When trying to call the Alexa Device Address API using the following HTTPS endpoint;
apiEndpoint/v1/devices/deviceId/settings/address/countryAndPostalCode
Header:
Authorization, "Bearer eyJ..... apiAccessToken"
I receive back an HTTP 403 response with an error message saying
{
"type": "FORBIDDEN",
"message": "The authentication token is not valid."
}
I have enabled the countryAndPostalCode permission in the skill, and ensured that it is granted within the Alexa iOS app.
The skill itself is still under development (not published), it's in the en-GB locale, and I'm testing from the Alexa iOS app under the same Amazon account.
I have enabled the countryAndPostalCode permission in the skill, and
ensured that it is granted within the Alexa iOS app.
To be safe, I suggest you to triple-check by navigating to Skill Settings > Permissions > Manage Permissions, and make sure the toggle for "Device Country and Postal Code" is enabled. I have seen some inconsistency on Android between the status shown on the Skill Settings page and the actual toggle state.
Double-check your header: {"Authorization": "Bearer " + apiAccessToken}. As you mentioned, consentToken has been deprecated, so it should be apiAccessToken. Also make sure you have a space between Bearer and apiAccessToken.
If it still doesn't work, try re-enabling the Skill. Perhaps you got into a bad state somehow.
As a side note, apparently it does not allow you to call the countryAndPostalCode API even if you have permission to retrieve the full address. So if you requested the full address permission, you have to call the full address API.
Related
I try to fetch a refresh token for my alexa smarthome skill. For this I'm using the following command ask util generate-lwa-tokens --client-id <client_id> --client-confirmation <secret>
The outcome is a Http 400 with "localhost is not whitelisted". The message points to adding the url under Web Settings-> return url.
However there is so such option in the Alexa developer console.
400 Bad Request
The redirect URI you provided has not been whitelisted for your application. Please add your redirect URI in the 'Allowed Return URLs' section under 'Web Settings' for your Security Profile on Amazon Developer Portal.
The place where I can add a return urls is in the Amazon developer console under Security profiles. But I don't see a way to connect this profile with my alexa skill.
My question is, how to get a refresh token for an Alexa skill.
The idea is to use this token for automated testing.
Usually when that error message occurs, it means that the deviceInfo::productId value in AlexaClientSDKConfig.json does not match the corresponding value from the AVS developer console.
I'm trying to get Bing ads spends from my firm. According to the Microsoft documentation, I understood that it's mandatory to use Microsoft Azure portal, get developer_token, client_id, tenant_id, client_secret, and access/refresh token to download the csv files with the data I want.
So, this is what I did:
I've received an invitation from my firm to Microsoft advertising onto this email adress:
abc#myfirm.fr, and I've generated my developer token.
With this email address, I've created a web application onto Microsoft Azure portal, which allow all king of users. Getting client_id, tenant_id, and generated a client_secret.
The redirect URL that I have chosen is http://localhost (according to the documentation but not sure this is the good URL to choose).
With Postman, I have tried with this endpoint:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
and the params (previously obtained) needed for the OAuth 2.0 authentication to get my access token. Without success.
The issue is here.
When I request the access token, a new browser window opens, and asks for an email address on which to authenticate. I'm using my email address abc#myfirm.fr and I received authentication completed onto Postman but into the response body I have access_token: invalid.
The role of my account is super admin.
So I'm trying to authenticate with a professional Microsoft Azure Account and this time I received into the browser Invalid redirect url.
I have also tried to start all over again with different email address, like my personal email address, or with the email address of the creator of the Microsoft Advertising account, and I get the error contact your system Admin into the browser.
I have also tried with the Python SDK project given in the documentation, with the error message.
I must have forgotten or misunderstood something.
Should we use the same email address (or same account) on Microsoft Advertising, on Microsoft Azure, and when obtaining the access token?
Do you have to pay and take an Azure subscription? (Already done but without success)
Thanks in advance, sorry for my English.
EDIT:
Thank for ypur reply. The full request is: https://login.microsoftonline.com/common/oauth2/v2.0/authorize with the following params:
-type: OAuth 2.0
-Header Prefix: Bearer
-Grant Type: Authorization Code
-Callback URL: https://localhost
-Auth URL: https://login.microsoftonline.com/{my-tenant_id}/oauth2/v2.0/authorize
-Access Token URL: https://login.microsoftonline.com/{my-tenant_id}/oauth2/v2.0/token
-my client id
-my client secret
-scope: https://ads.microsoft.com/ads.manage OR also testing with https://graph.microsoft.com/User.Read
-State: None
-Client authentication: send client credentials in body
Give me an access_token but when I click on use token and send the request, I'm not getting an refresh token
Once a user provides consent, you can get an access token and act on behalf of the user.
So when the browser session starts, you should enter your Microsoft Advertising credentials.
Remember to set scope=https://ads.microsoft.com/ads.manage in the request for acquiring the authorization code.
If you prefer to automate this process, you can refer to this script and steps to obtain an access token.
I have enabled the Web Application Firewall in the Azure FrontDoor with the default policy with the detection mode.
In the logs generated by the WAF, we can see the firewall is marking the reply url set in AAD with action as Block.
I believe the firewall is detecting this as threat.
Since the url is required for the working of AD authentication, what can be done to ensure the security ?
Or this can be ignored ?
Go to your WAF policy of Front Door WAF policy and click Managed rules. Collapse all and click the related policy and change action to Allow. Then refresh the WAF in front door, it will apply.
You could custom rules for WAF with Azure Front Door and refer to the disable rule in app gateway to fix false positives.
You shouldn't need the reply URL to properly as it's really only required to get the access token. If you're getting the access token and you don't need access to the reply url, this shouldn't be something you need to worry about.
If you would like to get to the reply url for purposes of your application, you could unblock it, but there shouldn't be any security issues assuming you know that the reply url is secure.
Per the docs : https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url
A redirect URI, or reply URL, is the location that the authorization server will send the user to once the app has been successfully authorized, and granted an authorization code or access token. The code or token is contained in the redirect URI or reply token so it's important that you register the correct location as part of the app registration process.
I am getting 403 Forbidden when I try to get location details through Amazon location API.
I have enabled "Request users to access resources and capabilities." but still I get a 403 Forbidden response?
The apiAccessToken is included in all request to your skill, but it doesn't mean that you have access to resources. You will have to either explicitly grant access to your skill under Settings menu of your alexa skill or you will have to send a permission card to the user for consent.
In node sdk you can send a permission card like this:
return handlerInput.responseBuilder
.speak(speechOutput)
.withAskForPermissionsConsentCard(['read::alexa:device:all:address'])
.getResponse();
where read::alexa:device:all:address is the permission value for Device Full Address.
Once the permission is granted, fire a GET request with deviceId and apiAccessToken to the specified apiEndpoint
Endpoint for Full Address is: /v1/devices/*deviceId*/settings/address
Country/region & postal code: /v1/devices/*deviceId*/settings/address/countryAndPostalCode
More info here
Hope this helps!
I'm making a React app and trying to use Auth0 to authenticate. After trying to log in, it returns this:
XMLHttpRequest cannot load https://my-domain.auth0.com/usernamepassword/login. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I thought it would be related to this: CORS problems with Auth0 and React but I have both http://localhost:3000, http://localhost:3000/login in the 'Allowed Origins (CORS)' spot in Auth0's settings (and yes I'm using the correct client ID as well).
I tried putting http://localhost:3000/, http://localhost:3000/login in the 'Allowed Callback URL's (don't know exactly what that does) but that didn't work either.
When I use the social connection (Google) it allowed me to login after putting http://localhost:3000/login in the Allowed Callback URL's.
But it still won't work for just a new user logging in.
Any help?
If it makes a difference:
Auth0 Logs show for the social login but there are no logs at all for when I connect otherwise
I think related to this is that I also get this every time I load the page:
There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a "Origin" error has been logged before this warning, please add "http://localhost:3000" to the "Allowed Origins (CORS)" list in the Auth0 dashboard: ...(link to my dash)
I get a 404 from the gravatar website
Also I get these errors (may not be related):
Refused to set unsafe header "accept-encoding"
Refused to set unsafe header "user-agent"
Something was wrong with the client in Auth0. I don't know what it was but I built an Angular4 app and connected to the same client in Auth0 and got the same errors. I then tried deleting the client in Auth0 and making a new one and now it works. I have no idea what was causing the error, but creating a new client and connecting to that one fixed the issue.