I am currently using Strapi as my backend and am having issues with authentication.
When I hit /api/auth/local, the user is created in the strapi backend and the jwt token is created.
After that, I try to hit /api/users/me and the endpoint returns a 404. I have the user permissions for an authenticated user turned on (find, findOne, and me) but am still getting this error.
Please help and thank you in advance!
In my case, was appearing error 500 all the time, because the user was blocked. After change, worked for me.
I follow these explanation https://www.youtube.com/watch?v=8rju99LTUNA
Related
I am working on Safaricom Daraja API B2C but some of the required test credentials are not displayed in the Safaricom Dashboard.
As you can see above, the initiator name and security credentials are not provided yet they are needed in the B2C API call.
How do I get these credentials.
EDIT:
This question was asked before Safaricom upgraded to the new Daraja Dashboard. The problem has now been sorted
Apparently, for some unknown reason to us, Safaricom chose to hide the test credentials and if you need them, you have to write them an email at apisupport#safaricom.co.ke and request for the test credentials. You will get a response in less than an hour with shortcodes and initiators that you can use for test.
Source -> https://survtechnologies.co.ke/get-test-credentials-safaricom-m-pesa-daraja-api/
The test Credentials are on the simulator link, bottom right redirects to the link.
Please try this with the new mpesa portal2.0 - It is straight-forward
So I created a react-redux webapp, in which the login/signup is done using JWT authentication. This app uses a lot of server api, and due to security reasons each api request needs to accept a valid token, only then it sends back a valid response, else, it simply sends an error object back saying the token is not valid.
Now the problem arises when suppose I open my account in one browser, lets say chrome, and then I also open the same account in Firefox, now, obviously the token has expired in chrome, so when I make requests from chrome I simply get the error object returned, what would be good that I have a middleware before each server request which would check the validy of the token and then redirect to login if the token is invalid.
I am quite new to redux and was wondering if something like that is possible, any kind of help is appreciated, Thank you.
I am trying to delete a user from a realm using keycloak admin client api.
I am following an example from here:
https://gist.github.com/thomasdarimont/43689aefb37540624e35
Here is what my code looks like:
Keycloak kc = KeycloakBuilder.builder().serverUrl("https://localhost:8445/auth")
.realm("sensorcloud-auth").username("admin").password("admin").clientId("admin-cli")
.clientSecret("b6b4f0ec-9936-46a2-9f40-69c207e2e0f2")
.resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()).build();
kc.realm("sensorcloud-auth").users().get("a3fdac49-f7eb-4be7-a81f-b48b09a6694c").remove();
I can login to keycloak admin console using username admin and password admin, and I am pretty sure there is no typo with other parameters, but every time when I try to delete the user with that userId, I will be given a 401 Unauthorized error. Can someone help me figure out what is going on?
Not sure which version of keycloak admin client api you are using, with current API there is no remove operation.
It should be kc.realm(realmName).users().delete(id) . You can check the REST API for Delete User
We kept getting HTTP 401 status code responses when the hostname stamped on the iss field of the bearer's/user's access token had a different case i.e. lowercase vs. uppercase than the url used to post an HTTP request to keycloak's token endpoint.
While creating Keycloak instance, Realm should be master realm.
After creating instance with Master Realm, you can delete the user by using your code.
I had an issue regarding the logout . Once i am done with my logout and it's not popping me agin to enter the user name and password , why is it so ?
ttps://github.com/spring-guides/tut-spring-security-and-angular-js/tree/master/oauth2-vanilla
https://github.com/sharmaritesh/spring-angularjs-oauth2-sample
is it not the expected behaviour ? If so please suggest me what to do when i want to do the complete logout that means we have to delete refresh tokens as well i guess. the reason of not asking the username and password in my perspective , It's refresh token is valid and once i click teh login button it directly redirects me to the greeting page with generating the new access token with the help of refresh token.
But i would like to do the complete log out i.e, once the use clicks the logout and user should be able to enter his credentials to get the new refresh token and access token irrespective of the old refresh token expiration.
I really appreciate your help..!!!!
Thanks
Prince
I would suggest posting all of the relevant HTTP traffic flow between client (browser) and server, both the redirects and "back end" traffic.
So, basically take the approach of knowing little about the actual implementation of the client and server, and just focus on the OAuth2 authorization code flow, its a protocol after all. Without this we'll be stabbing in the dark.
In terms of an answer, as a guess the client application may be passing a cookie to the authorization server and your just not seeing it. This is exactly what happened to me with Spring Boot and WSO2 IS 5.1.0
We implemented OAuth 2.0 using Web Server Authentication Flow. It was working fine in October/November but all of a sudden it has stopped working. Whenever we try authorising another client the server return (400) Bad Request with the body
{"error":"unsupported_grant_type","error_description":"grant type not supported"}
grant_type is set as authorization_code which is definitely valid.
Is there any reason why OAuth would suddenly stop working?
This is how we have implemented OAuth:
First user is directed to: https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=blah.id&redirect_uri=https://domain.com/Web/Salesforce/Callback.aspx&scope=api%20refresh_token
User is prompted by Salesforce to login to their account.
Once user is authenticated Salesforce calls Callback.aspx, Callback.aspx requests refresh token on behalf of the client by making a POST request to: https://login.salesforce.com/services/oauth2/token with the payload:
grant_type=authorization_code&code=blah.code&client_id=blah.Id&client_secret=11111111&redirect_uri=https://domain.com/Web/Salesforce/Callback.aspx
Content type is definitely: application/x-www-form-urlencoded
After lot of fiddling around with fiddler figured out there was a space before grant_type=authorization_code in HTTP POST payload that was causing the issue.
Interestingly that space has been there in code base since July and this issue was first noticed on 14th Jan. It is possible Salesforce fixed a bug or made an internal change to reject space before grant_type=authorization_code.
Make sure you are using 'https' not http
If you are having this error while authorising an Org through terminal sfdx command -
error authenticating with auth code due to: grant type not supported
Worked for me 'https' solved my grant type not supported problem.