It gives error when I want to login with SAML2:
Unable to load User ID: 1 in
./__swift/apps/base/models/User/class.SWIFT_User.php:109
Unfortunately It there is a bug on Kayako SAML plugin and there should be a (dummy) user with ID:1 in the kayako DB
Related
I am using this url "https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))" for getting the user name and user image, but I am getting an error response.
This is the response I'm getting:
I am using React Linked In Login Using OAuth 2.0 package.
I am trying to follow this Get access without a user to get access token. I am getting access token using API request https://login.microsoftonline.com/<-tenant-id->/oauth2/token. When i used step 5 for above given link i got the following error :
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"request-id": "e9e9820e-2a3f-411a-bc77-760c9369fc8f",
"date": "2020-01-02T06:17:41"
}
}
}
I have registered app with the following permission : Calendars.Read, Calendars.ReadWrite, Sites.Read.All, User.Read, User.Read.All and have generated secret key and registered redirect url as :
User.Read.All.
My questions are:
1. Have i done anything wrong while creating app?
2. Why step 4 is not working of the link?
3. Did i get wrong access access using the above given api request?
In step 5, it calls the Microsoft Graph - Get a user, so make sure your app has the User.Read.All Application permission in Microsoft Graph(must be application permission, not delegated permission), after adding the permission, it appears like below(Note: don't forget to click the Grant admin consent button)
In the doc you provided, it uses the v2.0 endpoint /oauth2/v2.0/token, but you use the v1.0 endpoint /oauth2/token in your question.
So please change the request URL to /oauth2/v2.0/token, then use the one below.
Request URL:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Request body:
client_id=xxxxxxxxxxxxxxx
&scope=https://graph.microsoft.com/.default
&client_secret=xxxxxxxxxxxxxxxx
&grant_type=client_credentials
You can get the token in the postman.
Then use the token to call the Get a user API:
GET https://graph.microsoft.com/v1.0/users/<object-id of the user>
The application associated with client id 09ac92da-a796-4cd9-973b-c97756____ has no registered redirect URIs
Description
I followed the steps described in https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc?tabs=applications.
When attempting to obtain the token in Postman using ROPC I'm getting
{
"error": "invalid_request",
"error_description": "AADB2C90007: The application associated with client id '09ac92da-a796-4cd9-973b-c97756____' has no registered redirect URIs.\r\nCorrelation ID: e85003c3-cfd5-43ad-a74b-efa5c1ea6525\r\nTimestamp: 2019-12-06 19:47:42Z\r\n"
}
I should not be asked for a redirect URIs.
My POST is as follows:
URL: ''https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth"
username: some_username_of_a_user
password: its-password
grant_type: password
scope: openid offline_access 09ac92da-a796-4cd9-973b-c97756____
client_id: 09ac92da-a796-4cd9-973b-c97756____
response-type: token id_token
I didn't reproduce your issue by following this document. Here are the main steps for your reference.
1.Create a resource owner user flow
2.Register an application(It is an application under Azure AD B2C, not Azure AD)
3.Test the user flow
This error generally occurs because you still need to configure some application claims in the b2c directory user flow to allow complete access to the application.
You need to make sure that the right versions of the authentication are in the reply url (likely extension v2.0) and that the reply URL is configured in the application and in the code.
Please look to the documentation for the reply URL schema that you would need to follow: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-register-applications?tabs=applications#register-a-web-application
If you still run into this issue let me know and I can reach out to the correct product team contacts, as sometimes this can happen due to breaking changes on our end.
I have setup my GSuite account as a SAML iDP for Cognito User Pools (not identity pools).
If i provide no attribute mappings a new user trying to signup via GSuite login gets the following error.
Error in SAML response processing: Invalid user attributes: email: Attribute is required.
However if I add an email mapping, the user can signup. But can't ever sign in again as they get this error (strange as email is writable by this app client)
Error in SAML response processing: Invalid user attributes: email: Attribute cannot be updated.
Ideas as to whats going on?
In browser, using Hosted UI.
It turns out I had made the email address immutable during CloudFormation setup. Even though the email is not being modified, it needs to be mutable.
You can determine the mutability of email via the following command.
aws --output table cognito-idp describe-user-pool --user-pool-id <user pool id> | grep -B6 -A7 " | email "
For anyone who is facing this issue when using SAML and AD as the identity provider, you have to configure Attribute Mapping.
Go to Attribute Mapping under Federation, Enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress for SAML attribute and Select Email fro User pool attribute
I had the error below randomly after being able to login the first time. Disabling and then deleting the user from the pool and allowing Cognito to recreate it fixed the issue for me. I assume there is an AWS bug here somewhere.
Error in SAML response processing: Invalid user attributes: email: Attribute cannot be updated.
I am developing React js app where the user can log in using google account , I want to retrieve the registered phone number for the user by using firebase login.
I have followed this tutorial to make the login flow
https://github.com/firebase/firebaseui-web-react
my question is : Can I get the phone number of the user when he/she
logged into my system using google email ?
this is part of the code I use to login
firebase_ui_instance.start('#firebaseui-auth-container', {
signInFlow:'popup',
signInOptions: [ {
provider: firebase.auth.GoogleAuthProvider.PROVIDER_ID,
// Required to enable this provider in one-tap sign-up.
authMethod: 'https://accounts.google.com',
scopes: [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/user.phonenumbers.read'
],
customParameters: {
// Forces account selection even when one account
// is available.
prompt: 'select_account'
},
// Required to enable ID token credentials for this provider.
// This can be obtained from the Credentials page of the Google APIs
// console.
clientId: '[MY_CLIENT_ID]',
credentialHelper: firebaseui.auth.CredentialHelper.GOOGLE_YOL
}
I was able to get many info about the user(email,full name...) but not the mobile number...
Have you tried the API on this page and tried to execute the query on the right hand side?
https://developers.google.com/people/api/rest/v1/people/get
You'll get the access token and you'll need to use to make the API call.