = new Application();
app.displayName = "TestName";
app.identifierUris = Arrays.asList("some uri");
app.web = new WebApplication();
app.web.redirectUris = Arrays.asList("https://testredirect.com");
Application registeredApp = graphServiceClient.applications()
.buildRequest()
.post(app);
// Create Service principal
ServicePrincipal sp = new ServicePrincipal();
sp.appId = registeredApp.appId;
sp.preferredSingleSignOnMode = "saml";
sp.tags = Arrays.asList("WindowsAzureActiveDirectoryCustomSingleSignOnApplication", "WindowsAzureActiveDirectoryIntegratedApp");
ServicePrincipal createdServicePrincipal = graphServiceClient.servicePrincipals()
.buildRequest()
.post(sp);
AAD portal screenshot
I am trying to retrieve User's profile having a valid token. I am able to get the profile with all the info, but with no profile URL
Tried both
User user = twitter.users().showUser(twitter.getId());
and
User user = twitter.verifyCredentials();
Both requests work fine but return null when I call
user.getURL()
What can be a problem? Profile URL seems to be public information, I don't think am supposed to set any specific parameters or obtain permissions, provided I already have the token.
My Twitter4J version is 4.0.6
I think user.getURL() does not return what you think.
According to documentation user.getURL() returns the URL that users provide in their profile. Not the URL of the user account.
You can check this documentation's URL section for more info: https://developer.twitter.com/en/docs/twitter-api/v1/data-dictionary/object-model/user
If you need to generate an URL for the user profile you can try something like this:
User user = twitter.users().showUser(twitter.getId());
String profileURL = "https://twitter.com/" + user.getScreenName()
I'm trying to add some key-value pairs to custom claims but can't find any function for this. How do you do it on Android?
For example, I am able to set the Display Photo this way:
FirebaseUser user = ...;
UserProfileChangeRequest profileUpdates = new UserProfileChangeRequest.Builder()
.setPhotoUri(Uri.parse(response.body().getPhotoURI()))
.build();
user.updateProfile(profileUpdates).addOnCompleteListener(task -> { ... });
Client SDK its a risk as malicious clients can also modify the data. May be claims can be added in console now which i am not certain. And that might be something that's what your looking for. From Controlling Data Access Using Firebase Auth Custom Claims:
It might sound like a good idea to add all sorts of criteria as custom claims. Perhaps you want to add a home address, additional photo URLs, or a profile description, for example. But this is not what custom claims are designed for. Data like addresses should be stored in a database, since it’s not related to authentication. Tokens are not profiles!
And from Set and validate custom user claims via the Admin SDK:
Custom claims can contain sensitive data, therefore they should only be set from a privileged server environment by the Firebase Admin SDK.
// Set admin privilege on the user corresponding to uid.
Map<String, Object> claims = new HashMap<>();
claims.put("admin", true);
FirebaseAuth.getInstance().setCustomUserClaims(uid, claims);
The new custom claims will propagate to the user's ID token the
next time a new one is issued.
And Using It:
// Verify the ID token first.
FirebaseToken decoded = FirebaseAuth.getInstance().verifyIdToken(idToken);
if (Boolean.TRUE.equals(decoded.getClaims().get("admin"))) {
// Allow access to requested admin resource.
}
OR As Client:
// Lookup the user associated with the specified uid.
UserRecord user = FirebaseAuth.getInstance().getUser(uid);
boolean claim = Boolean.parseBoolean(user.getCustomClaims().get("admin"));
You might want to read this: Firebase Custom Claim Java
It's not possible to set custom claims directly in the client app. That would be considered a security problem. Custom claims is a flexible security mechanism that allows you to grant the user access to backend resources. If users could grant themselves custom claims, then they would be an ineffective method of securing resources.
You should use the Firebase Admin SDK to assign custom claims on a backend you control, and make sure that the claims only are granted for users in the specific situations that you allow - users should not be able to assign themselves custom claims.
In Azure portal I have registered an App of type 'Native'. In Java I was able to get the access token using this API call
POST https://login.windows.net/common/oauth2/token
Request Params
client_id: appId on azure portal
grant_type: "password" this is hardcorded
resource: "https://analysis.windows.net/powerbi/api"
username: email
password: password of the email
This gives me an accessToken and a refreshToken. I can use this accessToken to call any of the Power BI API. Like get all reports, clone reports, create datasets etc.
Now I want to embed a report to my web page and I use this API using jquery
function embedPBIReport(txtAccessToken, embedUrl, embedReportId, mode) {
// Read embed URL from textbox
var txtEmbedUrl = embedUrl;
// Read report Id from textbox
var txtEmbedReportId = embedReportId;
// Get models. models contains enums that can be used.
var models = window['powerbi-client'].models;
// We give All permissions to demonstrate switching between View and Edit mode and saving report.
var permissions = mode == 1 ? models.Permissions.Read : models.Permissions.ReadWrite ;
var viewMode = mode == 1 ? models.ViewMode.View : models.ViewMode.Edit;
// Embed configuration used to describe the what and how to embed.
// This object is used when calling powerbi.embed.
// This also includes settings and options such as filters.
// You can find more information at https://github.com/Microsoft/PowerBI-JavaScript/wiki/Embed-Configuration-Details.
var config = {
type: 'report',
tokenType: models.TokenType.Embed,
accessToken: txtAccessToken,
embedUrl: txtEmbedUrl,
id: txtEmbedReportId,
permissions: permissions,
viewMode: viewMode,
settings: {
filterPaneEnabled: false,
navContentPaneEnabled: true
}
};
// Get a reference to the embedded report HTML element
var embedContainer = $('#reportContainer');
// Embed the report and display it within the div container. --> -->
var report = embedContainer.powerbi(config);
}
When I initiate embed on web page, it creates an Iframe and shows Power BI icon as loader and then throws this error
{"message":"LoadReportFailed","detailedMessage":"Get report failed","errorCode":"403","level":6,"technicalDetails":{"requestId":"f62b4819-7cd0-1c6d-1af0-a89050881a8a"}}
I have googled this issue and people are saying 403 is caused when authentication process is not correct. What am I doing wrong here?
It looks you are trying to embed the report specifying wrong token type. In your code token type is set to Embed:
tokenType: models.TokenType.Embed
While you never mention that such is generated (using GenerateTokenInGroup for example). So you are probably using the token acquired during initial authentication. If you want to use it, you should change token type to be Aad:
tokenType: models.TokenType.Aad
The difference is that Azure AD token gives access to user’s data, reports, dashboards and tiles, while embed token is specific to the embedded item. Also the embed token has shorter live (~5 minutes) than AAD token (~1 hour).
I am running the official SDK Junit codes, and it works fine. But when I change the account info into mine, exception occur.
Debug says it return http status of 400 when posting to endpoint "/oauth/token",
I have save my private key generated in docusign admin page, into "docusign_private_key.txt"
ApiClient apiClient = new ApiClient (BaseUrl);
//String currentDir = System.getProperty("user.dir");
try
{
// IMPORTANT NOTE:
// the first time you ask for a JWT access token, you should grant access by making the following call
// get DocuSign OAuth authorization url:
//String oauthLoginUrl = apiClient.getJWTUri(IntegratorKey, RedirectURI, OAuthBaseUrl);
// open DocuSign OAuth authorization url in the browser, login and grant access
//Desktop.getDesktop().browse(URI.create(oauthLoginUrl));
// END OF NOTE
byte[] privateKeyBytes = null;
try
{
privateKeyBytes = Files.readAllBytes (Paths.get (privateKeyFullPath) );
}
catch (IOException ioExcp)
{
Assert.assertEquals (null, ioExcp);
}
if (privateKeyBytes == null)
{
return;
}
java.util.List<String> scopes = new ArrayList<String>();
scopes.add (OAuth.Scope_SIGNATURE);
scopes.add (OAuth.Scope_IMPERSONATION);
OAuth.OAuthToken oAuthToken = apiClient.requestJWTUserToken (IntegratorKey, UserId, scopes, privateKeyBytes, 3600);
}
Problem solved.
The SDK JUnit code defines a parameter called "UserId", it should be filled by "API Username" , not "API Account ID" from Admin page.
Thanks for all you kind people.
Per the note in the comments, you need to grant one-time user consent per key for your app to use it, have you done that? If you have Organizations enabled (which is an enterprise feature) then you can do it across the entire account, otherwise you'll need to grant consent manually on a one-by-one (ie user by user) basis.
If granting consent manually (which is what most integrations do) you need to configure your Integrator Key with the Redirect URI you will be passing through code, then redirect your user to the following URL in a web browser (the "-d" part of the URL means this would be for the demo environment):
https://account-d.docusign.com/oauth/auth?
response_type=YOUR_RESPONSE_TYPE
&scope=open_id
&client_id=YOUR_INTEGRATOR_KEY
&state=YOUR_CUSTOM_STATE
&redirect_uri=YOUR_REDIRECT_URI
&admin_consent_scope=YOUR_REQUESTED_SCOPES
If done correctly the user will be taken to the standard DocuSign login page. After successful login they can explicitly grant consent to your app and will then be re-directed back to your app through the Redirect URI param you configured.
Here is a guide that explains how to obtain consent using either method:
https://developers.docusign.com/esign-rest-api/guides/authentication/obtaining-consent