I wrote a jwt authentication custom handler for WSO2 API manager that I deposited in \wso2\wso2am-2.1.0\repository\components\lib
I declared my custom handler in the configuration file of my API (\wso2am-2.1.0\repository\deployment\server\synapse-configs\default\API\MyAPI.xml), in the
section handlers, just before handler "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"
It works.
My problem is that when I go through the publisher site (click on "Save", "Next Manage" or "Next Implement"), my configuration is overwritten and the jwt control is no longer realized.
Is my way correct?
Should the custom handler be positioned elsewhere?
What is the best practice for setting up a jwt check?
Thank you in advance for your answers
Did you try to declare your JWT custom implementation inside the identity configuration file?
The identity configuration path is:
~/wso2am-<your_version>/repository/conf/identity/identity.xml
And then you need to add the element IdentityOAuthTokenGenerator inside the OAuth element. like this:
<OAuth>
<IdentityOAuthTokenGenerator>com.your.package.YourJWTToken</IdentityOAuthTokenGenerator>
Should work.
Related
I want to use the module ps_facebook to send a catalog to Facebook but I need to change the name of the product sent.
I already sought and I found that's the module ps_eventbus that manages to load and decorate datas.
Unfortunately there is no hook. My only possibility is to rewrite a part of this service.
This service is loaded by the module ps_eventbus in the file decorate.yml and I want to change the call of this service by our specific service in our module.
So I wonder if it's possible to override properly the service PrestaShop\Module\PsEventbus\Decorator\ProductDecorator and how to do that ?
I suggest you check the Symfony documentation, here
https://symfony.com/doc/3.4/service_container/service_decoration.html
As it is not directly related to the PrestaShop itself. If this service is public, you can probably decorate it, as shown in the docs.
Scenario:
I have an API with .net core 2.2
On top my controller I authorize access using IdentityServer4 with an Attribute
Inside one of my endpoints I want to authorize access to a method only in some cases
I implemented resource based authorization inside my endpoint just like it's shown in microsoft documentation.
It didn't work.
I put a breakpoint inside my authorization handler and tried debugging, but when this handler should be called, it is not.
I mean that when the following line runs
var authorizationResult = await _authorizationService
.AuthorizeAsync(User, Document, "EditPolicy");
the Handler should be called, but that never happens.
Did anyone have the same problem?
So in the end the problem was due to the registration of the service in the startup.cs.
I was using TryAddScope, by changing to AddScope it worked fine.
For an employee questionnaire I would like to add an IBAN check to a textbox widget. Is it possible to add a library like https://github.com/arhs/iban.js as an external resource in App Maker? How do I have to implement a validation method once the library has been added.
You can easily add any external library. If library is available via CDN (Content Delivery Network) you can just add URL in Application Settings -> External Resources -> JavaScript URLs
otherwise you can upload the js file as app resource (Settings -> Resources) and use resource's URL instead.
The library will help you to validate input on client:
// onValidate event of input widget:
if (!IBAN.isValid(newValue)) {
return 'Please, provide valid account number';
}
But it will not help you with server side validation... So, end user can in theory compromise your system through dev console. You can try to copy/paste library's code to server script and make extra validation in onBeforeCreate and onBeforeSave model's events but most likely it will require some additional tweaks.
You may also consider using Regex to validate the IBAN - you won't need to worry about pulling in external JS then. This answer may be useful. With this regex, you can validate the string server side, which is more secure. This link has more information on validating RegEx in Javascript.
I'm looking at the source code for Microsoft.OWIN.Security.Google and am a bit confused and overwhelmed at how many classes there are to do such a simple thing (redirect, get a cookie, check it).
Can anyone explain how the various components fit together
Middleware
Extensions
etc
... so that I can write a custom provider
After some google-ing and trying different ideas in debugger I ended up with "copy-paste-edit" :)
here is a brief resume of classes
Extensions - nothing special, a helper:
// instead of using
app.Use(typeof(CustomAuthenticationMiddleware), app, options);
// you can use
app.UseCustomAuthentication(options);
Middlware - methods are used to attach authentication to owin pipeline
AuthenticationProvider - As I understand, this could be overriden outside, to be able to change some logic without rewriting whole thing. Has 2 methods:
Authenticated - is called when handler finishes all authentication in AuthenticationHandler.AuthenticateCoreAsync()
ReturnEndpoint which is called in AuthenticationHandler.InvokeAsync, just before external authetication.
But it appeared absolutely useless, when I tried to customize existing providers (google, facebook,...)
Handler - here is all the OAUTH2 functionality.
ApplyResponseChallengeAsync() - generates AuthorizationEndpoint URL and redirects useragent to authorization server
InvokeAsync() - handles the get to RedirectEndpoint (/signin-google or whatever was set up on authorization server) and returns the user to the starting controller(or callback). It is doing a redirect with all needed cookies set up
AuthenticateCoreAsync() - does all server side calls to authorization server. Creates all Identity.Claims necessary to create appropriate cookies before
I am using DotNetOpenAuth.AspNet for Facebook authentication. And everything works well.
However, I have to change app permissions so when a user logins I should request status_update permission. I've changed Permissions in Facebook app configuration, but I didn't get updated Login Window in my application.
Also I tried to handle OAuthWebSecurity.RegisterFacebookClient method call with passing extra data scope attribute, but without any access.
Does someone know how to request additional Facebook permissions using DotNetOpenAuth.AspNet?
EDIT:
When I try to do post I got this error:
(OAuthException - #200) (#200) The user hasn't authorized the application to perform this action
And this is what I get when I try to login to my app:
There is no status_update permission.
Thanks.
At this point you can't. Deep in the innards of DotNetOpenAuth.AspNet there is a class called FacebookClient. Within class is a method which is called "GetServiceLoginUrl".
This method in version 4.3.0 hardcodes the scope to "email".
If you go to the Nuget prerelease repository however, and get the prelease version 4.3.1 from there, the FacebookClient class comes with an additional parameter in the constructor - scope. You can add the permissions in there, and it will add them to the request url.
The pre-release package source is http://teamcity.dotnetopenauth.net:82/guestAuth/app/nuget/v1/FeedService.svc/
new FacebookClient(appId, secret, new[] {"email","manage_pages"});
and you should be good to go.