Trying to use Akeneo Apps https://apps.akeneo.com/how-build-app-akeneo-pim .
It's more-less clear how access token generated - as response to user in akeneo portal clicks on the connected app. but how to use Akeneo Apps for background product catalog sync between my app and Akeneo? with connector I'd just generate access token based on client id/secret stored in config, but here I need Akeneo portal to pass control to my app... How I can call Akeneo API few days after that?
Tried to see if refresh token can help but 1) it's not returned in https://api.akeneo.com/apps/authentication-and-authorization.html#step-3-get-a-permanent-access-token and 2) even if returned what if because of app downtime I miss the renewal checkpoint and the token gets expired? would need to ask user to login to akeneo
As indicated in https://api.akeneo.com/apps/authentication-and-authorization.html#token-success-response
An Access Token given to an App has no expiration date.
Basically, when an user install your application in his Akeneo PIM, your app will receive an access token that does not expire.
Store it somewhere like your database, and then reuse it anytime you want, even days later.
No need for a refresh token.
The Access Token that you will have stored will continue working until a Akeneo PIM user decides to revoke your app.
Related
I am developing one react application to show power bi reports on one of my app pages.
i am using 'powerbi-client-react' npm client to include the report by giving the report URL. But previously I was using my dev account to see the embedded powerbi. But once i go for live testing, the clients can't see their reports because I was using accessTokenKey from my dev account statically.
Now I wanted it to work for all of my customers with their login and show their reports inside my app.
What i need to do to implement the autorization to show powerbi report?
What i need to do to implement the autorization to show powerbi report?
For using embed power Bi for your customers or for your organization you can use either Azure AD token or Embed token.
In rest api you need to have Azure AD token. which will expire for every hour.
For the customers Azure AD token is used to generate Embed token.
While using Embed Tokens you need to specify which content can the customer access and also their access level.
Here are the authentication flows for embed token generation for customers.
Below image represents the authentication flows of Embed token for your customers.
Refer this Microsoft Document for complete information regarding Embed Token for customers.
https://learn.microsoft.com/en-us/power-bi/developer/embedded/embed-tokens?tabs=embed-for-customers#embed-token
I am using msgraph-training-reactspa sdk from Microsoft which uses MSAL for authentication. It does not return any refresh token. It has acquireTokenSilent method which gets new access token.
As per our requirement I want to get user access token along with refresh token so that I can later get new access token with refresh token and use microsoft graph api in CRON to update data.
How can we login user to microsoft via react app and get the refresh token so that I can save it in my DB?
Can I get any sample reference?
To get the refresh token (which is probably useless in your scenario anyway), you need to ask for the offline_access scope in your app manifest (or in the auth request), user has to agree to that, and then the refresh token is included by the azure ad.
But what you really want is probably sol-called "app-permissions" to be able to do stuff without the user present at all using CRON or whatever (and not a refresh token). I.e. for delegated permissions, you need a user under whose account the thing will be executed anyway (and even the refresh token will expire, and then you'll have to ask for login). The sample you are referring to is using delegated permissions. Check out the difference here: Azure AD App Application Permissions vs Delegated Permissions
I'm currently developing an application which consists of a frontend SPA which makes request to a Node backend. The Node backend makes requests to MS Graph. For this usecase I set up the OBO flow which works fine.
The SPA uses MSAL.js to request a token for middle tier API with /.default scope. The middle tier API knows the client as 'knownclient' in its Manifest. On very first login the application wants the user to consent to the combined scopes from client and middle tier. (If the user never used the app before)
The problem now is the following: By going further in the development process, new scopes are added for MS Graph in the middle tier API. However the client doesn't show the consent prompt to the user for giving his consent to use the new backend scope although using the /.default scope in the client.
The first approach I had was settings prompt='consent' to the MSAL setting in the frontend. This approach works but results in asking the user for consent every time he logs in.
The intended behaviour would be to just ask for consent if the middle tier API changes its scopes.
How do I have to set up my applications to get this result?
As I said in the comments, if you just add new permissions, don't use prompt='consent', because this will cause the administrator consent page to be triggered every time you log in as a user.
When you add a new permission, you only need to grant the administrator's consent, and there is no need to request the user's consent again. So, you only need to grant the administrator consent in the Azure portal. Or, use the url that the administrator consent to: https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}.
I wrote a Python script that does some manipulations on my Gmail account. Now, I want to run it, and for that I need an OAuth token.
Do I have to go through the trouble of creating a project in Google Cloud, registering an application to use the Gmail APIs, authenticating myself and granting my script permissions to access my Gmail?
In GitHub, for example, I can create a Personal Access Token which is a scoped token I can directly use in such scripts.
Have a look at the quickstart
When you run your code for the first time, you will be prompted to follow an URL to give authorization to the script. After this, the script will create an access token that is valid for one hour. A refresh token will also be automatically created. It will refresh your access token automatically when it expires and you will not need to do nothing anymore (unless you change the scopes).
I have a web applications and I wanted to allow users to pick file from oneDrive and submit those files. So my question is that, is there a way for me to allow for users who use my site to do this without asking them to log in for oneDrive ?.
I have a similar experience in googledrive and in there, we can do this through service account by authentication each users from the backend silently each time.
Further more, I have sign up for office 365 for business and link it to Azure and in there add few user to it via Active Directory.
Thanks in advance
One way is to use a designated account to create refresh token that has 'offline access' to the OneDrive. The offline access refresh token has a very long (or indefinite) expiry. Use OAuth 2.0 to create the refresh token.
Every time a user needs to browse the OneDrive, use the refresh token to request a short-term access token (again, this is OAuth 2.0). You can use that access token to access the OneDrive.
Unfortunately, my finding is that offline tokens have full read/write access - read only access doesn't seem possible.