I'm using react-native-auth0 version 1.6.0, and have been following the guide on the Github page here. In the "Web Authentication" -> "Log In" sections, it recommends passing only scope and audience to the auth0.webAuth.authorize() method. However, I also saw this documentation where in the "Database/AD/LDAP" section they say that response_type, client_id, and redirect_uri are all required.
What I Want To Know:
What is the difference between the protocols followed for auth0.webAuth.authorize() in the first and second guides? Which should I follow?
Some of the params are assumed because of the library or already input when you initialize. For instance, response type is assumed to be code, and you will have already input your client ID when initializing WebAuth.
https://auth0.com/docs/api/authentication#authorization-code-flow-with-pkce
Related
https://developers.coinbase.com/api/v2#request-money
Following example provided her I run into the issue:
coinbase.wallet.error.InvalidRequestError: APIError(id=invalid_request): Missing parameter: type
trekked into the code and saw that the param is added by the request_money function in client.py.
Seems to be an error in the API for the 2021-03-05 API.
I see it's a common issue (there's 2 other instances of this) but wondering if there was a recommended work around.
Answer:
https://commerce.coinbase.com/docs/api/#create-a-checkout
Use coinbase commerce. This is the supported API for trading amongst wallets.
Can confirm the checkout system works!
Wish that Coinbase advertised this a bit more :/
Noticed that the Saml2AuthnResponse Destionation is set based on the relyingParty.SingleSignOnDestination which is retrieved from a "configuration" (harcoded relyingParties array).
I think the Destination should be based on what is set in the AuthnRequest samlp:AuthnRequest -> AssertionConsumerServiceURL and use the relyingParty Destination maybe as a fallback if its missing from the AuthnRequest, but from what I see every AuthnRequest contains the ACS URL.
Or is there a reason why it is implemented this way ?
Thanks
It is part of the security only to replay known URLs/domains. Therefore it is important to configure the relyingParty.SingleSignOnDestination for each relying party.
To have a dynamic response URL you can extend the code to verify that the authnRequest.AssertionConsumerServiceUrl starts with the value in relyingParty.SingleSignOnDestination.
E.g. the value in relyingParty.SingleSignOnDestination could be "https://somedomain.com"
and thereby accept different authnRequest.AssertionConsumerServiceUrl like "https://somedomain.com/auth/AssertionConsumerService" or "https://somedomain.com/acs"
/^[_a-z0-9]+(\.[_a-z0-9]+)*[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,7})$/
That's the pattern. It says "ok" when it's correct, and "not ok" when it's incorrect. So it says "ok" on www.google.com, but "not ok" when I type http://www.google.com
What I'd like is this pattern to allow http:// too, but it should never be a requirement.
You can use the following regular expression, which I lifted off borrowed from the documentation of the Perl module URI on CPAN (escaping of slashes mine).
/(?:([^:\/?#]+):)?(?:\/\/([^\/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?/
It will give you all the different parts of the URI in capture groups.
Those parts are:
scheme (http:)
authority (not applicable here)
path (www.google.com)
query (q=querystring)
fragment (#anker)
See https://regex101.com/r/vS5qO1/1 to try it out.
Also note that this will parse all types of URIs, not only http(s). So stuff like ftp://anonymous#example.org will also work.
If you're looking to only allow http/https URL schemes (when the scheme is provided), the following modification to your regular expression will do the trick:
/^(http:\/\/|https:\/\/)?[_a-z0-9]+(\.[_a-z0-9]+)*[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,7})$/
You can use my answer as an example of how to add the url scheme group to your existing regex, but credit #simbabque, as he has a much more complete answer.
We have a user that our corporate portal cannot fetch the groups for from AD.
On the portal logs we see this error:
javax.naming.PartialResultException: Unprocessed Continuation Reference(s) remaining name ''
I've Googled for the error and the best symptoms that seem to describe this case and how to resolve it are here: http://www-01.ibm.com/support/docview.wss?uid=swg21232921
Assuming we don't want to change the configuration just because of one user but to amend the data of this specific user can someone please explain me how can recognize this when examining the user's record in the AD? Is this something to do with his groups assignments and if yes then what should I look for?
I just ran into this.
I got around it by setting your InitialDirContext environment to have the Context.REFERRAL key set to "follow".
According to the Javadocs, that key can be "follow", "ignore", or "throw". The default is determined by the provider you use, which is probably "throw".
Check out this link for a bit more data on what your API is telling you: http://www.jspwiki.org/wiki/ActiveDirectoryIntegration
I'm not an expert on this API but can explain at least what I think is going on based upon that doc & knowledge of what AD is doing. :)
AD returns what are called "referrals" when you do searches that have naming contexts outside of this local server/search but in the logical scope of your request. This is per RFC request. Think of a referral as a hint to you the app that there might be more data out there...ie, that is, the AD server is saying "here are the results I have for you but, you should know, there is someone else that might have more...go here to find out."
Referrals aren't an "error" they are a hint to the app.
It seems that your LDAP API is throwing an exception when encountering them. Per the docs I referenced above, it looks like you can either swallow them or chase the referral to find out if there is more data.
add this for env properties
env.put(Context.REFERRAL,"follow");
Also one of the issues that i found was that the incorrect search query string in ldapContext. The incorrect query formed due to wrong format of parameter throws:
javax.naming.PartialResultException: Unprocessed Continuation Reference(s) remaining name ''
But if we add the parameter Context.REFERRAL="follow", then it does not throw an exception but neither does it return result.
The parameter to ldap query string should also match the that is being accepted by LDAP else it will throw the same error.
How does cakephp handle a get request? For instance, how would it handle a request like this...
http://us.mc01g.mail.yahoo.com/mc/welcome?.gx=1&.rand=9553121_pg=showFolder&fid=Inbox&order=down&tt=1732&pSize=20&.rand=425311406&.jsrand=3
Would "mc" be the controller and "welcome" be the action?
How is the rest of the information handled?
Also note that you could use named parameters as of Cake 1.2. Named parameters are in key:value order, so the url http://somesite.com/controller/action/key1:value1/key2:value2 would give a a $this->params['named'] array( 'key1' => 'value1', 'key2' => 'value2' ) from within any controller.
If you use a CNN.com style GET request (http://www.cnn.com/2009/SHOWBIZ/books/04/27/ayn.rand.atlas.shrugged/index.html), the parameters are in order of appearance (2009, SHOWBIZ, books, etc.) in the $this->params['pass'] array, indexed starting at 0.
I strongly recommend named paramters, as you can later add features by passing get params, without having to worry about the order. I believe you can also change the named parameter separation key (by default, it's ':').
So it's a slightly different paradigm than the "traditional" GET parameters (page.php?key1=value1&key2=value2). However, you could easily add some logic in the application to automatically parse traditional parameters into an array by tying into how the application parses requests.
CakePHP uses routes to determine this. By default, the routes work as you described. The remainder after the '?' is the querystring and it can be found in $this->params['url'] in the controller, parsed into an associative array.
Since I found this while searching for it, even though it's a little old.
$this->params['url']
holds GET information.
I have tested but it does work. The page in the Cakephp book for it is this link under the 'url' section. It even gives an example very similar to the one in the original question here. This also works in CakePHP 1.3 which is what I'm running.
It doesn't really use the get in the typical since.
if it was passed that long crazy string, nothing would happen. It expects data in this format: site.com/controller/action/var1/var2/var....
Can someone clarify the correct answer? It appears to me that spoulson's and SeanDowney's statements are contradicting each other?
Would someone be able to use the newest version of CakePHP and get the following url to work:
http://www.domain.com/index.php/oauth/authorize?oauth_version=1.0&oauth_nonce=c255c8fdd41bd3096e0c3bf0172b7b5a&oauth_timestamp=1249169700&oauth_consumer_key=8a001709e6552888230f88013f23d5d004a7445d0&oauth_signature_method=HMAC-SHA1&oauth_signature=0bj5O1M67vCuvpbkXsh7CqMOzD0%3D
oauth being the controller and authorize being a method AS WELL as it being able to accept the GET request at the end?