I have build and published the Data Studio connector for TradeTracker. The connector works great, but when users try to add a different account by trying to add a new datasource they can't re-enter their API Clientid and passphrase. How do I clear the 'old' credentials?
I have found there's an function to reset the auth: https://developers.google.com/datastudio/connector/auth#resetauth.
function resetAuth() {
var userProperties = PropertiesService.getUserProperties();
userProperties.deleteProperty('dscc.username');
userProperties.deleteProperty('dscc.password');
}
When should I call this function?
You can find the data studio connector here: https://datastudio.google.com/u/0/datasources/create
Search for 'tradetracker'.
Multiple auth profiles are not currently supported by Data Studio. If you want to authenticate to a data source with different credentials, you need to remove the connector (which will call resetAuth), then add it again and use your new credentials.
If this feature would be useful to you, please file a bug, or vote on an existing one. We look at this component in part when trying to prioritize new features for Data Studio.
Related
My job has tasked me to create a login page with username, password, reset password, sign in and sign up. When you login you are sent to a landing page. All should be done with react but i have to use filemaker server as a backend that stores usernames and passwords in a database. I've never used filemaker before and i don't know where to start. Any advise will be appreciated
Use Filemaker Data Api:
https://help.claris.com/en/data-api-guide/
Login call to get the token
Make a POST request to
{yourServerUrl}/fmi/data/version/databases/{database-name}/layouts/{layout-name}/records
to write the new record into the database.
Assuming your company is on a recent version of FileMaker (version 16 or later, I believe) then FileMaker Server has a feature called the Data API that publishes all FM data in a more standard-manner than going through the trials of ODBC or the PHP API.
The requirements are essentially just clicking the checkbox in the Server Admin control panel:
That feature has tiered pricing associated with it, but it includes a base amount of requests as part of having a server license and most likely you will find it to be the best avenue. If, for some reason, you can't use the Data API, going in via the PHP API which produces a more verbose XML output and is tied to fields visible on layouts is another avenue.
I would like to remove a user or group assignment to an enterprise app using Azure AD Graph or Microsoft Graph in C#.
Thanks,
Kevin
The answer provided by juunas is right, I just make some additions.
As you want to do this operation by c# code, so you can refer to my steps below:
1. Install two SDKs in your project.
Install-Package Microsoft.Graph.Auth -IncludePrerelease
Install-Package Microsoft.Graph.Beta -Version 0.14.0-preview
I referred to the document about install SDKs, but I can't find AppRoleAssignments in GraphServiceClient class. So please install SDKs with the commands above.
2. Please refer to the code below:
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using System;
using System.Security;
namespace ConsoleApp13
{
class Program
{
static async System.Threading.Tasks.Task Main(string[] args)
{
Console.WriteLine("Hello World!");
IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
.Create("your client id")
.WithTenantId("your tenantid")
.Build();
UsernamePasswordProvider authProvider = new UsernamePasswordProvider(publicClientApplication, new string[] { "https://graph.microsoft.com/.default" });
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var securePassword = new SecureString();
string password = "your password";
foreach (char c in password)
securePassword.AppendChar(c);
await graphClient.Users["user object id"].AppRoleAssignments["role assignment id"].Request().WithUsernamePassword("email account", securePassword).DeleteAsync();
Console.WriteLine("----complete---");
}
}
}
The role assignment id in AppRoleAssignments["role assignment id"] above comes from the list query graph api: GET https://graph.microsoft.com/beta/servicePrincipals/{id}/appRoleAssignedTo/{id}
3. Before running the c# code, we need to enable we have assign the delegated permission Directory.AccessAsUser.All to the app and enable the button shown as below screenshot.
4. After that, we can running the code and remove the user or group successfully.
5. By the way:
(1) The code I provided is for remove users assignment. If you want to remove group assignment, just modify the code as:
await graphClient.Groups["group object id"].AppRoleAssignments["role assignment id"].Request().WithUsernamePassword("email account", securePassword).DeleteAsync();
(2) You need to pay attention to the beta version of api as juunas mentioned.
Hope it helps~
To do that, you'd need to call this endpoint in MS Graph API: https://learn.microsoft.com/en-us/graph/api/approleassignment-delete?view=graph-rest-beta&tabs=http.
Though the docs seem to be missing it, you should be able to list the assignments for a user etc. by doing a GET without an assignment id.
I don't think you can guess the assignment ids, so you'll need to read them first from there.
And though it says you need delegated permissions to call the endpoint, that isn't completely true.
You can give an app the access as user permission and then login with a user and act on their behalf.
But you can also have an app do these without a user.
You can assign an administrator role to the service principal running a script, and that will allow it to do this as well.
You can do this through the Roles and administrators tab in the AAD management UI.
The only tough situation here is that this ability is only in the beta version of MS Graph API.
But Azure AD Graph API is not recommended for use.
So, you have two options right now:
Use the beta version of MS Graph API for this, and upgrade as soon as the API reaches a stable version
beta is a bit volatile, so there some risks in using it in production
Use Azure AD Graph API and upgrade to MS Graph API once it reaches a stable version
this upgrade would probably be mandatory
we are looking for brand new implementation for Identityserver4,
I wnet thru the documentation and install the Project on VS2017 and DB in sqlserver.
Database is created with the default migration script provided for bot ConfigurationData as well as Operational DAta.
I am very much confused , where the user will be how the clients will be add etc?
Also in the startup the default ASPNEtIdentity is add, but in database there is no ApplicationUser table, so where the userdata will be?
My requirement is simple - User will be aple to login to application by his credentials(or may be by 3rd party application) and will use the application or
API will directly use Identity server to with clientcredential scope,
Here please do let me know:
Should I introduce AspNetIdentity or Not, and Why?
Where is the user table and Password of the user in the database generated by the migration.
How we can add User clients and resources to the Created Database
Do I need to add Login/Logout page ?
In API APIResource is used to defined the Resources "api1" and same is used by the client code to get the access but this "api1" is not used anywhere with the definition/signature of the Method, so ow will it be correlated?
First off, IdentityServer4 on it's own does not handle users or authentication thereof - you either need to use ASP.Net Identity and the integration library that hooks it up to IdentityServer4 or build all of that stuff yourself.
So to sum up:
Yes you'll need to use that or roll your own user store and authentication logic
Either provided by ASP.Net Identity or built yourself
https://www.identityserver.com/documentation/admin-ui/ may fit your needs or you could build your own tooling and/or scripts to do so
Yes although the quickstart samples provide good basic starting points
The bearer token middleware by default will validate the audience (ApiResource.Name) but I prefer to enforce scope at a more granular controller or action level using a filter (e.g. [ScopeAuthorize("my.api")] public MyResult ApiAction() { ... }). This filter will check that the specified scope is defined in the set of claims in the ClaimsPrincipal).
Some weeks ago I discovered OpenID Connect and IdentityServer V3. I ran some of the supplied examples and I am today at the point where I need to go further but I don't know how to proceed:
Actually we have an "home made" authentication and authorization process and we'd like to move to an OpenID Connect solution. Identity Server seems to be the perfect candidate to do this.
Today our users are stored into an SQL Server Database and ideally I'd like to "connect" this table to Identity Server (without touching to the schema of this table). I read about "MembershipReboot" but it uses its own Database. I also heard about making a custom user service but in the sample (CustomUserService) I did not find anything helpfull. Today I'am a little bit lost because I don't know where to go and I realize that I'am not very far from the target.
I need help
Thank you
In the Custom User Service Sample you mentioned, it includes three variations of user service to show different approaches, but you really only need one of them.
In the LocalRegistrationUserService sample you'll find lines like these:
public override Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
var user = Users.SingleOrDefault(x => x.Username == context.UserName && x.Password == context.Password);
/// snip ...
and these:
public override Task GetProfileDataAsync(ProfileDataRequestContext context)
{
// issue the claims for the user
var user = Users.SingleOrDefault(x => x.Subject == context.Subject.GetSubjectId());
/// snip...
You need to replace those calls which look up values from the in-memory Users collection with something that opens a connection to SQL server and looks them up there instead.
See the Custom User Service documentation for more methods supported, but those two (AuthenticateLocalAsync, GetProfileDataAsync) plus your SQL lookup are all you need to get started.
I have usersettings directory in my plugin that add automatically configure your tools section. users can create secret and qrcode of this secret.
I wrote action for saving secret and when click save button the secret have been saved in textbox.
how can I be sure that my secret is stored in database?Does anyway to see it in database?Is there in metadata?
thanks
You can connect to database manually and see for yourself using ie. phpmyadmin or mysql cli interface. Look at table private_settings
Alternatively you can just use elgg_get_plugin_user_setting to dump the setting value.