How to make authorized "post" request strapi graphql apollo nextjs - reactjs

I am building an ecommerce website using strapi, apollo, graphql, nextjs, when an authenticated users ordering they need to send jwt token using headers but I am little confused how to do that. Here is my code on apollographql playground.
mutation Mutation($data: OrderInput!) {
createOrder(data: $data) {
data {
id
attributes {
name
phone
products {
data {
id
attributes {
price
name
media {
data {
attributes {
url
}
}
}
}
}
}
status
details
createdAt
user {
data {
attributes {
username
}
}
}
}
}
}
}
When I do that it is giving following error.
{
"errors": [
{
"message": "Forbidden access",
"extensions": {
"error": {
"name": "ForbiddenError",
"message": "Forbidden access",
"details": {}
},
"code": "FORBIDDEN"
}
},
{
"message": "Forbidden access",
"extensions": {
"error": {
"name": "ForbiddenError",
"message": "Forbidden access",
"details": {}
},
"code": "FORBIDDEN"
}
}
],
Without authorisation its working fine, but I do not know how to insert jwt token

Looks fine to me. You probably inserted an expired token. Have you tried turning on the create permission for authenticated role?

Finally I solved the issue by allowing "find" method in user permission tab.

Related

How To Get Google User Profile Info Using Access Token From OAuth?

I am using ReactJS on the frontend: I successfully retrieved the access token from Google's Oauth service, but it doesn't give me any profile information for the 'current user'.
I tried using the /userInfo endpoint, ?access_token={my_access_token} query str, and some other solutions but I keep getting weird errors.
Currently I have:
const { access_token, refresh_token } = res.data; // now I have valid access_token
let userInfo = await axios.get("https://www.googleapis.com/oauth2/v3/userinfo",
{
headers: {
Authorization: `Bearer ${access_token}`
}
}); // ERROR WHEN MAKING THIS CALL.
My specific 401 error is as follows:
If there are better ways of getting user info (such as first/last name, email, etc. some sort of unique ID) please let me know.
You shouldnt rely on the user info endpoint to get user profile informaiton. As long as you are requesting the profile scope from the user, or even email. you should go though the People api. This will give you access to all of the users profile data.
GET https://people.googleapis.com/v1/people/me?personFields=names HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
response
{
"resourceName": "people/117dd2004755326722775346",
"etag": "%EgUBAi43PRoEAQIFBddyIMR3BzQkR2cnI1ZGc9",
"names": [
{
"metadata": {
"primary": true,
"source": {
"type": "PROFILE",
"id": "117200155326727753146"
}
},
"displayName": "Linda Lawton",
"familyName": "Lawton",
"givenName": "Linda",
"displayNameLastFirst": "Lawton, Linda",
"unstructuredName": "Linda Lawton"
},
{
"metadata": {
"source": {
"type": "CONTACT",
"id": "3faa96eb0118baa4be"
}
},
"displayName": "Linda Lawton",
"familyName": "Lawton",
"givenName": "Linda",
"displayNameLastFirst": "Lawton, Linda",
"unstructuredName": "Linda Lawton"
}
]
}

google smart home actions implement offline response issue

I implement google smart home actions for plug device,
I can control on/off plug with no problems, but about implement
response offline status for Execute and Query, it seems google assistant never get status, it always said "OK, turn on/off plug", My response JSON log from cloud function log as below:
Execute:
{
"requestId": "847886417406301663",
"payload": {
"commands": {
"ids": [
"T90197200015"
],
"status": "ERROR",
"errorCode": "deviceOffline",
"online": false
}
}
}
Query:
{
"requestId": "11887439270473779795",
"payload": {
"devices": {
"T90197200015": {
"errorCode": "deviceOffline",
"status": "ERROR",
"online": false
}
}
}
}
Is the format correct, why google assistant didn't get offline status?
BR,
Jack
Yes that format is correct. The device generally may be offline, sending the status: "ERROR" and errorCode are more contextually applied to the specific request and response.

Google Auth apis returns OPERATION_NOT_ALLOWED 400

I am using this API
https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=[API_KEY]
I have pass correct token and param same as in documentation but still, it returns 400 OPERATION_NOT_ALLOWED
https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=[API_KEY]
Param:-
{
"email": "test#test.com",
"password": "123123",
"returnSecureToken": true
}
Response
{
"error": {
"code": 400,
"message": "OPERATION_NOT_ALLOWED",
"errors": [
{
"message": "OPERATION_NOT_ALLOWED",
"domain": "global",
"reason": "invalid"
}
]
}
}
Go to firebase console -> authentication -> sign-in method
and then enable email/password providers

microsoft graph filter assigned role

In Azure Active Directory I created an app, in the manifest file I've update the appRoles with the following value:
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "Client manager",
"id": "bf77e391-0bbf-4e33-854b-a384a5ac0630",
"isEnabled": true,
"description": "Client manager can manage all client actions.",
"value": "ClientManager"
}]
I updated my user so that my assigned role is no longer Default Access but is Client manager
With Graph api I'm trying to retrieve this assigned role.
I tried this uri but for some reason it will not return my role(s).
https://graph.microsoft.com/beta/me/appRoleAssignments?$filter=resourceId eq 04dcaab1-7219-4689-8510-4672e957ac11$select=appRoleId
But the response is:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "ce3cb456-956b-41c5-84a2-cdcdfe1ac3c5",
"date": "2018-11-05T20:54:08"
}
}
}
I could create a workaround requesting all my roles, for all my applications but this is something I would like to avoid. This would end up with the following uri:
https://graph.microsoft.com/beta/me/appRoleAssignments?$select=resourceId,appRoleId
and results in this json, where I need to filter out my applicationid.
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments(resourceId,appRoleId)",
"value": [
{
"appRoleId": "00000000-0000-0000-0000-000000000000",
"resourceId": "667cc3aa-00b9-4526-bde5-b81312ed5afb"
},
{
"appRoleId": "00000000-0000-0000-0000-000000000000",
"resourceId": "64b92ac1-4a56-478c-8774-5c584fb200e5"
},
{
"appRoleId": "bf77e391-0bbf-4e33-854b-a384a5ac0630",
"resourceId": "04dcaab1-7219-4689-8510-4672e957ac11"
}
]
}
I tried several solutions proposed on StackOverflow already but for some reason, all the eq filters don't work. I'm testing my query with the Graph explorer. My desired result should be something like this:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments(appRoleId)",
"value": [
{
"appRoleId": "bf77e391-0bbf-4e33-854b-a384a5ac0630"
}
]
}
It seems not support to filter resourceId with https://graph.microsoft.com/beta/me/appRoleAssignments.
As mentioned in the doc:
Not all parameters are supported across all Microsoft Graph APIs, and support might differ significantly between the v1.0 and beta endpoints.
Also, if we filter the id with GET https://graph.microsoft.com/beta/me/appRoleAssignments?$filter=id eq 'xxxxxxx', it will work fine. So I think the format of the query should be correct, the only possibility is it is not supported as mentioned in the doc.

"Send To Messenger" page scoped user id, different to messenger id

When using the "Send To Messenger" plugin, the response received is:
{
"object": "page",
"entry": [
{
"id": "410441912660258",
"time": 1506529761355,
"messaging": [
{
"recipient": {
"id": "410441912660258"
},
"timestamp": 1506529761355,
"sender": {
"id": "1388094137927363"
},
"optin": {
"ref": "login"
}
}
]
}
]
}
However, when I interact with Messenger using the same Messenger Account, Facebook sends:
{
"originalRequest": {
"source": "facebook",
"data": {
"sender": {
"id": "1271682282961502"
},
"recipient": {
"id": "1818762375111057"
},
"message": {
"mid": "mid.$cAAZ2J6JWBDZk9XGKQVexCxoKu27Y",
"text": "hi",
"seq": 17289
},
"timestamp": 1506529788481
}
}
}
Note that, despite using the same Messenger account, the sender/recipient IDs are different. So I can't match any users up from the Messenger Chat vs the Send To Messenger button.
I believe this is because the "Send To Messenger" button is using the Page Scoped User ID of the relevant Facebook Page, instead of the Facebook App. Is there any way to match these two IDs or, to tell the Send To Messenger button to use the APP ID instead of the Page ID?
You can use the ID matching API
https://developers.facebook.com/docs/messenger-platform/identity/id-matching

Resources