I have a security.yml like a:
security:
firewalls:
first_area:
pattern: ^/someStr
********
second_area:
pattern: ^/otherStr
********
And I can login to user in the same firewall section, but I can't login to user in the other firewall section. I do it like this:
$token = new UsernamePasswordToken(user, null, 'second_area', userRoles);
$security->setToken($token);
Sharing context is more right way than manually storing token in the session: http://symfony.com/doc/current/reference/configuration/security.html#reference-security-firewall-context
Related
I'm curious if it's possible in firestore to block the user's gmail or email account and prevent that user from signing in or registering again
If you go to authentication and disable that user, they will not be able to sign in or register
You can disable the user to prevent further access. You can't disable user using client SDK(react in your case), must use firebase admin API to do this. Something like this:
admin.auth().updateUser(uid, {
disabled: true
});
For more info:
https://stackoverflow.com/a/43141780/8087468
I want access file in onedrive through console app. I follow this article:
https://learn.microsoft.com/en-us/learn/modules/msgraph-access-file-data/3-exercise-access-files-onedrive but i have a problem with Username login, i cant use my main email to login. Look pic below:
My email is 2 with full email is: closeheart777#live.com (which i cant use to login with). So i create the new user is number 3, i can use username: phong#closeheart777live.onmicrosoft.com to login. I think the problem is user principal name and username for my email is not actually email.
How i can use my main email to login?
Appreciate any comments.
#closeheart777live.onmicrosoft.com is actually your default domain name.Our general email address is: username + domain name,#closeheart777live.onmicrosoft.com will be added to your username by default when you create a user or invite guest users.
If you want to log in using closeheart777#live.com, obviously you need to use #live.com as your domain name. You can set #live.com as your domain name by custom domain name.
I already have a login page in my organization which access users' ID and password from HR system (see below).
My question is: how can I bypass the built-in login feature of shinyproxy and the navbar above my app(see picture below)?
Thanks for any suggestion and comment.
I find the solution as follows:
Just set authentication: none and hide-navbar: true in proxy in application.yml, and that's it.
proxy:
title: Standalone Docker Engine with euler Example
port: 8080
authentication: none
hide-navbar: true
Hi I am trying to use owner password credential flow by giving username and password and it is giving below error. I am using the native application as the client Id.
UserPasswordCredential credentials = new UserPasswordCredential(_userName, _password);
AuthenticationContext authContext = new AuthenticationContext(_authority);
var accessToken = await authContext.AcquireTokenAsync(_apiResourceId, _clientId, credentials);
accessToken.AccessToken;
AdalServiceException: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx' named 'nativeclient'. Send an interactive authorization request for this user and resource
I have a scenario where I cannot use client credential flow. Is there anything I am missing as when I use the powershell client ID 1950a258-227b-4e31-a9cf-717495945fc2 it works. How can I consent this application on the context of user as I am not the tenant admin.
It depends on whether the permissions you have added require admin-consent.
You can see it on Azure portal:
If the permissions require admin-consent, you have to use an admin account to do the consent by clicking "Grant admin consent for {your tenant}" here:
If the permissions don't require admin-consent, you just need to use a non-admin account to do the consent by accessing https://login.microsoftonline.com/{your tenant}/oauth2/authorize?client_id={Client ID}&response_type=code&redirect_uri={Reply URL}&resource={Resource you want to access, for example: https://graph.microsoft.com/}&prompt=consent.
Besides, could you please provide more details the "scenario where I cannot use client credential flow"?
I'm implementing a "no-reply" account for sending automated emails. Do I need the access key/refresh token, and if so where can I generate them for a service account?
At the moment I have this:
noreply = nodemailer.createTransport({
host: 'smtp.gmail.com',
port: 465,
secure: true,
auth: {
type: 'OAuth2',
user: smtpConfig.client_email,
serviceClient: smtpConfig.client_id,
privateKey: smtpConfig.private_key,
}
});
Which unfortunately gives me this:
{ Error: Invalid login: 535-5.7.8 Username and Password not accepted. Learn more at
535 5.7.8 https://support.google.com/mail/?p=BadCredentials h81sm3513839itb.18 - gsmtp
at SMTPConnection._formatError
...
Thanks!
you do not need a refresh token with a service account and nodemailer will generate the access key for you automatically
You cannot only use a service account to send emails for a GSuite account and not a gmail account.
If you have a gmail account you can use 3-legged OAuth2 authentication
Or turn on 2FA, generate an App Password and use that as seen here
If you ARE using a GSuite account you can use the ServiceAccount but you will have to make sure it has G Suite Domain-wide Delegation as described here and then you need to give access to the GSuite Domain as described here