I'm attempting to use the REST API provided by WooCommerce to generate the Customer Secret and Customer Key values so that it could be used to invoke other WooCommerce REST APIs. I referred the documentation about generating the key values and managed to get it working using a mock endpoint in Postman used for the call_back URL in the API as mentioned in the document.
I created a POST service in my backend server and managed to setup a SSL certificate in the local environment with a domain mapped in hosts file in /etc directory. I ran the backend service and invoked the callback url through Postman and it worked. Then I used that as the call_back URL in the actual WooCommerce Auth endpoint to programatically generate the keys and save it in my DB. But I'm getting
"Access Denied" - Error: A valid URL was not provided..
When I checked the browser through devtools -> network noticed that there is a 401 Unauthorize error.
Here is the sample GET URL that is uesd for WooCommerce API key generation
http://localhost/woocommerce/wc-auth/v1/authorize?app_name=<SOME_NAME>&scope=read_write&user_id=36&return_url=http://localhost/woocommerce/&callback_url=https://foo.bar.dev:44329/api/services/app/woo_commerce_auth/6/callback
callback_url = https://foo.bar.dev:44329/api/services/app/woo_commerce_auth/6/callback
When the callback_url is a mock url generated using Postman it works fine
callback_url = https://513ca6ab-db16-4635-8d0b-9159e3b1e187.mock.pstmn.io/api/services/app/woo_commerce_auth/6/callback
Any clue why this happens, I could not find a way to troubleshoot this issue. Appreciate the help.
Hi posting this for future reference, and hope it would help others who face this problem as well.
Things to keep in mind when setting the callback_url,
Non HTTPS URL endpoint are not allowed.
URL should not be a localhost url (e.g localhost/callback would give an invalid URL error)
URL should not contain port number (e.g localhost:4320/callback or foo.bar.dev:4892/callback are invalid)
Callback URL should be a POST url
If an error such as Error: An error occurred in the request and at the time were unable to send the consumer data. is given after checking all the above check the backend service code related to the callback_url (I had a 500 server error which triggered this, it was not a WooCommerce issue)
Also a tool such as ngrok would be really helpful to setup an HTTPS endpoint in your local environment to test this.
Dotnet core 3.1 blazorwasm template app is giving the below error while accessing from network or after hosting it on a linux server. It seems the published app is always looking for local host ip for redirection at certain places.
the errors appeared on the firefox console is given bellow
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:5000/.well-known/openid-configuration. (Reason: CORS request did not succeed).
how to configure and publish it to avoid routing to localhost.
This can be reproduced by simply taking the code
https://github.com/dotnet-presentations/blazor-workshop
after running it from visual studio try to access it from a remote client (another machine) will give error while navigating from login and registration links.
Try adding the following CORS middleware configuration to the web API's service's Startup.Configure method and see if that works:
app.UseCors(policy => policy.WithOrigins("http://localhost:5000", "https://localhost:5001")
.AllowAnyMethod()
.WithHeaders(HeaderNames.ContentType));
You need to add this to this file if you are using the code mentioned in your question.
Doc and sample project can be found here.
I have an Angular web app running on Cloud Run (nginx webserver) (more info here) from which I want to get access token from the GCP metadata server. I have tried to make a call to https://metadata.google.internal ( using curl from Cloud Shell) but the connection was rejected. Calls to HTTP are working well.
When I make the call from my app (which is loaded over https) to the metadata server over HTTP - logically I get a mixed content error. When trying to access the metadata server over HTTPS - I am getting error 504 Gateway timeout, I assume due to the reason that the metadata server refuses the calls on HTTPS.
I will really appreciate any idea of how to solve this issue.
The URL endpoint metadata.google.internal is only accessible from inside the instance (Cloud Run). This endpoint is not accessible outside of the instance such as via an HTTP or HTTPS call. A clue is the TLD (Top Level Domain) internal.
If you want to access this endpoint remotely via a web browser, you will need to make a request from the browser to Cloud Run (an endpoint in your code) which then makes the internal request to the metadata server and returns the response to the client.
I am working on a spring boot web application where the application is hosted behind a Zuul reverse proxy server and API gateway is nginx. All the applications are running on the same virtual machine (NginX, Zuul, and My App)
Nginx does the SSL termination and zull is responsible for request authentication and authorization. I am using OpenID Connect for user authentication with Auth0.
Flow of a request
Browser --(A)--> NginX --(B)--> Zuul --(c)--> My Application
A - https call with domain name eg: https://example.com
B - http call for locally running Zull server eg: http://127.0.0.1:7070
In nginx server I have given a rule to forward all the traffic to locally running Zull server
https://example.com --> http://127.0.0.1:7070
With this configuration, callback URL is set as https://example.com/callback at Auth0 and once the callback url is called then it will be sent to the zuul server with a different name.
https://example.com/callback?code=sf4sf4ds4fdf --> http://127.0.0.1:7070/callback?code=sf4sf4ds4fdf
I have used libraries provided by Auth0 to exchange the authorization code for token. but at this point the request for the token contains the callback url as http://127.0.0.1:7070/callback and not as https://example.com/callback (This is what i registered at Auth0 and used to get the authorization code). Therefore the system always throws and error.
I can get this to work by removing nginx server and directly keeping the zuul server in front (Then there is no url changes). is there any way to make this work with my existing configuration.
Thanks
It seems, at the moment this issue can not be resolved because the request for exchanging the token for authorized code is built inside a library provided by Auth0 (mvc-auth-common-1.0.2.jar). Callback url is generated by calling req.getRequestURL().toString().
Since the request was sent by the nginx proxy to the zull server, request url is always https://127.0.0.1:7070
In order to be successful, I had to use a little hack. I wrapped the request object using a custom http request wrapper.
import javax.servlet.http.HttpServletRequestWrapper;
class CustomRequesWrapper extends HttpServletRequestWrapper {
public CustomRequesWrapper(HttpServletRequest request) {
super(request);
}
#Override
public StringBuffer getRequestURL() {
return new StringBuffer("https://example.com/callback");
}
}
Here I am returning the required url.
// Tokens tokens = controller.handle(req); -- previous code
Toke tokens = controller.handle(new CustomRequesWrapper(req)); // current code
Now whenever the method getRequestURL() method is called, my domain name will be passed.
My IdentityServer4 instance returns deformed schema for the urls in the reponse of the well-known configs. Here is the response that I get from
http://www.server.meetcorepoint.com/.well-known/openid-configuration
{"issuer":"http://\\www.server.meetcorepoint.com","jwks_uri":"http://\\www.server.meetcorepoint.com/.well-known/openid-configuration/jwks","authorization_endpoint":"http://\\www.server.meetcorepoint.com/connect/authorize","token_endpoint":"http://\\www.server.meetcorepoint.com/connect/token","userinfo_endpoint":"http://\\www.server.meetcorepoint.com/connect/userinfo","end_session_endpoint":"http://\\www.server.meetcorepoint.com/connect/endsession","check_session_iframe":"http://\\www.server.meetcorepoint.com/connect/checksession","revocation_endpoint":"http://\\www.server.meetcorepoint.com/connect/revocation","introspection_endpoint":"http://\\www.server.meetcorepoint.com/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["openid","profile","api1","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit","password"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}
Here is the mvc client http://www.mvc.meetcorepoint.com and when I click to authenticate with the idsr4 the client throws exception Unable to parse host name and fails to do authentication because it can't parse the urls.
Note the \\ appended to the schema in each url of the response. All urls are invalid. Both the idsr4 and the mvc client are hosted on Amazon Linux. The two projects that I use are both from the official sample projects on GitHub https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/5_HybridFlowAuthenticationWithApiAccess
I am using version 2.0.4 of dotnet core.
On localhost the idsr4 works as expected and returns the appropriate response without additional double backslashes.
What is causing the wrong url schemas and how to fix this ? Feel free to test the identity server yourself on the live servers.