I'm just starting to look at the AppStoreConnect API, and thought PAW would be rather useful in figuring out the various calls that can be made and the data returned.
I do have ruby code to generate the signed JWT token, but I was wondering if it is possible to generate this signed JWT token from within PAW itself
Is this possible, and if so, could someone advise me on what I need to do? Thank you!
Related
I want to add "Sign-in with Google" as an alternative to creating an account when signing up for our services.
I want the process to retrieve the user's email address and name. That's it.
And this example was all I needed
https://developers.google.com/identity/sign-in/web
Worked great. Very similar to Log in with Facebook, which I added last week.
But now I read that it won't be supported after March 2023.
Using the destined-for-the-dustbin JS code, I can get back useful info about the account I'm logging in with.
ID: 10855600*******690837;Frank;Hart;frank.hart*****#gmail.com
The parameter passed to the callback function has a getBasicProfile() method which does the job
var profile = googleUser.getBasicProfile();
But using the new code, I found (by trial and error) that the parameter passed to the callback function is an object, which has three fields, the only potentially useful one called credential, with content such as:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ2Mjk0OTE3NGYxZWVkZjRmOWY5NDM0ODc3YmU0ODNiMzI0MTQwZjUiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJuYmYiOjE2Mjg4NTQzOTcsImF1ZCI6IjY1MjE0Nzk1NjY0My05aWVmdHN2bmZraDVma2x1NHUxOGg1Ymc3MDA0YjdsOC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjEwODU1NjAwNDY3OTg0NzY5MDgzNyIsImVtYWlsIjoiZnJhbmsuaGFydDA0N0BnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXpwIjoiNjUyMTQ3OTU2NjQzLTlpZWZ0c3ZuZmtoNWZrbHU0dTE4aDViZzcwMDRiN2w4LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwibmFtZSI6IkZyYW5rIEhhcnQiLCJwaWN0dXJlIjoiaHR0
Now, my guess is that I have to send that string to my server, and do something with it, possibly involving the "Client secret" that is associated with the App on developers.google.com. But I've been looking most of the day, and I'm not sure if what I've found is necessary - I hope it isn't
https://developers.google.com/identity/sign-in/web/backend-auth
Do I now need to become an OAuth2 programmer just to add a Sign-in with Google button?
The good news is that you do not need to learn OAuth2, you do not need to follow the backend-auth guide linked in your question. This migration actually removes the complexity OAuth2, access and refresh tokens from sign-in. Yes, there is the difficulty of learning and understanding the new and different way of securely sharing the user profile. Hopefully, after cresting over the learning curve you'll see how this makes working with a profile more simple.
JSON Web Tokens (JWTs) are now used to securely share the Google Account profile.
That big pile of text--the credential, it is a base-64 encoded and a JWT.
jwt.io has an online JWT decoder that's handy for testing and a nice writeup of working with JWTs. After decode its just a JSON object, no get methods are necessary, just access the individual fields.
All this said, you need to decide whether decode should take place in the user's browser, or on your backend server. This depends upon how you're working with the profile and your setup. Typically, you'd decode on your server after a redirect using data-login_uri in HTML or login_uri in JS.
There are a large number of JWT decode libraries available, so it's very likely you'll be able to add a JWT library, decode it and you're all set to access the individual fields in the credential.
I have been studying the DriveAPI for a while now and can't seem to find a simple way to get it to work just for MY needs only...
I would like to use the DriveAPI only with just the REST API (HTTPS).
There are many things like token, clientid, apikey, secrets, etc.
All I need, is to search MY OWN GDrive files (FULLTEXT CONTAINS) and get a result from the API but I can't get it to work.
Please remember, this is for my own needs only and I would like to bypass the verification (login) window and get some kind of token, that lasts forever, so I can implement this in my own tool.
So, how can I authenticate and use the DriveAPI with just plain HTTPS?
My efforts so far:
I have already made a client ID and a client KEY for a sample project in the dashboard. I have also an Google Drive API KEY. From this point, I don't really know where and what to send.
As I mentioned in my comment, there is no "bypass" for the OAuth 2.0 authentication (that's why there is authentication enforced in the first place). Have you done any coding for this that you can share? For most REST API's OAuth 2.0 authentication is required. Your application must be able to request the token and use it to make the requests.
Google API's use Google Identity service to provide the tokens. In the following document there are many examples of how this implementation should be done in different programming languages:
https://developers.google.com/identity/protocols/OAuth2WebServer
Is there a way to validate Firebase registration tokens on my server without making a round trip to Firebase servers? I just want to know if they are valid, not necessarily active.
There is currently no way to validate tokens on your own.
I presume that you intend to validate it by checking the format, which would be unadvisable. Token formats have the tendency to change as Google wants it too.
I am using WebApi for the first time and I want to implement token authentication for my existing users stored in the database, but I have been unable to find any good solutions to do this. I already referred to many solutions found on Google, but I have not been able to understand what mistake I am making when I implement them.
Please, if someone could give any source sample, that would be a great help.
I have had success using this approach to generating tokens link. There are 5 parts to the article and helps with understanding some of the concepts of token generation, reissuing tokens, enabling CORS, and using OAuth2.
I've been using Tweepy for OAuth and twitter API calls. For a whole bunch of reasons, I'm switching to urllib and making HTTP requests directly.
It appears have two options:
I can do oAuth directly over HTTP, but the existing resources seem to either say "don't bother, just use a library," or they don't cover half of the process.
I can continue using Tweepy to get a key/secret pair, but from there I'm still not clear on how to use that pair to authenticate my queries. Specifically, what do I have to do before "https://api.twitter.com/1/statuses/home_timeline.json" to authenticate, supposing I've already completed the OAuth process and have a key/secret for the user I want.
Why don't you use a more generic oauth library (like oauth2), instead of throwing out the oauth authentication library idea entirely?
https://github.com/simplegeo/python-oauth2
Signing a request for OAuth means either implementing the signature function yourself for each request or using an existing library - and creating oauth signatures is pretty complicated and prone to breakage. As someone who's supported OAuth-based APIs for a couple of years I strongly encourage you to use a library.
The oauth2 library has an example for getting a token/secret for twitter.
Once you've gotten the token and secret, the oauth library is as simple as:
consumer = oauth.Consumer(consumer_key, consumer_secret)
token = oauth.Token(token,secret)
client = oauth.Client(consumer,token)
response = make_request(client,"https://api.twitter.com/1/statuses/home_timeline.json")