I want to create a token for card with given API call https://developer.cybersource.com/api-reference-assets/index.html#token-management_payment-instrument_create-a-payment-instrument as CyberSource's Intro video suggests. With default credentials that sandbox provide(testrest merchant) everything goes fine but when I use my credentials generated in https://ebc2test.cybersource.com I am always getting next error(I don't edit initial request that sandbox provides; with this exact request and default credentials CyberSource generates token and successfully returns it to API test page)
{
"errors": [
{
"type": "forbidden",
"message": "Invalid profile owner"
}
]
}
I have tried to use merchant API shared key/secret as well as user-specific credentials from the same merchant profile.
What I did wrong(may be I need to change smth in merchant profile) and what I need to do to make it work ?
We had the same problem. It was related to the profileId. The hard coded profile id isn't valid. You need to get your own profile id from customer support. From what I gather the profile id is used to reference your specific tokens. It's a discount double check if you will that the tokens you are inputting are connected to your account.
The profile id within a REST API context is assigned by CyberSource within the Gateway account and with TMS is a specific id for your TOKEN MANAGEMENT collection.
Related
I have created a new Rest API credentials for a customer.
Now I am using the following api to get the orders for that particular user.
/wp-json/wc/v3/orders
but I get the following error in the response
{
"code": "woocommerce_rest_cannot_view",
"message": "Sorry, you cannot list resources.",
"data": {
"status": 403
}
}
I have tried with both basic auth and keys in url parameter, but it's not working. If the rest api belongs to that particular user then it should return the users order but it is giving me error.
Please help
Even I am not able to get the product list with the customer's api credentials.
A few things:
The REST API doesn't belong to a customer, it's just WooCommerce functionality.
You need to create API keys for yourself - the user that will be using the REST API. Not for the customer whose information you need. If THAT customer will be using your site's REST API, he will need his own credentials.
The endpoint you're using will give you all orders. For a specific one, you need to use this endpoint: /wp-json/wc/v3/orders/<id> (replace "<id>" by an order ID).
For orders of a specific customer, you can add a customer parameter (List all orders documentation
In the Postman Authorization tab, choose "Basic Auth", enter the key and secret there, and test it with the "All orders" endpoint. That should work.
I have a service account, and I downloaded the credentials that look like:
{
"installed":{
"client_id":"abc123",
...
}
}
And I go through the procedure of running the node.js based code which attempts to create the token file with getNewAccessToken, and it gives me the prompt:
Authorize this app by visiting this url: https://accounts.google.com/o/oauth2/v2/auth?ac...
When I go to the link, it asks me to log in with my google account.
That sets the token and I can send google calendar events where the calendar id is set to primary (and it is set to be from me) but I can't set the calendar id to John.Smith#mycompany.com
It says
{
"domain": "calendar",
"reason": "requiredAccessLevel",
"message": "You need to have writer access to this calendar."
}
I am not sure how to make it so my service account can be used to send events on behalf of our staff members. Is it because when authorizing I logged in as my account instead of the service account, and if so, how do I authorize as the service account.
Update: I am using the code provided in the google calendar api quickstart guide
I am setting up an instance of WSO2 API manager, and want to give developers access to the API "store" pages by linking it to my existing OpenID Connect identity server (OpenAM). I've added the OIDC configuration into the store configuration file (wso2am-2.6.0/repository/deployment/server/jaggeryapps/store/site/conf/site.json) with all the details of the authorise, token, userinfo endpoints, etc.
When users click login in the store, it is correctly redirecting them to OpenAM to login, and passing an access token back to the store app. I've also ensured some of the required claims are returned from the userinfo endpoint (like preferred_username). I'm also returning a "groups" claim listing the groups the user should be in "subscriber" for example.
The claims I'm returning from userinfo are:
{
"address":{
"formatted":"My House"
},
"given_name":"Danny",
"family_name":"Developer",
"name":"Danny Developer",
"preferred_username":"Danny Developer",
"groups":[
"subscriber"
],
"email":"adam.hatherly#nhs.net",
"sub":"developer1"
}
However, whatever I try with claims and group names, the store still gives the error message "User is not permitted to log in to the Store.". I assume there's something else I need to add in either the access token or userinfo endpoint
claims list to make the store app accept the user, or some other config in the store or carbon console?
The reason for the user login issue is that the user does not have relevant permissions to log in to the store. User needs to have internal/subscriber role assigned to it. Since the user is coming from OpenAM and APIM does not have any information to authorize it, login fails.
For this either you should share the user OpenAM user store with APIM (say a shared LDAP) and assign users with internal/subscriber role or use a custom code to add the user to the APIM user store and assign the role.
Another easiest option is to create a user in APIM side (add a dummy password) with subscriber role. but this is not a suitable solution if you do not know all the users
At first, just yesterday everything worked. But from this morning, I got the case.
On back-end (NodeJS) I generate custom token with auth().createCustomToken(SOME_ID)
Then, when I call on client side signInWithCustomToken() with token I got from back-end, I get the next error:
{
code: "auth/invalid-custom-token",
message: "The custom token format is incorrect. Please check the documentation."
}
In logs there's a POST to https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=MY_API_KEY, with params { returnSecureToken: true, token: MY_GENERATED_TOKEN } with status 400 and response
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "INVALID_CUSTOM_TOKEN"
}
],
"code": 400,
"message": "INVALID_CUSTOM_TOKEN"
}
}
So, did google introduced some breaking changes or what?
**
Manage User Sessions
**
Firebase Authentication sessions are long lived. Every time a user signs in, the user credentials are sent to the Firebase Authentication backend and exchanged for a Firebase ID token (a JWT) and refresh token. Firebase ID tokens are short lived and last for an hour; the refresh token can be used to retrieve new ID tokens. Refresh tokens expire only when one of the following occurs:
The user is deleted
The user is disabled
A major account change is detected for the user. This includes events like password or email address updates.
The Firebase Admin SDK provides the ability to revoke refresh tokens for a specified user. In addition, an API to check for ID token revocation is also made available. With these capabilities, you have more control over user sessions. The SDK provides the ability to add restrictions to prevent sessions from being used in suspicious circumstances, as well as a mechanism for recovery from potential token theft.
https://firebase.google.com/docs/auth/admin/manage-sessions
On the client side such as Angular. If you use the AngularFire2 you can use a command called signInWithCustomToken(clientToken) and pass the customToken. This will provide you with an acceptance to sign in or a rejection.
If firebase rejects, then take the rejection and either redirect the user to a login page using routes or just provide a way to login. Your call.
Just remember to let Firebase handle the decoding of the JWT. Provides better security if you do not show decoding on your side.
I had the same problem. The reason was that the token was expired.
The Firebase SDK throws the same error: auth/invalid-custom-token error for both malformatted tokens and expired tokens.
Hopefully, the error handling improves soon, in the meantime developer can check to see if a token is expired by using a client side library like jtw decode and checking the "exp" timestamp and comparing to the current time.
timeSeconds=TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
expSeconds = timeSeconds + 60L * 60L;
and set claims to this values
.claim("iat", timeSeconds)
.claim("exp", expSeconds)
the result from verification:
"kind": "identitytoolkit#VerifyCustomTokenResponse",
"idToken": "",
"expiresIn": "3600",
"isNewUser": true
stackoverflow.com/questions/45110441/firebase-auth-invalid-custom-token
I am using auth0 for authentication. I want to fetch all users including their roles. I generated token in auth0 and when I try to execute it in Postman or fiddler tool, Sometimes it's giving roles and sometimes not. Same thing is happening in application also.
If I add manually in app metadata in role property as below, Then information is coming.
{
"authorization": {
"groups": [
"Admins",
"Users"
],
"roles": [
"Admin"
],
"permissions": []
}
}
But I fill, that if I change in authorization tab, It should effect here also.
Below is my code,
var apiUser = new ManagementApiClient("<<Token>>", new Uri("https://<<Domain>>/api/v2"));
IPagedList<User> allUsers = await apiUser.Users.GetAllAsync();
Do I need to clear cache in auth0, If yes then how?
Based on the information you provided it seems that you're using the Auth0 Authorization extension to configure user role information.
If this is the case you should notice that the extension logic is run at login time by the means of a rule. When you have that extension installed you should also have a companion rule; in my account the rule is named auth0-authz and should be the same for your case assuming version 2.0 of the extension.
The impact of this is that the roles are surfaced at the user level at login time, so any changes to the configured roles will be seen next time the user logins.
Note: Since this logic is part of a rule it will only be executed in the context of a login. If users are added to or removed from a group this will only be reflected within Auth0 after this user logs in again (eg: in the user's app_metadata or when calling the /userinfo endpoint).
You're querying the users directly through Auth0 Management API which may lead to the situation where the roles currently stored at the user profile are not up-to-date. If you are seeing stale information then this might be the cause.
On the other hand if your problem is not exactly this one, please provide further information and if possible steps to reproduce. For example, do the roles information show for one user but not the other or does it show for user A in one response, but then if you make another request the response does not include role information for that same user A?
I was not using the authorisation extension, but rather the standard role. So I've had to create the below rule.
More info here : http://isbyr.com/return-user-roles-in-auth0/
function (user, context, callback) {
// Get the user roles from the Authorization context
const assignedRoles = (context.authorization || {}).roles;
// Update the user object.
user.rolez = assignedRoles;
callback(null, user, context);```