I am creating a connected app to call some APIs on behalf of a user. The connected app is created from an account under Developer Edition. Now, when the user with Professional Edition connects to the app, I am able to complete the oauth flow and received the token correctly.
The issue is when i call an API, lets say the Contact API, the response i get is as below
{
message: 'The REST API is not enabled for this Organization.',
errorCode: 'API_DISABLED_FOR_ORG'
}
I am creating this app so that any user with a salesforce account can integrate and retrieve information. I am not sure if that's how connected apps work in salesforce or if I have missed any permissions.
Related
I have the following entities:
An mobile app
in-house API Server
in-house OAuth Server
I need to implement OAuth in mobile app to the OAuth Server, and access user information in the API server afterward, and I am having trouble with how this can be achieved securely. I have only think of the following methods:
Method 1: Pass user id directly from Mobile App to API server
Login user through OAuth in mobile app (using library like AppAuth)
Store the user id retrived from OAuth in mobile app
Mobile app send the user id to the API server, so they can retrive the correct resources back to the mobile app
However, this method seems non-secure, as attacker can fake their user id when passing to the API.
Method 2: Pass OAuth access_token to API server, let API server call OAuth server again
Login user through OAuth in mobile app (using library like AppAuth)
Store the access_token retrived from OAuth
Mobile app send the access_token to the API server
API server pass the access_token to the OAuth server
OAuth server return the user info back to API server
Now API server have the user info, and can return the correct resources back to the mobile app
Method 2 seems more secure, however I don't seems to see this kind of infrastructure suggested by anybody. This method also seems resource intensive as API server need to call OAuth server every time an API is called.
So my question is:
What is the best Practice with accessing API Server on mobile app which login using OAuth?
If there is a best practice, any link to those resources?
Thank you!
I have a WCF service hosted by Azure and secured by Azure AD. when I use the web to access the service I am prompted with the Azure login,after a successful login,I reach the data. I am trying to access the data form Winforms, I reach the OAuth2 login screen, I successfully login and get the token. I add the token to the context headers, but still receive this message:
InnerException = "You do not have permission to view this directory or page."
any help on how to access WCF secured with Azure AD, from Winforms ?
There could be multiple reasons for this error and it's hard to guess.
But here are few things to check.
Your client application (Winform) is registered with Azure AD and has
permission to access your web app. Make sure desktop/mobile apps have
to be registered wtih Azure AD as native app.
Your Audience is set correctly in Azure AD . I have seen many people
struggle if they don't have it set properly.
If your WCF is hosted in app services then turn on the real time logging. Go to app services and turn on the "Diagnostic logs".Under "Diagnostic logs" set the "application log" to verbose. After this go to "Log Stream" in app service to view the real time app logging. Now if you hit your web app with your client you should be able to see the why are you getting 401 unauthorized.
Hope that helps !
All we want from an org is Connected App Key/Secret credentials. Is it recommended to create an AppExchange app for this? Can creating an AppExchange app allow me to create Connected App? I am required to send this information back to my server for querying Salesforce information through APIs. Currently I am requesting admin of Salesforce org to create one connected app for me.
You do not need an app exchange app, you just need to have the provide the Admin the callback url and the and the admin can create a connected app for your application. You may also need to provide more information depending on how the app will connect to salesforce (OAuth flow etc). The Admin would be able to provide the Client Key and Secret that you need
I am looking for a pattern/technical solution to the following problem.
I want to have two types of mobile apps, call them Client and Admin. Client would allow one to enter their "client number" or scan a bar code. Upon submission, the following would happen:
1) REST call to a cloud server app which would record the client signing in (got it covered);
2) REST response to the Client app identifying a successful sign-in (got it covered);
3) Call to Admin app identifying a sign-in (successful or not) with client's details (unknown).
I am not sure how to accomplish #3 as it would be the cloud server app pushing information to the Admin app. There could be multiple Client apps and more then one Admin app. Details of all client interactions would have to be pushed to all Admin apps.
I am looking for suggestions. Thanks.
I'm using cloud endpoints with authentication on python environment.
And I have two registered apps, one is native, other is web, on Cloud Console.
In native app, I can use my apis after authentication. But in web app, below error is happened.
Oauth framework user didn't match oauth token user.
The sequence is below:
I can get the result of gapi.auth.authorize() with token.
And when I call gapi.client.oauth2.userinfo.get(), I can get user info without error.
But when I call my api, I get this oauth error.
Of course I added client ids(native, web, api explorer) to allowed_client_ids.
But if the client id of web is removed, same error is happened and no warning about client id missing.
(As far as I know, If the client id in the request is not in allowed_client_ids, the warning about Client ID is not allowed is in the log)
And when I call api through the api explorer, same error is happened.
I don't have any idea how to investigate about this error with this short log message.
Is there any check points, suggestions?
Sorry for my poor English.
thanks,
UPDATE:
After some investigations, I've got root cause, it's Authentication Type of the application.
The Authentication Type of my application is Google Apps domain.
I created another application with Google Account API authentication type and deployed same code,
I can get user info from get_current_user().
In the document, Cloud Endpoints project is created through Cloud Console,
but my application is created through AppEngine Console before.
thanks,