I am using Auth0 to authenticate with discord.
The authentication works great with Google and returns a user class filled with information such as username and email. However, when using discord I am returned the below JSON which only has the nickname, name, and picture which are either empty or default.
{
"nickname": "",
"name": "",
"picture": "https://cdn.auth0.com/avatars/default.png",
"locale": "en-US",
"updated_at": "2020-10-31T22:10:50.094Z",
"sub": "oauth2|discord|[REMOVED JUST INCASE]"
}
Here is a picture of the popup login window :
Related
I've successfully setup a Blazor application to authenticate with the Azure tenant where I work. The authentication works beautifully. I have the App Registration setup in Azure with appRoles defined in the manifest. I've add a few users to the application with those roles assigned however I'm not getting any Role claims back on the user context after it authenticates.
Startup.cs
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
Manifest:
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "Coming soon.",
"displayName": "Viewer",
"id": "{guid goes here}",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "Viewer"
},
{
"allowedMemberTypes": [
"User"
],
"description": "Coming soon.",
"displayName": "Manager",
"id": "{guid goes here}",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "Manager"
}
],
I'm trying to retrieve those roles with the claims after authentication, but no roles are coming through. This is obviously making IsInRole not work and for the life of me I can't find any samples of code to achieve this.
I would greatly appreciate it if someone could point me in the right direction!
If the user has been assigned application roles, it should be returned in the id token. You can decode the id token by using https://jwt.io/.
I didn't find a blazor sample, but you can refer to this aspnetcore sample.
I'm following instructions for migrating my knowledge base from https://learn.microsoft.com/en-us/azure/cognitive-services/qnamaker/tutorials/migrate-knowledge-base.
Point 9 says I have to use the endpoint (image in the instructions below this point) to my bot. I have created a Web App Bot on Azure Portal.
For sdk3, I am able to set this endpoint information to my Web App Bot and get the KB to function. However, for sdk4 I can't do the same.
How do I migrate my knowledge base to sdk4 Web App Bot (QnA Maker)?
There is a good sample of QnA Maker bot with SDK v4 available here in the official samples:
C#: https://github.com/Microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore/11.qnamaker
Js: https://github.com/Microsoft/BotBuilder-Samples/blob/master/samples/javascript_nodejs/11.qnamaker
With these samples you can see that the endpoint (hostname) information is located on the .bot file, named here qnamaker.bot and looking like the following:
{
"name": "qnamaker",
"description": "",
"services": [
{
"type": "endpoint",
"name": "development",
"endpoint": "http://localhost:3978/api/messages",
"appId": "",
"appPassword": "",
"id": "25"
},
{
"type": "qna",
"name": "qnamakerService",
"kbId": "",
"subscriptionKey": "",
"endpointKey": "",
"hostname": "",
"id": "227"
}
],
"padlock": "",
"version": "2.0"
}
These values are used in the code.
This is what I have access to from the user:
email_verified
family_name
given_name
name
nickname
picture
sub
updated_at
The api wants an id /api/v2/users/{id}. I tried using the sub but it did not work. How do I get access to the user id? Or what else do I pass in?
When creating a user by posting to /api/v2/users the response contains the user_id as a field. The response you get looks e.g. like this:
{
"email": "john.doe#gmail.com",
"email_verified": false,
"username": "johndoe",
"phone_number": "+199999999999999",
"phone_verified": false,
"user_id": "usr_5457edea1b8f33391a000004", <-- this is the user id
"created_at": "",
"updated_at": "",
"identities": [
{
"connection": "Initial-Connection",
"user_id": "5457edea1b8f22891a000004",
"provider": "auth0",
"isSocial": false
}
],
"app_metadata": {},
"user_metadata": {},
"picture": "",
"name": "",
"nickname": "",
"multifactor": [
""
],
"last_ip": "",
"last_login": "",
"logins_count": 0,
"blocked": false,
"given_name": "",
"family_name": ""
}
You need that id in order to request user data via /api/v2/users/{id}.
If you don't the user_id you can try to get it via the /api/v2/users-by-email endpoint. The information you have according to your question is not enough. What happened to the other information?
EDIT:
What if I am using the lock widget to create users? How can I access
their id , and if not how can I update their information?
You can't create users using the lock widget. The user is registered on a social platform like facebook or google. The lock widget does only authenticate them via that platform any gives you some information about them which you of course can't edit because you do not own that data
I am able to get access to a user's accessToken, and am making a call to GET https://graph.microsoft.com/v1.0/me with an Authorization: Bearer <token> header.
However, in the response body I'm getting something like this:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": [
{
"givenName": "Foo",
"surname": "Bar",
"displayName": "Foo Bar",
"id": "b41efha115adcca29",
"userPrincipalName": "email.address#outlook.com",
"businessPhones": [],
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null
}
]
}
The mail property is null, and the userPrincipalName in this response body happens to the be the user's email address. However, there's this from Microsoft's docs:
Although the UPN and email share the same format, the value of the UPN for a user might or might not be the same as the email address of the user.
When initiating the login request of the user, we're requesting for the "user.read" and "email" scopes. We're using the MSAL.js library to obtain the access token, and our code reads something like this:
login (): ng.IPromise<IMicrosoftOAuthResponse> {
const prom = this.userAgentApplication.loginPopup(["user.read", "email"])
.then((idToken) => {
return this.userAgentApplication.acquireTokenSilent(["user.read", "email"]);
})
.then((accessToken) => {
// at this point, we have the accessToken and make a call to the graph api
});
return this.$q.when(prom);
}
How do I get the actual email address of the user here?
The mail property is set in one of 2 ways:
It's been set on on-premises AD, and then synchronized to Azure AD using AD Connect
The cloud user has been assigned an Office 365 license (and a mailbox), at which point the mail property is set for this licensed user.
If the user does not have an O365 mailbox/license, you could also search for the user by userPrincipalName, displayName, etc. $filter supports the OR operator.
Hope this helps,
Even though this is an old question, I thought I would share my solution to getting the email of a signed-in user. Be aware that this solution requires access to the user's id_token.
The response from calling the /me endpoint looks as follows:
Object {
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": Array [],
"displayName": "John Doe",
"givenName": "John",
"id": "xxxxxx",
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": "Doe",
"userPrincipalName": "johndoe_gmail.com#EXT##johndoegmail.onmicrosoft.com",
}
As we can see, the mail property of this response is null. I am however able to get the user email by decoding the jwt id_token passed along with the access_token when calling the /token endpoint.
By applying the decodeJwtToken() function (attached at the end of this post) to the id_token, I am able to get the user email from the result
Object {
"aio": "xxxxxxxx",
"amr": Array [
"pwd",
],
"aud": "xxxxx",
"email": "johndoe#gmail.com",
"exp": xxxxxx,
"family_name": "Doe",
"given_name": "John",
"iat": xxxxxx,
"idp": "live.com",
"ipaddr": "xxx.xxx.xxx.xxx",
"iss": "https://sts.windows.net/xxxx/",
"name": "John Doe",
"nbf": xxxx,
"nonce": "xxx",
"oid": "xxxxxxx",
"sub": "xxxxx",
"tid": "xxxxx",
"unique_name": "live.com#johndoe#gmail.com",
"uti": "xxxx",
"ver": "1.0",
}
The decoding function looks as follows:
decodeIdToken = (token) => {
var base64Url = token.split('.')[1];
var base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
var jsonPayload = decodeURIComponent(Buffer.from(base64, 'base64').toString().split('').map(function(c) {
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
}).join(''));
return JSON.parse(jsonPayload);
};
For me, https://graph.microsoft.com/v1.0/users/<userid>/authentication/emailMethods endpoint worked. For this, the client must have UserAuthenticationMethod.Read.All permission. One can find more documentation here.
Sample reponse:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('8225f1cd-8025-4f8b-bf94-c595e02e3403')/authentication/emailMethods",
"value": [
{
"id": "3ddfcfc8-9383-446f-83cc-3ab9be4be18f",
"emailAddress": "kim#contoso.com"
}
]
}
var user = graphServiceClient.Users[UserId].Request().Select(x=>x.Identities).GetAsync();
var email = user.Identities.FirstOrDefault().IssuerAssignedId;
create a trial account in microsoft office 365 business premium using the below link:
https://signup.microsoft.com/Signup?OfferId=467eab54-127b-42d3-b046-3844b860bebf&dl=O365_BUSINESS_PREMIUM&culture=en-IN&country=IN&ali=1
Follow the steps while creating the account. It will allow us to create users in office 365. These users are like internal users of an organization. Now open azure portal with the above credential. All users of office 365 will be imported in active azure directory.
Now register an application with Read users basic profile delegated permission in active azure directory. note down client id , client secret and tenant domain to get access token for service to service authentication. This access token can be used to get user records which will be containing mail field as abc#.onmicrosoft.com
I am making an API Call to Docusign to try to get a link for a recipient to sign his document without him having to go into his e-mail. I am doing this in APEX in a Visualforce page.
I am sending the following request to the endpoint: "https://demo.docusign.net/restapi/v2/accounts/661863/envelopes/21F02F6C-E156-46E0-BCDE-778D18DB4592/views/recipient"
My Request is:
{
"authenticationMethod": "email",
"email": "test#outlook.com",
"returnUrl": "www.docusign.net",
"userName": "LB -1 Demo 2"
}
The response I am getting is:
{
"errorCode": "UNKNOWN_ENVELOPE_RECIPIENT",
"message": "The recipient you have identified is not a valid recipient of the specified envelope. Envelope recipient could not be determined. 'clientUserId', 'email', or 'userName' in request and envelope may not match."
}
The envelope request is:
{
"signers": [
{
"name": "LB -1 Demo 2",
"email": "test#outlook.com",
"recipientId": "1",
"requireIdLookup": "false",
"userId": "05b324da-8ebb-4d4b-a58b-0ef019530214",
"routingOrder": "1",
"roleName": "Signer 1",
"status": "completed",
"signedDateTime": "2014-06-24T11:30:09.4630000Z",
"deliveredDateTime": "2014-06-24T11:29:58.5100000Z"
}
],
"agents": [],
"editors": [],
"intermediaries": [],
"carbonCopies": [],
"certifiedDeliveries": [],
"inPersonSigners": [],
"recipientCount": "1",
"currentRoutingOrder": "1"
}
The recipient information seems to match my request but the API call is still not working. Is this because I am missing a clientUserId and that is required for am embedded signing call? And if so, would I need to create the Envelope AND Recipients AND ONLY THEN can I make the embedded signer call?
This question is a duplicate, please search the DocuSignApi tag for existing answers before posting new questions. As Andrew has mentioned, this is a duplicate of this question:
Docusign Embedded Signing
You need to set the clientUserId property for any recipient who you want to be an embedded recipient. It's up to you what value to use, but make sure you include the same exact value when requesting the signing URL token.
There's also a detailed explanation of this on the DocuSign Developer Center under Features -> Embedding
https://www.docusign.com/developer-center/explore/features/embedding-docusign