When i redirect a user to the coinbase oauth url, the "BTC Wallet" in "Wallet Access" is always preselected. Is it possible to send an additional information as query parameter or scope to preselect the desired wallet currency (As example ETH).
Coinbase OAuth Landing Page Screenshot
Problem solved. It is possible to request all wallets with an additional parameter "accounts=all". See Coinbase Connect OAuth2 Reference. Not exactly the requestes future, but serves for the needed purpose.
Related
I have 3 applications:
An IdentityServer4 API which provides Google authentication and also provides an access token to authorize the resource API.
A simple Resource API which provides some data from DB.
A simple Client in React which have 4 buttons:
Login, for Google auth
Logout
Get data - a simple request with the access token to the Resource API and gets the data from Db
Get user data - returns user profile and token (for debug purpose)
I didn't put any sample code because my problem is not code related, it's knowledge that I'm missing and I ask for guidance.
The workflow is working just fine: the user press the Login button, it is redirected to IdentityServer4 API for Google Auth. From there it is redirected to a Callback Page from the Client and from there to the Index page. I receive the user data and the token, I can request data from the Resource API and it's working.
My problem is: How do I give a Role to the Google Users ?
I don't have users saved in DB. I want three types of Users: SuperAdmin, Admin, Viewer and each of these roles have limited Endpoints which can access.
For limiting their access I saw that I can use Claims-based authorization or Role-based authorization.
So, my question is how ca I give a Google User who wants to login in my app, a specific Claim/Role ? What is the workflow ? I must save it first in DB ? Or there exists a service from Google where I can add an email address and select a Role for that address ?
Thank you very much !
After you get the response from Google in your callback you can handle the user and do what ever you want to do with it. Below are the some typical tasks that you can do in callback that I took from documentation page of identityserver4 link:
Handling the callback and signing in the user
On the callback page your typical tasks are:
inspect the identity returned by the external provider.
make a decision how you want to deal with that user. This might be
different based on the fact if this is a new user or a returning
user.
new users might need additional steps and UI before they are allowed
in.
probably create a new internal user account that is linked to the
external provider.
store the external claims that you want to keep.
delete the temporary cookie
sign-in the user
What I would do is creating an new internal user account that is linked to the external provider and add a role to that user.
If you don't want to save users in db, you can add an extra claim to user in callback method and use that claim in token. and i think this link will help with that.
I'm trying to get Bing ads spends from my firm. According to the Microsoft documentation, I understood that it's mandatory to use Microsoft Azure portal, get developer_token, client_id, tenant_id, client_secret, and access/refresh token to download the csv files with the data I want.
So, this is what I did:
I've received an invitation from my firm to Microsoft advertising onto this email adress:
abc#myfirm.fr, and I've generated my developer token.
With this email address, I've created a web application onto Microsoft Azure portal, which allow all king of users. Getting client_id, tenant_id, and generated a client_secret.
The redirect URL that I have chosen is http://localhost (according to the documentation but not sure this is the good URL to choose).
With Postman, I have tried with this endpoint:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
and the params (previously obtained) needed for the OAuth 2.0 authentication to get my access token. Without success.
The issue is here.
When I request the access token, a new browser window opens, and asks for an email address on which to authenticate. I'm using my email address abc#myfirm.fr and I received authentication completed onto Postman but into the response body I have access_token: invalid.
The role of my account is super admin.
So I'm trying to authenticate with a professional Microsoft Azure Account and this time I received into the browser Invalid redirect url.
I have also tried to start all over again with different email address, like my personal email address, or with the email address of the creator of the Microsoft Advertising account, and I get the error contact your system Admin into the browser.
I have also tried with the Python SDK project given in the documentation, with the error message.
I must have forgotten or misunderstood something.
Should we use the same email address (or same account) on Microsoft Advertising, on Microsoft Azure, and when obtaining the access token?
Do you have to pay and take an Azure subscription? (Already done but without success)
Thanks in advance, sorry for my English.
EDIT:
Thank for ypur reply. The full request is: https://login.microsoftonline.com/common/oauth2/v2.0/authorize with the following params:
-type: OAuth 2.0
-Header Prefix: Bearer
-Grant Type: Authorization Code
-Callback URL: https://localhost
-Auth URL: https://login.microsoftonline.com/{my-tenant_id}/oauth2/v2.0/authorize
-Access Token URL: https://login.microsoftonline.com/{my-tenant_id}/oauth2/v2.0/token
-my client id
-my client secret
-scope: https://ads.microsoft.com/ads.manage OR also testing with https://graph.microsoft.com/User.Read
-State: None
-Client authentication: send client credentials in body
Give me an access_token but when I click on use token and send the request, I'm not getting an refresh token
Once a user provides consent, you can get an access token and act on behalf of the user.
So when the browser session starts, you should enter your Microsoft Advertising credentials.
Remember to set scope=https://ads.microsoft.com/ads.manage in the request for acquiring the authorization code.
If you prefer to automate this process, you can refer to this script and steps to obtain an access token.
I am developing custom skill in Alexa, which required Account Linking. I am using Implicit grant for account linking. I have my own login page for account linking here. I also refer this post for implicit grant account linking. but I have no luck. when i try to login it will redirect to it's redirect url but every time I receive Unable to Link your skill.
My Account linking authorization URI looks like this
Authorization URI:https://orangeappstudio.com/Alexa?state=N.virginia&client_id=xxxxxxxxxx&response_type=token&scope=userinfo.email&redirect_uri=https://pitangui.amazon.com/spa/skill/account-linking-status.html?vendorId=xxxxxxxx
and when user enter the correct crediential it will redirect user to the redirect url as mension in the Account linking console.
My redirect uri is
Redirect URI:https://pitangui.amazon.com/spa/skill/account-linking-status.html?vendorId=xxxxxx#state=N.virginia&access_token=2YotnFZFEjr1zCsicMWpAA&token_type=Bearer
I have no idea what am i doing wrong.I have gone through the forums about the same, but couldn't find what exactly the issue is. Could any one please help me out in this regard.
It must be due to value of state Query String parameter being sent to Amazon Skill redirect URL along with access_token.
According to Implicit Grant Flow, when the Alexa app calls the specified authorization URI, it includes state, client_id, response_type, scope, and redirect_uri as query string parameters. You must pass un-altered value of state parameter when redirect along with access_token.
Using IdentityServer 4 for authentication which work with different clients, that support OpenID Connect and OAuth 2.0 protocols for AAD authentication
In scenario, if there is an error before Login or after Login (authentication)
User is redirected to Home\Error, default exception middlerware handler. Here I want to provide user with 'Retry Url' which redirects to Client link.
Appreciate if any body can suggest on this.
In Account Controller Login() you can get the return_url from the model(check LoginViewModel). Just validate this return_url and Redirect the user, it will take it to the client. You can also fetch the redirect_uri from return_url which have the client info - if thats what you are looking for!
You can always pass the return_url to error view and inject it in a hyperlink where user can click to go back to the client.
I can't figure out how can I get email address from twitter. I've been using this as example - https://github.com/sahat/satellizer/tree/master/examples/server/node. I've also seen that it's possible to get email from twitter's oauth - https://dev.twitter.com/rest/reference/get/account/verify_credentials. Thanks
The example server doesn't appear to get the email in the twitter case.
And the documentation link explains how to request
Requesting a user’s email address requires your application to be
whitelisted by Twitter. To request access, please use this form.
Once whitelisted, the “Request email addresses from users” checkbox
will be available under your app permissions on apps.twitter.com.
Privacy Policy URL and Terms of Service URL fields will also be
available under settings which are required for email access. If
enabled, users will be informed via the oauth/authorize dialog that
your app can access their email address.
"Given that you have to go through all the hoops to get whitelisted by Twitter in order to access user's email, it is it not part of the example code. If you really need to get user's email, you may have to do that outside Satellizer's auth flow." - sahat (owner of satellizer)