Apache superset iFrame integration has CORS, not working - iframe

I want to integrate superset into an iframe.
I already added this into config.py
ENABLE_CORS = True
Also in Config.py, I saw this:
HTTP_HEADERS: Dict[str, Any] = {}
So no need to change
I copied admin role to Public role already
In iframe, I just used this url:
http://x.x.x.x:8088/superset/dashboard/world_health/?standalone=true" width=800 height=800
when loading, I saw this:
Request URL: http://x.x.x.x:8088/api/v1/chart/data?form_data=%7B%22slice_id%22%3A1133%7D&dashboard_id=1
Request Method: POST
Status Code: 400 BAD REQUEST
Remote Address: 35.163.155.64:8088
Referrer Policy: strict-origin-when-cross-origin
The strange thing is I saw other API is working fine, such as this:
http://x.x.x.x:8088/api/v1/chart/1133
So any special issue for this API? api/v1/chart/data?form_data
I already copied all the permissions from admin to Public.

Related

Confirmation of why cross-origin problems occur when using signInWithRedirect are resolved

I know that the signInWithRedirect() flow in Firebase does not behave correctly in some browsers because it uses cross-origin.
https://github.com/firebase/firebase-js-sdk/issues/6716
When using signInWithRedirect(), the following article is a best practice.
https://firebase.google.com/docs/auth/web/redirect-best-practices
I have an app created in Next.js with authentication using signInWithRedirect() and deployed it to Vercel.
If I do nothing, it will not work in Safari as described in the above issue.
So I took the following 3 actions and confirmed that it works correctly.
Reverse proxy settings(next.config.js)
/** #type {import('next').NextConfig} */
module.exports = {
reactStrictMode: true,
async rewrites() {
return [
{
source: '/__/auth/:path*',
destination: `https://${process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN}/__/auth/:path*`,
},
]
},
}
Changed authDomain when initializing FirebaseApp to the app's domain
In GCP, change approved redirect URI to https://<the-domain-that-serves-my-app>/__/auth/handler.
These are the third method in Best practices.
I do not fully understand why this setup solves the problem, and I would like to correct my understanding.
My understanding is as follows
authDomain = a.com (domain of the app)
An authentication request is generated from the browser and redirected to authDomain (a.com)
The request is forwarded to https://<project>.firebaseapp.com/__/auth/ because a reverse proxy is set up
Host the login helper code to the identity provider at <project>.firebaseapp.com.
Return to a.com
Access login helper storage from browser
Authenticated redirect URI is set to the app domain, so the information is stored in the browser's storage in the app domain. And since the authDomain is the same as the app's, the authentication iFrame is referenced to it.
Is this understanding correct?

How to fix "Callback URL mismatch" NextJs Auth0 App

I am using Auth0 NextJs SDK for authentication in my NextJS App. I am following this tutorial https://auth0.com/blog/introducing-the-auth0-next-js-sdk/. In my local machine, everything works fine.
The configuration for Auth0 in my local server:
AUTH0_SECRET=XXXXX
AUTH0_BASE_URL=http://localhost:3000
AUTH0_ISSUER_BASE_URL=https://myappfakename.us.auth0.com
AUTH0_CLIENT_ID=XXXX
AUTH0_CLIENT_SECRET=XXXX
In the Auth0 Dashboard, I added the following URLs :
Allowed Callback URLs: http://localhost:3000/api/auth/callback
Allowed Logout URLs: http://localhost:3000/
My local app works locally fine.
I uploaded the app on Vercel. And changed the
AUTH0_BASE_URL=https://mysitefakename.vercel.app/
In Auth0 Dashboard, updated the following information:
Allowed Callback URLs: https://mysitefakename.vercel.app/api/auth/callback
Allowed Logout URLs: https://mysitefakename.vercel.app
I am getting the following error:
Oops!, something went wrong
Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.
Please go to the Application Settings page and make sure you are sending a valid callback url from your application
What changes I should make it works from Vercel as well?
You can try to check if vercel isn't changing the url when redirecting to auth0. Your configurations seems good to me. The error is very explicit though. I think a good option should be to verify that the redirect (if handled by vercel) is doing with the same url as auth0 expects.
And don't forget to add the url you're currently on when performing the callback. Are you in https://mysitefakename.vercel.app/api/auth/callback when the callback is executed? (call auth0).
you have to change your base url in the env.local file
AUTH0_BASE_URL=https://mysitefakename.vercel.app/
you can also make two more env files namely env.development and env.production and set different base urls for different cases so that the correct base url is automatically loaded depending on how ur web app is running.
You need to add handleLogin under api/auth/[...auth0].js and that will solve it:
import { handleAuth, handleLogin } from '#auth0/nextjs-auth0';
export default handleAuth({
async login(request, response) {
await handleLogin(request, response, {
returnTo: '/profile',
});
},
});
Don't forget to also add allowed callback url in [Auth0 Dashboard]: https://manage.auth0.com/dashboard for your hosted app for both local and hosted instance:
http://localhost:3000/api/auth/callback, https://*.vercel.app/api/auth/callback

Session cookie not being set on server

I changed OAuth2 Login form frontend to backend implementation. OAuth2Login is setup using spring security configuration.
Everything worked in local machine.
But on server it doesn't create Session Cookie anymore. Which, I guess, creates the following exception:
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [authorization_request_not_found]
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:165) ~[spring-security-oauth2-client-5.1.2.RELEASE.jar!/:5.1.2.RELEASE]
So it wasn't entirely accurate that the session cookie wasn't being set. I think I looked it wrongly in chrome when I was looking it in production. But the cookie was seemed to be reset.
spring:
security:
oauth2:
client:
registration:
google:
redirectUri: https://<youurl>/login/oauth2/code/google
When I added this it created new problem:
org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_redirect_uri_parameter]
at org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeAuthenticationProvider.authenticate(OidcAuthorizationCodeAuthenticationProvider.java:132) ~[spring-security-oauth2-client-5.1.2.RELEASE.jar!/:5
.1.2.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175) ~[spring-security-core-5.1.6.RELEASE.jar!/:5.1.6.RELEASE]
at org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter.attemptAuthentication(OAuth2LoginAuthenticationFilter.java:186)
This is because redirectUri is HTTPS but google always returns HTTP
So I ended up adding reading a Stack Overflow post and added a OncePerRequestFilter to my project. Since it's google that is sending this over HTTP they must be thinking it's secure. Couldn't find any way to make google send it over HTTPS

Internal Server Error in OAuth for Google

EDIT: I was able to resolve the original error here when I realized my ROOT URL was set to my IP address rather than my domain. However, I now have a new issue. My client ID is the same as the original post below. This works fine in the local app, but in production, the popup flashes for a second and then the login box displays "Internal Server Error". I can't see any other messages that would explain it.
I am using the service-configuration package to load the settings, as follows:
ServiceConfiguration.configurations.upsert(
{ service: "google" },
{
$set: {
clientId: "************",
loginStyle: "popup",
secret: "***********"
}
}
);
If I add ?close to the end of my Authorized redirect URI, the Google popup comes up with a redirect_uri_mismatch error, showing the URI without ?close. I think there was an issue resolved here but it at least shows me that my project in Google is being recognized.
ORIGINAL POST
I am setting up an OAuth 2.0 client ID for accounts-google in Meteor and am seeing the following error:
400. That’s an error.
Error: invalid_request
Invalid parameter value for redirect_uri: Raw IP addresses not allowed:
http://***.***.***.***/_oauth/google
My Client ID in Google:
Authorized Javascript Origins
http://localhost:3000
http://myApp.com
Authorized redirect URIs
http://localhost:3000/_oauth/google
http://myApp.com/_oauth/google
I understand I must not be properly pointing the domain to the IP address. I have already set up an A record and the site works fine in other regards though, so not sure what step I missed.

External login with AspNet Web API

im trying to do external login with Google using Aspnet.
I created an mvc/webapi project with individual user accounts (vs2013). This will create some files like the 'AccountController' which contains GetExternalLogins action, after calling this action I get (because the google external login is set in the 'Startup' class) an object like this :
{
name: "Google",
state: null,
url: "/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11166%2F"
}
The problem now : when i do another http request to "/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11166%2F" I get the following error :
XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=my_client_id_here. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:11166' is therefore not allowed access
Im i doing something wrong ?
Thanks a lot.
I realized that its a silly question 5 seconds after posting it.
No need to do an http request, a simple redirection to the url works.

Resources