WSO2 Where are the Claims stored? - wso2-api-manager

I thought the claims should be stored in UM_CLAIM in the user store but mine is empty, however when I enable JWT in the header I'm getting X-JWT-Assertion populated with values. I've also checked IDP_CLAIM in the AM db.

Since you have not specified what is the version of WSO2 API Manager that you are using, I am answering this question targeting API Manager latested released version 2.1.0.
For WSO2 API Manager the claim related tables are below.
IDN_CLAIM
IDN_CLAIM_DIALECT
IDN_CLAIM_MAPPED_ATTRIBUTE
IDN_CLAIM_MAPPING
IDN_CLAIM_PROPERTY
And you should be able to see data related to claims stored in this tables if you can successfully get the X-JWT-Assertion when invoking the API.
Check whether you have uncommented all the default values as denoted in the Configuring JWT section of the documentation.

Related

How to add Azure custom Policy for Azure Data Factory to only use Azure Key Vault during the Linked Service Creation?

How to add Azure custom Policy for Azure Data Factory to only use Azure Key Vault during the Linked Service Creation for fetching the Data Store Credentials instead of credentials being put up directly in ADF Linked Service. Please suggest ARM or PowerShell methods for the policy implementation.
As of yesterday, the Data Factory Azure Policy integration is available which means you can now find some built-in policies that can be assigned to ADF.
One of those is exactly what you're asking for as you can see in the image below. You can find more information here
Edit: Based on your comment, I'm editing this answer with the info you want. When it comes to custom policies, it's pretty much up to you to come up with them and create what fits your needs. In your particular case, I've created one policy that does what you want, please see here.
This policy will audit your data factory linked services and check if they're using a self-hosted integration runtime. Currently, that check is only done for a few types of integration runtimes (if you look at the policy, you can see 5 of them) which means that if you want to check more types of linked services, you'll need to add them to the list of allowed values and select them when assigning the policy definition.
Bear in mind that for some linked services types, such as Key Vault, that check won't make sense since that service can't use a self-hosted IR

How to update billing information for a Flex Token?

Currently, I'm working with 2 apps where user can generate a payment token associated with their account. 1 uses the Secure Acceptance Hosted Checkout and the other uses Flex Microform. 1 possible case involves the user's card being captured via the Microform and then later updated via the Hosted Checkout.
The docs mention being able to replace the billing info associated with the Flex token, but it's unclear the mechanism available. I'm aware that the Hosted Checkout supports updating this info, but it's preferred to make the update without prompting the user via the Hosted Checkout so the user never needs to see the default address or require putting in their address twice. Is there an endpoint that can be uses to achieve this?
I don't know if it's the intended way of doing things for cybersource, But there is a soap service named "paySubscriptionUpdateService" in the simple order (soap) api that allowed me update the name & address on a token generated via the flex api.
You can take a look at the simple order API documentation on cybersource website - chapter 7 "Updating a subscription"
https://developer.cybersource.com/library/documentation/dev_guides/Recurring_Billing/SO_API/Recurring_Billing_SO_API.pdf
I'm sure there is a way through rest API too, I'm not sure how to do it yet. I'll circle back if I see something

Firebase browser key API restrictions

When creating a new project Firebase generates browser API keys automatically in the GCP API credentials. This is the same API key that is set in the Firebase Web client SDKs and is publicly available.
By default the key has no restrictions, so it's prone to quota stealing for every API enabled for that project. Surprisingly I have not found information about securing this key in the Firebase documentation.
So I took two extra steps to secure the key:
Added HTTP referrer restriction to allow requests from my domain only.
Added Identity Toolkit API to the list of allowed APIs. Experimentally I've figured out that it's enough for Firebase Auth and Firestore to work.
Added Token Service API. This is needed for refresh tokens to work and keep the authentication.
My question is mostly related to points #2-3. What are the APIs that needs to be enabled for various components of Firebase to work on the web?
I also enabled those same two APIs, but I used the Metrics Explorer to see what the various Firebase-created keys had been using based on actual traffic.
In GCP,
Go to Monitoring -> Metrics Explorer
Click 6W in the time range above the graph
Resource Type, start typing consumed_api and select it
Metric, choose Request Count
Group By, type credential_id, select it, then type service, and select it
Aggregator, select sum
By now, the legend for the graph should list all the credential ids and which services they used in the last 6 weeks. You should be able to figure out the APIs from the service.
You can use Filter to filter by credential_id if the results are too noisy.
By default the key has no restrictions, so it's prone to quota
stealing for every API enabled for that project.
This is indeed possible and I am able to make e. g. Google Maps API call with the auto generated Firebase API key.
Such preconfigured behaviour was certainly unexpected and I am now experimenting with the restrictions as per the extra steps described in the original question.

Quickbooks API + Jupyter Notebook

I am creating a Jupyter Notebook (http://jupyter.org/) in order to pull financial data from our current accounting software (Quickbooks Online).
I've worked through Quickbook's API explorer, but cannot find any documentation related to authorization for Quickbooks API; each request that I submit via the Jupyter Notebook is an authentication error.
I was wondering if there is a simple command (e.g quickbooks.apikey = [API KEY]) that I can use to pass my API key and authenticate properly.
NOTE: I do not need this to be a production-server so I do not think OAuth is necessary - just need to pass along my API key so that I can pull down a Report locally.
Thanks!
but cannot find any documentation related to authorization for Quickbooks API;
Here you go:
https://developer.intuit.com/docs/00_quickbooks_online/2_build/10_authentication_and_authorization
I was wondering if there is a simple command (e.g quickbooks.apikey = [API KEY]) that I can use to pass my API key and authenticate properly.
Authentication is via OAuth. You need to use OAuth.
NOTE: I do not need this to be a production-server so I do not think OAuth is necessary
OAuth is necessary.

WSO2 API synapse configuration issue

I'm currently trying to solve one issue in wso2 API manager v1.9.
I'm login to publisher and create an API i,e SampleAPI, in the design phase I have added 3 GET resources /sample1,/sample2 and /Sample3 respectively.
and implement phase, provided a production endpoint e.g http://test/sample/1.0 and finally in the manage phase provided tier details and rest are all default setting, after that I saved and published the API.
Then I'm login to Carbon console and modified the /sample2 and /sample3 resource endpoint to http://test/sample/45 and http://test/sample/46 respectively and saved the synapse configuration.
Upto this step is everything is ok, I have tested all the resources is working fine.
Later I have added another resource to the same API , so what I did, login to publisher and edit the SampleAPI and added another GET resource /sample4 and saved the configuration and again login to carbon console and try to add endpoint for /sample4 resource, then what I noticed, all the resources are reset to default endpoint, which I had provided during API configuration.
Could you please suggest how to handle this scenario? I want to keep all the configured endpoint details for each resources instead of reset to default endpoint even I add a new resource to the same API.

Resources