I am developing a simple audio client for Watson assistant solutions and I am having problems authorizing the client.
I am following this guide https://watson-personal-assistant.github.io/developer/audio/audio_authentication/ but the Api Key I am using is not recognized.
The error message I get is the following:
"errorMessage": "Provided API key could not be found"
The Api Key I am using is the one displayed in the user's card (that appears when clicking the user's avatar in the top-right corner of the page).
In the console there is the Clients tab which states:
A client can be a device such as a smart speaker or wearable, but it could also be a mobile app or web-based chatbot. Use this page to create credentials for those clients and assign an entity to them.
I thought that an Api Key could be created here, but it is not.
The Watson Assistant Solutions Service is now using IAM API key instead of the API key for the MultiTenant Audio Gateway. This does pre-req that you have a An IBM Cloud ID account
To create your own IBM IAM API key use these directions https://console.bluemix.net/docs/iam/userid_keys.html#userapikey
You also need your tenant id you can find that in the WASol Console.
Your client will have to send the following properties
Server connection parameterss. For userID note to not include ( # # . or other special chars). There is an issue we are fixing.
host=wa-audio-gateway.mybluemix.net
userID=carlos.ferreira
IAM API Key is Used to authenticate the client device
IAMAPIKey=yourIAMAPIkey
Choosing which skill set to use (Required parameter)
skillset=industry
Your tenant ID (Required parameter)
tenantID=yourtenantID
Client language specific preferences can be passed (Optional parameter with a default value: en-US)
language=en-US
Choosing which STT and TTS engine to convert audio to text and text to audio - possible values are : watson, google , (Optional parameter with a default value : watson)
engine=google
Controls playback method. Playback using an audio URL in the response [true], playback by streaming audio from the server [false]
urltts=false
You can find a reference Java implementation for the Audio Gateway here. https://github.com/Watson-Personal-Assistant/AudioClientSampleCodeJava
Please note that you also need to use IBM APIKey for programmatic access to the WASol Core text routing service. Here is a code example I did to get Amazon Dot/Alexa skill to communicate with WASol Assistant skill set.
Related
I want to implement a connected OAuth app in Salesforce which should trigger push events in case some entities changed, for example an opportunity was closed.
Zapier implemented something similar
https://zapier.com/apps/salesforce/integrations/webhook
Could not find something I need which is a simple way to subscribe to entity changes using the OAuth client's token and passing a webhook endpoint. I read about apex callouts, streaming API and outbound messages.
Yeah, we solved this exact problem at Fusebit and I can help you understand the process as well.
Typically speaking here's what you need to do:
Create triggers on the Salesforce Objects you want to get updates for
Upload Apex class that will send an outgoing message to a pre-determined URL
Enable Remote Site Setting for the Domain you want to send the message to
Add in Secret Verification (or other auth method) to prevent spamming of your external URL
If you're leveraging javascript, then you can use the jsforce sdk & salesforce tooling API to push the code into the salesforce instance AFTER the Auth flow has occurred AND on Salesforce Instances that have API access enabled (typically - this is enterprise and above OR professional with API enabled).
This will be helpful for you to look through: https://jamesward.com/2014/06/30/create-webhooks-on-salesforce-com/
FYI - Zapier's webhooks implementation is actually polling every 15 minutes, instead of real-time incoming events.
In which programming language?
For consuming outbound messages you just need to be able to accept an XML message and send back "Ack" message to acknowledge receiving, otherwise SF will keep trying to resend it for 24h.
For consuming platform events / streaming API / Change Data Capture (CDC) you'll need to raise the event in SF (Platform Event you could raise from code, flow, process builder, CDC would happen automatically, you just tell it which objects it should track).
And then in client app you'd need to login to SF (SOAP or REST API), subscribe to channel (any library that supports cometd should be fine). Have you seen "EMP Connector", mentioned for example in https://trailhead.salesforce.com/en/content/learn/modules/change-data-capture/subscribe-to-events?trail_id=architect-solutions-with-the-right-api ?
Picking right messaging way is an art, there's free course that can help: https://trailhead.salesforce.com/en/content/learn/trails/architect-solutions-with-the-right-api
And pretty awesome PDF if you want to study for certification: https://resources.docs.salesforce.com/sfdc/pdf/integration_patterns_and_practices.pdf
I'm trying to switch from basic Google Street View API to Premium. As such, when I'm using:
(space after https is added because I can't post more than two links in the post)
https:/ /maps.googleapis.com/maps/api/streetview?location=40.720032,-73.988354&size=400x400&fov=90&heading=235&pitch=10&key=MY_PREMIUM_API_KEY
I get an image with a Google watermark, which does not scale further than 640x640, same as when using a basic API key.
Okay, to use the advantages of Premium GSV API, I also need to make a digital signature. I've generated a secret key and signed my url (with dropped domain, as said in the tutorial) using python code from there: https:/ /github.com/googlemaps/url-signing/blob/gh-pages/urlsigner.py - it generates just the same signature as one on the Google website: https://developers.google.com/maps/documentation/streetview/get-api-key?hl=en_GB#premium-key
Finally, I add the signature to the URL:
(space after https is added because I can't post more than two links in the post)
https:/ /maps.googleapis.com/maps/api/streetview?location=40.720032,-73.988354&size=400x400&fov=90&heading=235&pitch=10&key=MY_PREMIUM_API_KEY&signature=MY_BASE64_SIGNATURE
However, this is what I get in return instead of an image:
"The Google Maps API server rejected your request. This API project is not authorized to use this API. Please ensure that this API is activated in the APIs Console: https://console.developers.google.com/apis/library?project=_"
It cannot be that API project is not activated, as basic API with this project & Premium key works. Any ideas, why does it happen and Premium image download doesn't work?
It appeared to be a purely technical problem, the quotas were exceeded.
Http Form adapter serves as an authentication service in my application. I have not implemented any application on the Identity Provider to get user inputs.
Therefore, on successful authentication, SP verifies the user's signature and redirects to the application. At my target Resource, I receive an open token. Is it still possible to utilize the open Token Jar to read the user attributes from OTK?
**Note: ** In Service Provider, I use open token Adapter.
Also, please let me know if there is any other possible way of getting the user attributes other than using the open token adapter/http form adapter.
Thanks.
There are numerous SP Adapters you can choose to use for your last mile integration with your application. The OpenToken Adapter is just one of them. If your application is in Java and you are using the SP OpenToken Adapter, then you would most likely use the Java OpenToken Agent implementation within your application to read the OTK (documented in the Java Integration Kit). If you look at the Add Ons list, there are actually 3 flavors of OTK Agents (.NET, Java and PHP from PingID. Ruby on Rails and Perl are available via respective Open Source repositories).
However, you are not limited to OpenToken Adapters. The Agentless Integration Kit is also very popular for SP/last-mile integration with PingFederate.
Unfortunately, the question is just too open ended for the Stackoverflow format. I would suggest talking to your Ping Identity Solution Architect who can help steer you in the right direction and ask the necessary follow-up questions on your use case.
If understand the question correctly, you desire attributes to be fulfilled that the web application can read and utilize. This starts with the SP Connection configuration. I am going to assume you are using Active Directory and already configured that data source along with the Password Credential Validator (PCV) for the HTML Form IdP Adapter. In the SP Connection you will need to extend the attribute contract to define the values to put into the SAML assertion and then use the Active Directory data source to fulfill the attributes. When the SAML assertion is received by the PingFederate SP role server, the SP Adapter maps the attribute values from the SAML assertion into the OpenToken. When your application receives the OpenToken, it can read the values.
I am busy writing an mobile application that connects with IBM SmartCloud. Since I want to use OAuth 2.0 I find it difficult to handle the Secret Key and the Client ID.
Since I have to Register the Application within the IBM SmartCloud console, and copy the Client ID and Secret Key to the App I am creating... Well that ain't the biggest problem, but when someone wants to use my app on another environment he doesn't have the same Secret Key and Client Id.
What is the best way to deal with this, because I want to make it usable for others, and not only for my use.
You may want to refer to the ibmsbt.openntf.org - the sources include directory includes a project for iOS. It's tested with IBM Connections On Premises
http://www.openntf.org/main.nsf/project.xsp?r=project/Social%20Business%20Toolkit%20SDK/releases/F07E34DFDDA6C06686257C6B006C6393
The project uses a callback to a custom PROTOCOL/URL : ibmsbt://myapp?code=
For IBM Connections/SmartCloud, you'll want to register an OAuth2 Key.
When you register you'll want to register your application, ibmsbt://myapp/
Then You can use these endpoints and parameters:
https://apps.na.collabserv.com/manage/oauth2/token/manage/oauth2/authorize?response_type=code&client_id=app_20085940_1384885218905&callback_uri=ibmsbt%3A%2F%2Fmyapp%2Fcallback
https://apps.na.collabserv.com/manage/oauth/authorizeToken?oauth_token=OAUTH_TOKEN
Important: API has changed - Read this first:
https://developers.google.com/accounts/docs/AuthForInstalledApps
ClientLogin has been officially deprecated as of April 20, 2012. It
will continue to work as per our deprecation policy, but we encourage
you to migrate to OAuth 2.0 as soon as possible.
I want to build two application client (some python/java program) and server (Google App Engine application) and authenticated with google acount from client to server to get some secret information.
Let me explain scenario:
Server has address https://example.appspot.com.
Client want download restricted information from https://example.appspot.com/restricted so this url is defined and login: required in app.yaml.
Client use some Google Account example_login and example_password to get access.
How properly authenticate from client into Google App Engine to get access to https://example.appspot.com/restricted?
Another easy method, without login, is to use HMAC. You create a MAC signature based on timestamp (to make every request unique) and a secret MAC KEY. You request contains the timestamp and the MAC signature. The server can verify the MAC, because it also has the secret MAC KEY.
This Python code works on both sides (client and server)`:
import hmac, base64, hashlib
new_hmac = hmac.new(key=my_secret_MAC_KEY, msg=timestamp_in_request, digestmod=hashlib.sha256)
signature = base64.b64encode(new_hmac.digest()).decode()
if signature_in_request != signature : raise ValueError('access denied')
This works fine for a single user, because you have to manage a single key. When you have a lot of users, client login is a much better option.