I'm trying to setup my Google Identity Toolkit so users can reset their passwords. I'm following the documentation here: https://developers.google.com/identity/toolkit/web/required-endpoints#send_email_url
I'm using the PHP Gitkit Client outlined here: https://github.com/google/identity-toolkit-php-client/blob/master/src/GitkitClient.php
Specifically the function getOobResults() on line 307 seems to be unhappy for some reason. Here's where I'm at:
User sets up account and logs in successfully
User then logs out and starts to log back in, enters email in and clicks "Forgot password"
reCaptcha is shown, click check box and then hit continue
At this point my 'Send Email URL' endpoint (gitkitEmail.php) is successfully called and the following POST is set to it (dropping the full '&response' param since it goes on for a while):
action=resetPassword&email=xodfebefa%40nada.ltd&challenge&response=03ACgFB9tGlNt2KAGhrVY....
I then take that string and parse it using parse_str(); since getOobResults() is looking for an array. However, response I get back is always:
{
"response_body": {
"error": "CAPTCHA_CHECK_FAILED"
}
}
I searched around but can't find any details on this error. Any help would be appreciated. I don't have a reCaptcha setup anywhere on my site, unsure if this is expecting me to do that and that's why it's failing? Also, I did bump all my code to a production environment and got the same error there as I did on my localhost.
Related
I hope you are doing fine :)
I have the following problem/problems.
I have created a dummy (robot) user. In Azure AD there is an App Registration with some Power BI delegated permission services.
I want to automate the deletion of a push dataset via a HTTP request.
For this, I need to authenticate against that App Registration from Azure AD. With postman, everything worked perfectly, I got the token as a response.
Then, I tried to make the same request using the HTTP connector in PowerAutomate.
I get the following error
{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: e6d68953-ce1c-4217-856c-ae3aada82e00\r\nCorrelation ID: f50db4d9-d5bb-4396-af11-214717721f43\r\nTimestamp: 2022-10-26 19:12:48Z","error_codes":[900144],"timestamp":"2022-10-26 19:12:48Z","trace_id":"e6d68953-ce1c-4217-856c-ae3aada82e00","correlation_id":"f50db4d9-d5bb-4396-af11-214717721f43","error_uri":"https://login.microsoftonline.com/error?code=900144"}
The connector looks like this->
I have tried other ways as well.
The following error ->
{"error":"invalid_grant","error_description":"AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: fec65949-0701-4727-af3b-2c2b8eb73a00\r\nCorrelation ID: 42c6c04b-98be-477d-8d36-52a01a473a40\r\nTimestamp: 2022-10-26 19:23:50Z","error_codes":[50126],"timestamp":"2022-10-26 19:23:50Z","trace_id":"fec65949-0701-4727-af3b-2c2b8eb73a00","correlation_id":"42c6c04b-98be-477d-8d36-52a01a473a40","error_uri":"https://login.microsoftonline.com/error?code=50126"}
I get from the the next HTTP connector inputs. I tried creating a query out of the previous json. It says the username or password are invalid but I logged in successfully for a number of times with those exact credentials. That I am sure of.
The dummy inputs in the picture are used to avoid the real ids, username and password.
This worked for me ...
Add a header setting Content-Type to application/x-www-form-urlencoded and add the URL form encoded content string like thus ...
client_id=<CLIENT_ID>c&grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=User.read
If you're using the password grant type approach, you shouldn't need a client secret, just the client ID.
I am currently running
library(googlesheets4)
sheets_auth()
dat=read_sheet("https://docs.google.com/spreadsheets/d/1R9XuH9Wej-p6HdkFGV2IsHuCmA9w0s7M3-jzE3S-Qrs/edit#gid=950673024", sheet="Summary", range=cell_rows(1:777))
and getting the following output.
Suitable tokens found in the cache, associated with these emails:
* dcallow#umd.edu
* ddcc2442#gmail.com
The first will be used.
Using an auto-discovered, cached token.
To suppress this message, modify your code or options to clearly consent to the use of a cached token.
See gargle's "Non-interactive auth" vignette for more details:
https://gargle.r-lib.org/articles/non-interactive-auth.html
The googlesheets4 package is using a cached token for dcallow#umd.edu.
>
> dat=read_sheet("https://docs.google.com/spreadsheets/d/1R9XuH9Wej-p6HdkFGV2IsHuCmA9w0s7M3-jzE3S-Qrs/edit#gid=950673024", sheet="Summary", range=cell_rows(1:777))
Error: Client error: (403) PERMISSION_DENIED
* Client does not have sufficient permission. This can happen because the OAuth token does not have the right scopes, the client doesn't have permission, or the API has not been enabled for the client project.
* The caller does not have permission
I am unsure if the issue is that it is forcing me to use the first email? Is it possible to change to the second token? But I am also confused about why I am no longer being asked to go into my google account to authenticate things?
Any ideas why this might be occurring? I am new to API's.
This could be because while you logged in using gs_auth, you must have selected the wrong permissions. To re assign your permissions, first deauth using gs_deauth() and then use gs_auth() and in the next option, enter 0 in the Selection: to re-initialize your accesses to google account.
Make sure in the browser window while assigning the permissions, you select the checkbox to read, write the spreadsheets.
Please comment if you're unable to do it.
Keep Coding!
For me the solution was:
googlesheets4::gs4_deauth()
googlesheets4::gs4_auth()
Then when you call the second one, DO NOT press 1 to select your email, instead press 0 to fetch a new token:
The googlesheets4 package is requesting access to your Google account.
Select a pre-authorised account or enter '0' to obtain a new token.
Press Esc/Ctrl + C to cancel.
1: your.email#gmail.com
you can try with this
library(googlesheets4)
gs4_auth_configure(api_key = "A..............bMGBUA")
you should create a api key in credentials
https://console.cloud.google.com/apis/credentials
i wait that it can help you
You can also
'Set GoogleSheet link to 'Anyone on the internet with this link can view' under the 'Share' button on the googlesheet page.
Then:
googlesheets4::gs4_deauth()
CellROSConc <- read_sheet("https://docs.google.com/spreadsheets/d/1bxTIKTNfv-n3Y-JMJCOlt14Ec3e4tSdBQZg-HiuypOY/edit?usp=sharing")
I have a login form created in Wordpress using Contact form 7. I'm tryig to pass parameters from this form to an external server. But it is not happening.
I am a designer, and not much of a programmer. I understand code(sometimes) but can not write it from the scratch.
I have designed a website for a client. This client has a "Flying Returns" like logistic membership system in which members get lots of perks in shipping etc. This system is on their own server. They want the users to log in to that system from this website.
So I have created a login form using Contact Form 7. I have set skip_mail: on; I have tried a few plugins login, but either they dont log into different servers or are expensive, or does not yield correct URL and hence does not log into the system. Therefore I have finally decided to make it happen using code.
Their programmer has given me following JS code that will take the parameters from this form and pass on to their system. IF the parameters are correct, then the user is logged into the system and taken to the member's dashboard page on their server (not my website/server), else it returns an error message, {"error":"Login Data Incorrect.."}
I have tried to put this code with in the contact form. Here is the code (i've hidden the actual IP address, sorry):
<script>
document.addEventListener( 'wpcf7submit', function( event ) {
alert( "Fire!" );
document.location.href="http://49.XXX.XXX.202:XXXX/glslink/servlet/GPLogin?password="+$('#password').val()+"&emailid="+$('#emailid').val();
}, false );
</script>
If I remove the document.location line, it shows the alert. But the above, in its entirety does nothing. If I use the URL, replace variables with actual values and paste it browser, it logs me into the system without a hitch.
I have tried quite a few different codes which I could find as possible solution on internet, this site including, but to no avail.
Please help me out. I want the email and password to be passed to this external server, if they are correct then the user should log in and see their dashboard there. Else if it gives the above mentioned error message, then I should be able to reset the form and give an error message to the user.
I have a PL/SQL application which has a log out button with following code being executed when log out button is clicked:
-- Open the HTTP header
owa_util.mime_header('text/html', FALSE, NULL);
-- Send a cookie to logout
owa_cookie.send('WDB_GATEWAY_LOGOUT', 'YES', path=>'/');
-- Close the HTTP header
owa_util.http_header_close;
-- Generate the page
htp.p('You have been logged off from the WEBSITE');
htp.p('click here to log in');
htp.p('<BR>bye');
It works perfect when using internet explorer, however when I use mozzila when I log back in I am still logged in as previous user. Has anyone else been in this situation? How can I make this work for mozilla as well?
I got this code from oracle documentation page:
https://docs.oracle.com/cd/B13789_01/server.101/b12303/secure.htm
Thanks in advance!
I've found it best to set and unset your own session cookie. Then use owa_custom to verify the cookie.
In the dad.config file add:
PlsqlAuthenticationMode CustomOwa
Then create a package in your schema: called owa_custom and add one function inside: owa_custom.authorize
owa_custom.authorize will be called before each web invocation. You can check your session cookie and if you want to allow the web call return true. To block, return false and the user will get a 403 forbidden.
Then if you like you can write a custom 403 forbidden page and redirect to your login page.
Just know that in 12C, mod_plsql is going away and you'll need to use the Oracle Rest Listener. The same functionality exists there. Things just have different names.
I have only recently been looking into ACS, AAL, WAAD and I would like to avoid redirecting users to the login page of their IDP. I want to keep my users within my site and present them with a dropdown to choose who they wish to authenticate with and an area to request a username and password, then acquire token via code. Is this possible?
I have been reviewing some sample applications and produce a quick mock-up, but cant seem to get things working e.g.
_authContext = new AuthenticationContext("https://littledeadbunny.accesscontrol.windows.net");
string enteredEmailDomain = UserNameTextbox.Text.Substring(UserNameTextbox.Text.IndexOf('#') + 1);
IList<IdentityProviderDescriptor> idpdList = _authContext.GetProviders("http://littledeadbunny.com/NonInteractive");
foreach (IdentityProviderDescriptor idpd in idpdList)
{
if (String.Compare(ServiceRealmDropDownList.SelectedValue, idpd.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
Credential credential;
credential = new UsernamePasswordCredential(enteredEmailDomain, UserNameTextbox.Text, PasswordTextbox.Text);
_assertionCredential = _authContext.AcquireToken("http://littledeadbunny.com/NonInteractive", idpd, credential);
return;
}
}
Using the code above, when I try to use the Windows Azure Active Directory User (admin), i get the error "Data at the root level is invalid. Line 1, position 1." where I attempt to acquiretoken.
When I use Google, I get an error "0x8010000C: No identity provider matches the requested protocol".
If there is a working sample? if I am doing something obviously wrong, I would appreciate the correction.
This is not supported for passive identity providers. IdPs like Google, Facebook, etc. don't want other people collecting credentials for them, as this leads to security issues and possible phishing attacks. They also don't support it because they need to be able to show a permission dialog (that screen that asks the user if they want to release data to you) which they can't do without the browser redirecting to them. Furthermore, Google in particular supports two-factor auth, which you couldn't replicate, and generally collecting credentials opens up whole cans of worms around other UI problems such as incorrect or forgotten passwords.
This is also generally a bad user experience, because your users are fairly likely to already be logged in to Google and have cookies there. If so, and if they've already consented to your app, they would just be silently redirected back to you. In your scenario, even if the user is already logged in they'd still have to provide a username/password.
The correct way to do these sorts of logins is to render a browser control in your app that allows the user to log in at their IdP, which is what AAL helps with.
I had the same error, executing a powerscript solved that error
PS C:\windows\system32> $replyUrl = New-MsolServicePrincipalAddresses
-Address https://mydomain.accesscontrol.windows.net/
PS C:\windows\system32> New-MsolServicePrincipal -ServicePrincipalNames
#("https://mydomain.accesscontrol.windows.net/") -DisplayName
"MyDomain Namespace" -Addresses $replyUrl
But i'm stuck anyway with a 403 permission error
If you get any further i would like to know how :)