When using ASP.Net Core's authentication for Google, I'm performing the following scenario:
Click to login via Google.
Log into Google successfully. At this point I am returned back to my application and I am able to move on my with process. The user claims were returned as expected.
Immediately go back to step 1 and try to login via Google again with the same account. If prompted at Google, select the same account/enter the credentials again.
At this point I now receive the below error.
If I wait a period of time, perhaps 30 minutes, if I start at step 1 again, I don't encounter the issue until I again reach step 4. If I restart my IIS ApplicationPool for my Core project, I can follow the above scenario where step 1 works, but then step 4 shows the issue.
I have searched what feels like endlessly online to no avail. Does anyone have anything they can suggest? Why would this work the first time, and then fail on second, third attempts?
I'm receiving the below error when following the scenario above on my Google Pixel 3 XL phone:
System.Exception:
SocialLoginController|Error|OAuth
token endpoint failure: Status: BadRequest;Headers: Vary: X-Origin,
Referer, Origin,Accept-Encoding Date: Sun, 03 Mar 2019 09:35:45 GMT
Server: ESF Cache-Control: private X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39" Accept-Ranges: none
Transfer-Encoding: chunked ;Body: { "error": "invalid_grant",
"error_description": "Bad Request" };
The code in my Startup.cs class for Google's authentication is as follows:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(options =>
{
options.LoginPath = "/login";
options.LogoutPath = "/signout";
});
services.AddAuthentication().AddGoogle(socialProvider.ProviderName, o =>
{
o.ClientId = [REMOVED]
o.ClientSecret = [REMOVED]
o.UserInformationEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo";
o.ClaimActions.Clear();
o.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
o.ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
o.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
o.ClaimActions.MapJsonKey(ClaimTypes.Surname, "family_name");
o.ClaimActions.MapJsonKey("urn:google:profile", "link");
o.ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
o.CallbackPath = string.Format("/signin-{0}", socialProvider.ProviderName.ToLower());
o.SaveTokens = true;
o.Events.OnRemoteFailure = ctx =>
{
string message = UrlEncoder.Default.Encode(ctx.Failure.Message);
if (!string.IsNullOrEmpty(message) && message.Length > 1500)
{
message = message.Substring(0, 1499);
}
ctx.Response.Redirect(errorRedirectUrl + message);
ctx.HandleResponse();
return Task.FromResult(0);
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
Please also see the image below that shows the error when I have enabled "UseDeveloperExceptionPage".
FYI, I am completely unable to replicate the issue on my iPhone and my Desktop PC - I never receive the issue and I can make as many login attempts as I want, the issue never seems to arise on these devices.
I'm lost!
I was able to identify my issue here which turns out to be unique to any other answer I found with the same error I experienced above.
Issue: On my Pixel device, I have an application (My-App) that runs against the same domain that I was accessing in my Chrome browser. When clicking to login via Google, I remember it asked me if I wanted to 'Open in Chrome' or 'Open in My-App', and I always selected 'Open in Chrome'.
I uninstalled My-App, and now I am unable to replicate the issue. The issue is gone. I tried the scenario many times to no avail, every time it worked! When I re-installed My-App, the issue came back.
Fix: the problem that I need to resolve is running my Core project on a different domain other than the domain My-App is running, so there won't be a confusion on the device about whether Chrome should open or My-App should open. Hopefully that will be my fix!
Thanks for reading.
Related
I posted this on the plugin support page, but maybe someone here has experienced the same thing.
I am developing a web application that uses WordPress as a backend (Headless). That is, I consume the WordPress resources and database from the app created in Vue with Node.js through the Rest API.
User creation is simple and I have it figured out. What I’m having problems with is the login.
Apparently (and according to WordPress) the plugin Simple Wordpress Membership is blocking the login.
More details now:
I send my app username and password to WordPress by Rest API using node-fetch (GET method).
In WordPress I have an Endpoint inside a Custom Plugin (code below).
This endpoint retrieves the URI parameters and sends them to wp_signon to sign in.
If wp_signon succeeds in logging in, it returns the user’s data. If not, it returns an error array.
This is the custom endpoint en WP:
`// Register REST API endpoints
class Login_REST_API_Endpoints {
/**
* Register the routes for the objects of the controller.
*/
public static function register_endpoints() {
// endpoints will be registered here
register_rest_route( 'wp', '/login', array(
'methods' => 'GET',
'callback' => array( 'Login_REST_API_Endpoints', 'login' ),
'permission_callback' => '__return_true'
) );
}
/**
* #param WP_REST_Request $request Full data about the request.
* #return WP_Error|WP_REST_Request
*/
public static function login( $request ) {
$data = array();
$data['user_login'] = $request["email"];
$data['user_password'] = $request["password"];
$data['remember'] = true;
$user = wp_signon( $data, false );
if ( !is_wp_error($user) ){
return $user;
} else {
return $error = json_encode(array('error' => true));
}
}
}
add_action( 'rest_api_init', array( 'Login_REST_API_Endpoints', 'register_endpoints' ) );`
So far so good. The problem appears when I activate the SWPM plugin.
I start getting this response (the asterisks are intentional, to hide the real info):
{ "code": "wp_die", "message": "<p>Warning! The Simple Membership plugin cannot process this access request to prevent you from accidentally logging out as WP admin.<\/p><p><a href=\"https:\/\/*********\/wp-admin\/profile.php\" target=\"_blank\">Click here<\/a>to see the profile with which you are logged in in this browser.<\/p><p>In this browser you have connected to the site as an administrator user. First, log out as WP admin and then you will be able to log in as a member.<\/p><p>Alternatively, you can use a different browser (where you are not logged in as an administrator) to test membership access.<\/p><p>Your frequent visitors or members will never see this message. This message is ONLY for the admin user.<\/p>", "data": { "status": 500 }, "additional_errors": [] }
And these are the headers when the error happens (the asterisks are intentional, to hide the real info):
Date: Sat, 11 Feb 2023 02:58:36 GMT Server: Apache Set-Cookie: swpm_session=52883ad4e8ad887e7***************; path=/ X-Robots-Tag: noindex Link: <https://******/wp-json/>; rel="https://api.w.org/" X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Content-Length: 890 Connection: close Content-Type: application/json; charset=UTF-8
I already tried:
Close all sessions.
Delete cookies and cache.
Deactivate plugin and activate them one by one.
Test with different browsers.
Try with Insomnia.
And nothing works.
The only thing I have noticed is that when SWPM is disabled, the request is successful (code 200).
Could you please give me some idea of what might be going on and how I could fix it?
In use:
Simple Wordpress Membership 4.2.4. (link)
Wordpress 6.1.1.
New data:
When I GET request from Insomnia, if the SWPM plugin is active, I get a 500 error in the response body. But if it’s inactive, I get the 200 code, user data in the body, and WP login cookies in the header.
Insomnia’s settings say that it automatically stores these cookies and sends them when they are needed.
Now (the interesting thing) if I reactivate the SWPM plugin and do GET, I get code 200, the user data and NEW WP login cookies + SWPM login cookies.
From then on, all the requests you make to WP will be code 200. Logically, in each login request the cookies change.
Now, if I copy these cookies to my fetch code in Node.js, I also get 200 code from WP, even if the SWPM plugin is enabled.
Logically, these cookies expire and it is not something that can be used in production, but this information may help to solve the problem.
I am trying to send the user data (email and password) from Node.js to Wordpress via Rest API (GET) so that the user can log in to Wordpress.
I hope to receive an answer code 200.
I am currently getting response code 500.
I am running into a strange issue with What I believe to be IIS related. I have developed an ASP.NET Web API running on DOTNET4.6. This API receives a json payload in its body when it is called from a different system. It then takes that information and calls the GitHub API at api.github.com with a personal access token in order to create a repository for me.
The outline above might be irrelevant to the situation but here is the problem:
Problem
When running in debug mode, this API works as expected. I can do postman POST request and all operations are completed as expected and I can see my new repo on GitHub.
When publishing the service and moving it to one of our IIS servers. Thing start to get messy and annoying. Doing a POST request results in a json response {"message":"An error has occurred"}. I know for a fact that this happens before my code is even reached and these are not one of my error handling messages. The response is a 500 Internal Server Error.
What I have tried
I tried investigating the source of the issue bu running the request in different ways. IIS logs give me nothing.
I ran the following request in the Chrome Developer console:
var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
var raw = JSON.stringify({"timestamp":1589452400243,"webhookEvent":"item_created"});
var requestOptions = {
method: 'POST',
headers: myHeaders,
body: raw,
redirect: 'follow'
};
fetch("https://myiisserver/Integration/api/GitRepoSetu?clientid=aclientid&clientsecret=aclientsecret", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));
unfortunately, this yields the same result and there is no useful information whatsoever. only a 500 internal server an a message stating "An error has occurred"
can anybody point me in the right direction as to where I can look to find an indication of what is actually going on? Previously, I had CORS policy issues and attempted to resolve them by installing the CORS NuGet package and configuring it on my Controller. The cors error were only thrown in the chrome dev console and never in postman. I am at my witts end trying to figure this out.
I'm experiencing a strange behavior. Got a Custom Vision service deployed on Azure. It contains a single project with no published models.
Using the HTTP REST Api and querying for projects, it correctly returns a list of (one) projects as shown below:
GET https://westeurope.api.cognitive.microsoft.com/customvision/v3.0/training/projects HTTP/1.1
Host: westeurope.api.cognitive.microsoft.com
Training-Key: {MY_TRAINING_APIKEY}
apim-request-id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
Date: Thu, 02 May 2019 18:57:25 GMT
Content-Length: 605
Content-Type: application/json; charset=utf-8
[{
PROJECT_DATA
}]
But, if I try to use the service via C# SDK using:
Microsoft.Azure.CognitiveServices.Vision.CustomVision.Prediction
Microsoft.Azure.CognitiveServices.Vision.CustomVision.Training
both 1.0 version, every time I got:
Microsoft.Azure.CognitiveServices.Vision.CustomVision.Training.Models.CustomVisionErrorException:
'Operation returned an invalid status code 'NotFound''
This is the code snippet using the SDK.
using (CustomVisionTrainingClient client = new CustomVisionTrainingClient())
{
client.ApiKey = "{MY_TRAINING_APIKEY}";
client.Endpoint = "https://westeurope.api.cognitive.microsoft.com/customvision/v3.0/Training/";
var projects = client.GetProjects();
}
Interesting fact: trying to use both Training and Prediction clients on currently working Custom Vision project (with deployed models too) I keep getting NotFound error on every SDK method.
Am I missing something?
Thanks in advance.
Fabio.
For CognitiveServices Vision clients, you need to provide the base URI as the Endpoint property, not the entire API endpoint. The client SDK itself will add the remainder of the path (including the version) depending on the method you call.
So in your case you need to do the following:
using (CustomVisionTrainingClient client = new CustomVisionTrainingClient())
{
client.ApiKey = "{MY_TRAINING_APIKEY}";
client.Endpoint = "https://westeurope.api.cognitive.microsoft.com";
var projects = client.GetProjects();
}
Hello i am getting an error when using Microsoft graph api, i am getting a 403 error when I am updating a planner task.
StatusCode:403,
ReasonPhrase:'Forbidden',
Version:1.1,
Content:System.Net.Http.StreamContent,
Headers:{
Transfer-Encoding: chunked request-id:7 c6e6c64-60e8-4d65-a248-c91841f8f8ca client-request-id:7 c6e6c64-60e8-4d65-a248-c91841f8f8ca x-ms-ags-diagnostic:{
"ServerInfo":{
"DataCenter":"North Europe",
"Slice":"SliceC",
"Ring":"3",
"ScaleUnit":"001",
"Host":"AGSFE_IN_70",
"ADSiteName":"NEU"
}
} Duration:184.823 Strict-Transport-Security: max-age=31536000 Cache-Control: private Date:Wed,
03 Oct 2018 06:24:41 GMT Content-Type:application/json
}
}
I have created my own plan to create tasks and assign them accordingly. This application used to work without any issue but suddenly it started throwing this issue.
This issue only occurs on the update, other functions like the read, create and delete work without any issue.
I have full office 365 admin rights, so it is not admin related issues. I have looked at the Graph Api on Git Hub to see possible causes of this problem. In the git hub it states if a particular code is shown it can be referenced to the cause of the problem but there is no code provided
Planner Api Documentation
Any help would be appreciated to solve this issue
This was solved through trial and error.
The problem with it was due to me trying to modify the PlanId which i found out cannot be modified on update.
Once the PlanId part was removed from the api post request it updated without any issue
I have read emails from Exchange online in c#.net using Office 365 API, but getting some issue on response object
(HttpResponseMessage response = await client.SendAsync(request))
i.e
{StatusCode: 403, ReasonPhrase: 'Forbidden', Version: 1.1, Content:
System.Net.Http.StreamContent, Headers:
{
Transfer-Encoding: chunked
request-id: a0983ea5-313d-4234-b1c6-249f3359c71c
client-request-id: a0983ea5-313d-4234-b1c6-249f3359c71c
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"SouthEast
Asia","Slice":"SliceB","ScaleUnit":"002","Host":"AGSFE_IN_3","ADSiteName":"SIN"}
}
OutBoundDuration: 906.2963
Duration: 1177.9769
Cache-Control: private
Date: Wed, 23 Dec 2015 12:08:42 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Type: application/json
}}
For more information :
Please refer this link : http://dev.office.com/getting- started/office365apis
Provide required information login,app name etc.
Download app and run your system
In run time ,error occurred on response object
So Please tell me how to fixed it and let me know if any information required.
Please help me out.
Thanks,
Sheena
You have to register your application on Azure Active Directory (AAD) and set the application permissions to read emails in your app registration.
Check out this presentations starting fromr slide #24:
http://www.mostafaelzoghbi.com/2015/10/identity-and-office-365-presentation-on.html
Hope this helps.
Exchange mailbox access by API was disabled for that account. Please follow https://msdn.microsoft.com/en-us/library/office/dn467892(v=exchg.150).aspx to enable it, e.g. Set-CASMailbox –Identity adam#contoso.com -EwsEnabled:$true