I'm trying to build a login page for my Shiny application, using the auth0 services, nginx, node.js and the git repo github.com:auth0/shiny-auth0.git.
You can find the full tutorial here
Everything works fine, except for the fact that I can't login using a valid username/password combination (made within the auth0 webpage). It is possible though to login using for example your Google account (it's redirected to Shiny application, as expected).
The generic error message I get is stating WE COULD NOT REACH THE SERVER. PLEASE CHECK YOUR CONNECTION AND TRY AGAIN.
I can't find any working solutions in the documentation, or on the forum of Auth0. Did anyone experience similar problems, using Auth0, possibly in combination with Ubuntu 16.04, Node.js, R Shiny and Nginx and found a solution?
Help is highly appreciated!
The trick lies in the Allowed Callback URLs and the Allowed Origins (CORS). Both fields need to be filled in properly within the Auth0 Client setup. This means that the allowed callback URL needs to be equal to your domain of the Shiny app, starting with the proper protocol (in this case http) and ending with /callback. The same URL should be used in the .env file. In my case, this was something like http://ec2-123-456-789.eu-central-1.compute.amazonaws.com/callback.
Then don't forget to also use the Allowed Origins (CORS), since the origin is not exactly equal to the callback. The origin uses https protocol, instead of http. Hence use something like https://ec2-123-456-789.eu-central-1.compute.amazonaws.com for your Origin.
Related
I'm setting up an OAuth client for a Firebase application on Firebase Hosting, and I'm trying to add an authorized redirect URI to the "Web client (auto created by Google Service)" here:
https://console.cloud.google.com/apis/credentials/oauthclient
I'd like to add https://my-project.web.app/serviceworker/redirect but the update operation silently fails - loader just keeps spinning - and reports the following in the console:
Uncaught Proxy {Symbol(Symbol.toStringTag): "ErrorResponse"}
and
Uncaught Error: Ch
I'd rather not post the specific domain here, but the strange thing is, I've been able to add it in another project, as a test, and I've also been able to add the https://www.my-project.firebaseapp.com/serviceworker/redirect address with no issues. And for what it's worth, the subdomain https://www.my-project.web.app/serviceworker/redirect was also fine. (Although it doesn't actually fix my issue)
So it seems to be a specific issue with this particular domain and in this particular project.
Posting here in the hopes that someone on Google's side has any more ideas, as I'm at a loss.
Thanks in advance.
I have no idea why this would make a difference for this specific domain, but the issue resolved itself once I went through the "OAuth consent screen" setup.
So if you encounter this issue, I'd make sure everything's set up there first.
I have an app in xamarin forms, and I need to implement Google authentication. In my Google API, I have OAuth credentials using Web Application.
The problem is in the Authorized redirect URIs: when I configure the URI using the https, I can choose what account to log in to. After choosing the one I want, I get this error:
Seeing some Youtube videos, I´ve seen that I need to use HTTP instead of HTTPS, but when I try to use this way, I get this error BEFORE I get the Google user´s accounts lists:
So I´m sticking in it and can´t authenticate the user.
I´m using Xamarin Forms, and on the app, there´s no exception thrown.
The redirect URI (where the response is returned to) has to be registered in the APIs console, and the error is indicating that you haven't done that, or haven't done it correctly.
Go to the console for your project and look under API Access. You should see your client ID & client secret there, along with a list of redirect URIs. If the URI you want isn't listed, click edit settings and add the URI to the list.
Note that updating the google api console and that change being present can take some time. Generally only a few minutes but sometimes it seems longer.
I'm trying to setup Keycloak on a Linux server in order to prepare an OAuth2 server to make linking account available for my Alexa Skill.
My problem is this:
After a succesfull login, keycloak redirects the request to an Amazon server with this link:
https://skills-store.amazon.co.uk/api/skill/link/M3FC1DYEAOGRP4?code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..XDTXJ_GzoEs06ELehNLRhA.njBRnNSp0-nJN1sz9-jt-x6dWVdfIANQVfoKJsiJAYry3yW9fSNS46H5Daji-C8oY-lPQSTl_oiPbWOLmsfN5J5y5BOxlWPPBLkudyyNQj1bznmiz_flabn0JiTsqcy4V5cb07E0wgO4GBYDPh1JxMBzv1jY-8zHJFjWZ_aHJ_HN2ADSJywksp9TQlfsVFM2DoPFr-3hzerjHxJmje8AHhh3fl_hm1L8YLwZ81JxAyYbRX06vL4dDC1We0fJ1Gau.zXXS_02gcqqy7GAMt4HPNA
&state=A2SAAEAEKGYeJWc5-LPQwpOBdADVIkB4LaRW5zez4dbd6yYW8ZZNyXA_ujSlkPoxLvi-QzwydlEcAgR0Y70aJ7DuNr-vTbbowBpZzCbBzk2wfaHOa980SNhuckEERT6slAVbZ5eVKd7sLaVQ-K3qwHwUzSRRVa32Wnu__i9vMrqBhZE6rBqZjmkKvh3BwKGk2EloEc2sg64b4TQyFm8qsUmfGowSL2cKu4jYwq-utIoczJXEXg6w1Dh5wUYc3hH6b505z9Xhlw3PL7BatTRpCzX7VNq9D1gX60xWkicl2x3q5HTmSV2rviYgA1s_bEGYrv95mYxi57S1Zi4v3xGmNVn4Yt-YGJIVXRPa6wKalHedIOTDEYTunmHsmVI_EoMhx7ReJh9Ur-k1c6D3o6ul4Xmk7ue1KuU3t69aS1CEWopFTjiGHticFYOuYogvbScCgbt8Gg21o9PsL-EL0jxuH4-Zc7gjdBL_pDZCAMlVk6IOMLkMW2GQTp8rzvT7Bi-ATVvINWlS5AesggTpJH7Itm-HJsRib8DmQTd5_RL4VR7l25nLdzDdx8FA4kpESH2Rfr21hE9UM9NcBRG4T7uysvhvDzlKFMa
I understood that my problem is in the &code= format.
Amazon is waiting for application secret (36 length string) instead it is encrypted by default in Keycloak.
Is there a way to edit this behavior in Keycloak admin console?
Thank you
Edit:
Keycloak version is 4.0.0 Final standalone
To follow the Keycloak client configuration images:
That's the Amazon Skill configuration for account linking:
And these are the Keycloak client configurations:
In the end, that's the issue:
When i click on account linking link from the skill I correctly go to the login page
but then, skill is never been actived:
The study of this issue brought me to UPS Skill and using Chrome developer console I noticed that the code parameter gave to pitangui url is a 36 digit string.
So, at this point I think that Amazon requires the plain secret as code even if I'm not certain of this.
So my question is if there's a way to edit Keycloak behavior without changing Keyclok source code.
Thank you
I am the owner of a chrome app which is currently a hosted app on https://mydomain.com. I would like to add push messaging to it, so it will have to become a packaged app.
However, I don't want to lose the ability to prompt users on the website to install the app if they don't already have it installed.
There are many ways I've come up with to test this, but none of them seem satisfactory:
chrome.app.isInstalled, the method I currently use is unavailable for packaged apps.
Inserting a DOM element is a recommended practice, but only available for extensions; content_scripts is disallowed for packaged apps.
Setting a cookie could work, but the cookies permission is disallowed for packaged apps.
Setting a cookie using a webview might be possible, but webviews are sandboxed, and do not share cookies with chrome.
Detecting a file in the app might work, but the web_accessible_resources permission is disallowed disallowed for packaged apps.
Specifying url handlers seems like it might work, but It looks like they only work for urls in the address bar (i.e. they don't seem to handle requests).
Setting externally_connectable works, but it requires a permissions dialog saying that the app would like to "communicate with cooperating websites". The permission is this vague even if I specify https://mydomain.com. I would like to avoid this since people tend not to update apps when permissions change.
Does anyone know of a way to determine whether my packaged app is installed if I own both the app and https://mydomain.com?
url_handlers or externally_connectable is the way to go. You've understandably ruled out the last option because of the extra permission warning (which would disable the app until the user approves the new permission).
url_handlers does offer a solution without requiring extra permissions:
At your server's side, if the user doesn't have any cookies, redirect to some other URL at your server. E.g. http://example.com/landing/ -> http://example.com/landing/?noapp.
If the app is not installed, the redirect will be followed. On that landing page, use history.replaceState(null, null, '/landing/'); to change the URL back to the original URL.
If the app is installed, the chrome.app.runtime.onLaunched will be triggered, and the redirect is not followed. On your website, use setTimeout to check whether or not the page is unloaded.
If the previous method doesn't suit you for some reason, then there is one more (fragile) alternative: Set up an API endpoint at your server and use CORS. Because your app does not have the permission to access this resource, the AJAX request automatically gets an unforgeable request header (Origin: chrome-extension://.../...). You can detect the presence of this header, and mark the app as installed for the specific IP address. If you choose a right frequency, you will have an up-to-date ip-to-app mapping.
This doesn't work for multiple computers behind a NAT though. And I (as a user) would be concerned about my privacy if you kept pinging home...
I have my Meteor app serving for a number of domains. The app's functionality is the same for all sites, but the host names dictate which templates I render.
Everything works fine when I run my Meteor app in production with ROOT_URL pointing to only one of the domains. So I'm wondering, why is this a required environment variable other than for its use in Meteor.absoluteUrl()? (which I personally don't use though I recognize it may be used elsewhere under the hood)
The use of this in production environments is during OAuth callbacks. If you log in via Facebook/Twitter/Google or some other third party it will call back to your domain and your browser has to route this correctly.
In OAuth the domain used must match the one given to the other side for security. The other is so that the OAuth login provider, like facebook knows where to redirect back to.
So this is passed on through the ROOT_URL. e.g for facebook when logging in would redirect back to Meteor.absoluteUrl('_oauth/facebook?close')