In .Net Core 3.1, I found that it could not read the optional claim from Azure AD - ipaddr. Anyone have idea?
Identity token: XXX
Identity token: System.Security.Claims.Claim[]
Claim type: acct - Claim value: 0
Claim type: http://schemas.microsoft.com/claims/authnmethodsreferences - Claim value: pwd
Claim type: auth_time - Claim value: 1592477364
Claim type: name - Claim value: tester
Claim type: http://schemas.microsoft.com/identity/claims/objectidentifier - Claim value: 9190dd08-eb99-4def-8b0e-a0a9488c650a
Claim type: sid - Claim value: dd60ea4e-cc4f-4668-aee0-393ffb3e4dc0
Claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier - Claim value: IUUXhcy8YnK-X5x4Mxwvtxdi8H74eANcTnZj2ZmQxV4
Claim type: tenant_ctry - Claim value: HK
Claim type: tenant_region_scope - Claim value: AS
Claim type: http://schemas.microsoft.com/identity/claims/tenantid - Claim value: xxx30ae3-9092-49c9-bf6d-d74f680615e4
Claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name - Claim value: tester01#xxx.onmicrosoft.com
Claim type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn - Claim value: tester01#xxx.onmicrosoft.com
Claim type: uti - Claim value: YHjG3-pwckizlnGrWZhzAA
Claim type: xms_pl - Claim value: zh-HK
Claim type: xms_tpl - Claim value: en
As you see here OpenIdConnectOptions.cs, it says:
ClaimActions.DeleteClaim("ipaddr");
That means that it will be deleted by the handler. You need to do
write something like:
options.ClaimActions.Remove("ipaddr");
To make sure The OpenIDConnect handler does not remove that claim.
Related
A POST REST request having 3 body params as follows:
{
"name" : "ABC",
"age": 34,
"uniqueID": "12345sdfgh"
}
My requirement is to define constraints (type, maxlength, min length, regex, etc.) for each field name, age and unique id.
How can I define that?
There are some different ways to define it. The 'pure' RAML way it is to define a data type fragment for the data object using RAML definitions for types. Those should cover all your needs.
Example:
dataType.raml
#%RAML 1.0 DataType
type: object
displayName: Booking
properties:
BookingDetail:
type: object
required: true
displayName: "BookingDetail"
description: "BookingDetail"
properties:
Name:
type: string
required: true
displayName: "Name"
description: "Name"
example: "John"
NumberOfDays:
type: integer
required: true
minimum: 1
maximum: 10
API:
#%RAML 1.0
title: so-type
/bookings:
post:
body:
application/json:
type: !include dataType.raml
You can also use JSON schemas if you prefer:
/orders:
post:
body:
application/json:
type: !include schemas/OrdersSchema.json
One more thing, I think. To require input to comply with a regex, you might do this:
properties:
Name:
type: string
required: true
displayName: "Name"
description: "Name"
pattern: ^[-A-Za-z ]+$
example: "John"
That pattern is overly restrictive, but does match many Western traditional names. Your own regex is presumably more carefully constructed.
I can't figure out why after deploying this template I don't see any Authorizer for this API under the "Authorizers" tab on AWS console.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
Description here
Globals:
Function:
Timeout: 3
Resources:
ProductGet:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./
Handler: product-get.lambda_handler
Runtime: python3.8
Role: "particular role here"
Events:
ProductGet:
Type: Api
Properties:
Path: /product-get
Method: post
Auth:
Authorizers:
MyCognitoAuth:
UserPoolArn: "user pool arn here"
AuthType: "COGNITO_USER_POOLS"
DefaultAuthorizer: MyCognitoAuth
Figured out it.
You cannot define authorizers in "Events" section.
If your API needs an authorizer, you'll have to define that API as a separate resource and link it to the events using APIid.
Sample code below.
MyApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
DefaultAuthorizer: MyCognitoAuth # OPTIONAL
Authorizers:
MyCognitoAuth:
Type: COGNITO_USER_POOLS
# Can also accept an array
UserPoolArn: "user pool arn here"
ProductGet:
Type: AWS::Serverless::Function Properties:
CodeUri: ./
Handler: product-get.lambda_handler
Runtime: python3.8
Role: 'role ARN here'
Events:
ProductGet:
Type: Api
Properties:
Path: /product-get
Method: post
RestApiId: !Ref MyApi #This is how you need to refer to your API
Auth:
Authorizer: MyCognitoAuth
Error: Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED: The value for the field 'Date.$' must be a valid JSONPath at /States/Insert Data Dynamodb/Parameters' (Service: AWSStepFunctions; Status Code: 400; Error Code: InvalidDefinition;
below is the corresponding serverless.yaml code.
I tried wrapping the two parameters into encoded json string and passed it as single payload field and it resulted in the same error but when there is only one plain field in the payload this code deployed successfully
Any suggestions on how to pass two parameters?
service: service-name
frameworkVersion: '2'
provider:
name: aws
runtime: go1.x
lambdaHashingVersion: 20201221
stage: ${opt:stage, self:custom.defaultStage}
region: us-east-1
tags: ${self:custom.tagsObject}
logRetentionInDays: 1
timeout: 10
deploymentBucket: lambda-repository
memorySize: 128
tracing:
lambda: true
plugins:
- serverless-step-functions
configValidationMode: error
stepFunctions:
stateMachines:
sortData:
name: datasorting-dev
type: STANDARD
role: ${self:custom.datasorting.${self:provider.stage}.iam}
definition:
Comment: "Data Sort"
StartAt: Query Data
States:
Query Data:
Type: Task
Resource: arn:aws:states:::athena:startQueryExecution.sync
Parameters:
QueryString: >-
select * from table.data
WorkGroup: primary
ResultConfiguration:
OutputLocation: s3://output/location
Next: Insert Data Dynamodb
Insert Data Dynamodb:
Type: Task
Resource: arn:aws:states:::lambda:invoke
Parameters:
FunctionName: arn:aws:lambda:us-east-1:${account-id}:function:name
Payload:
OutputLocation.$: $.QueryExecution.ResultConfiguration.OutputLocation
Date.$: ${self:custom.dates.year}${self:custom.dates.month}${self:custom.dates.day}
End: true
Your Date.$ property has value of ${self:custom.dates.year}${self:custom.dates.month}${self:custom.dates.day}. Let's assume that:
const dates = {
"year": "2000",
"month": "01",
"day": "20"
}
The result will be Date.$: "20000120" which is not a valid JSON Path.
JSON Path needs to start with a $ sign and each level is divided by ..
Do you want to achieve something like this? $.2000.01.20?
As you see, the issue is not with passing 2 parameters but with wrong string JSON Path created by string interpolation for Date.$.
Some useful links:
https://github.com/json-path/JsonPath
https://docs.aws.amazon.com/step-functions/latest/dg/amazon-states-language-paths.html
I'm writing a service with a GET that can return one of five different but closely related types. Since the user wants the option of searching through all five types at once, it has to be a single get call. I'm returning JSON, which can easily handle any type.
I'm trying to do this in Swagger, using their polymorphism feature, which I've never tried before. I'm doing it just like in the example, except under "definitions" instead of "components/schemas". But I'm getting a strange error message that I can't understand. The swagger file is below. The error says this:
Schema error at definitions['Event'].discriminator should be string
It gives this on line 49, which says discriminator:
So, my two questions are: How can I fix it? And will this even give me what I need?
swagger: '2.0'
info:
description: RESTful API to retrieve Titles Metadata
version: 1.0.0
title: Swagger Mystery
schemes:
- https
paths:
/event:
get:
operationId: getEvent
summary: searches names
description: |
Search by names, across all types, or by a specific type.
produces:
- application/json
parameters:
- in: query
name: title
description: name to search for
required: true
type: string
- in: query
name: start
required: false
type: boolean
- in: query
name: type
required: false
type: string
description: |
May be "contest", "partner", "sponsor", or "dancer". If missing, will search for all types.
responses:
'200':
description: search results
# I also don't know why I need to comment these out.
# content:
# application/json:
# schema:
# type: array
# items:
# $ref: '#/definitions/Event'
'400':
description: bad input parameter
definitions:
Event:
type: object
discriminator:
propertyName: eventType
properties:
eventType:
type: string
id:
type: integer
format: int64
name:
type: string
description:
type: string
contests:
type: array
items:
$ref: '#/definitions/Contest'
required:
- id
- name
- description
- contests
- eventType
Contest:
allOf:
- $ref: '#/definitions/Event'
- type: object
properties:
parentEvent:
type: string
venue:
type: string
required:
- parentEvent
- venue
Dancer:
allOf:
- $ref: '#/definitions/Event'
- type: object
properties:
eventInvitationDate:
type: string
format: date
venue:
type: string
required:
- eventInvitationDate
- venue
# Sponsor:
# allOf:
# - $ref: '#/definitions/Event'
# - type: object
# properties:
# invitationDate:
# type: string
# format: date
# parentEvent:
# type: string
# partners:
# type: array
# items:
# $ref: '#/definitions/Partner'
Partner:
allOf:
- $ref: '#/definitions/Event'
- type: object
properties:
invitationDate:
type: string
format: date
parentEvent:
type: string
venue:
type: string
required:
- invitationDate
- parentEvent
- venue
# two problems:
# 1. Schema error at definitions['Event'].discriminator
# should be string on line 49 (discriminator:)
# 2. Resolver error:
# e is undefined
# (no line number)
# (This error goes away when I comment out Sponsor.)
The error occurs because you are mixing OpenAPI 2.0 and 3.0 syntax.
Your spec is swagger: '2.0' but the following is 3.0 syntax:
discriminator:
propertyName: eventType
In OpenAPI 2.0, the value of discriminator is the property name:
discriminator: eventType
Also, OpenAPI 2.0 assumes that the possible values of the discriminator property (in this case eventType) are exactly the same as the model names in definitions. That is:
If eventType can be event, partner etc. in lowercase, then the model names must also be in lowercase – event, not Event.
If eventType is some code like e, p, d etc., the model names must be e, p, d etc. instead of Event, Partner etc.
Check out questions for more examples of discriminator usage in OpenAPI 2.0:
Swagger Inheritance and Composition
“discriminator” in polymorphism, OpenAPI 2.0 (Swagger 2.0)
Swagger: variant schema shape dependant on field value
I'm using the Symfony Validator on it's own, without the forms component.
I have an entity which contains a child entity, currently I can validate that that field is an instance of the child entity, but I need it to also validate the child for it's constraints.
#validation.yml
# This is the entity I'm validating against, it checks the type but doesn't then validate
# it against the child entity below.
Greg\PropertyBundle\Entity\Property:
properties:
property_id:
- NotBlank: ~
- Type:
type: string
addresses:
- All:
- Type:
type: Greg\PropertyBundle\Entity\Address
# child entity
Greg\PropertyBundle\Entity\Address:
properties:
city:
- NotBlank: ~
- Type:
type: string
To call the validator I'm passing it in with DI to one of my services and doing this:
// Validate the data
$errorList = $this->validator->validate($data);
I have also tried it by passing in the following flags:
$errorList = $this->validator->validate($data, null, true, true);
By default validation is not delegated for objects in properties. If you want to invoke validation
process for children objects then you should use specific constraint "Valid".
So your validation script will be:
#validation.yml
# This is the entity I'm validating against, it checks the type but doesn't then validate
# it against the child entity below.
Greg\PropertyBundle\Entity\Property:
properties:
property_id:
- NotBlank: ~
- Type:
type: string
addresses:
- All:
- Type:
type: Greg\PropertyBundle\Entity\Address
# addresses is array of entities, so use "traverse" option to validate each entity in that array
- Valid: { traverse: true }
# child entity
Greg\PropertyBundle\Entity\Address:
properties:
city:
- NotBlank: ~
- Type:
type: string
More details about "Valid" constraint you can find here:
http://symfony.com/doc/current/reference/constraints/Valid.html