Develop Reference

Angular Service Worker stuck in Safari after logout

We have a WebApp developed with Angular 14. It is deployed on Azure Blob Storage (static website).
Authentification is done with the msal library for javascript. Azure AD B2C is used as identity provider.
When we logout we call msalService.logoutRedirect() which works fine for all devices except for iPhones using the Safari browser. On iPhone/Safari it sometimes gets stuck (mostly when we had the phone locked for a few minutes first). Safari then displays a "neverending" network request - but I am convinced that the actual problem is some code in the service worker, as Safari gets completely frozen and you cannot even enter anything in the Console.
We are using Angular Service Worker to provide a PWA and everything is working fine if we serve the app without Service Workers.
I tried to take a look at ngsw/state (which usually works) but as soon as the bug occurs, this site is not reachable (I assume because Safari is stuck).
For me this looks like the service worker code is stuck in some loop (there are no errors shown in the console). When I then manually try to reload the page we get the following errors in the console: .
How can I find out what causes the problem here? I tried to debug the ngsw-worker.js file but it's almost 2k lines, so it's not that easy. Is there any simpler way to debug it?
Update:
This is how the ngsw-config.json looks like:
{
"$schema": "./node_modules/#angular/service-worker/config/schema.json",
"index": "/index.html",
"assetGroups": [
{
"name": "app",
"installMode": "prefetch",
"resources": {
"files": [
"/favicon.ico",
"/index.html",
"/manifest.webmanifest",
"/*.css",
"/*.js"
]
}
}, {
"name": "assets",
"installMode": "lazy",
"updateMode": "prefetch",
"resources": {
"files": [
"/assets/**",
"/*.(eot|svg|cur|jpg|png|webp|gif|otf|ttf|woff|woff2|ani)"
]
}
}
]
}
We are using google-fonts and fetch it from fonts.googleapis.com.
When we logout and the bug occurs the browser displays that it tries to load the google fonts - it is stuck there. Is it possible that it somehow thinks the google-fonts file should be in cache and it tries to fetch it but since it isn't there, it loads endlessly?
Update: I found a forum post that sounds very similar to the problem we have, unfortunately, it seems they never found a solution: apple forum

You could try to clone the msal library and change the code in the navigation client to always use replace instead of assign. Could be worth a shot since it helped me in the react oidc library i used.

Is there a way to integrate an Expo app with firebase dynamic links without detaching?

Is there a way to integrate an Expo app with firebase dynamic links without detaching.

If you need to create new dynamic links on the fly you could use REST API to do it. In the much more likely scenario that you only need your app to open Firebase's dynamic links, you don't need to do anything other than configuring your Expo App to handle universal links (ie: deeplinks using http/https).
The checklist is something like this:
1. Configure your app.json
For Android, add the intentFilters property to your android property:
"android": {
"intentFilters": [
{
"action": "VIEW",
"data": [
{
"scheme": "https",
"host": "<your-domain>",
"pathPrefix": "/"
},
],
"category": [
"BROWSABLE",
"DEFAULT"
],
"autoVerify": true // required to work on newer android versions
}
]
]
For iOS, add the associatedDomains property to ios:
"ios": {
"associatedDomains": ["applinks:<your-domain>"]
}
2. Configure your domain to allow links from it to be handled by the apps
Android and iOS will allow your app to open links from your domain if you serve a configuration file from a specific location:
Android: https://<your-domain>/.well-known/assetlinks.json
iOS: https://<your-domain>/.well-known/apple-app-site-association
assetlinks.json will look something like this:
[{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "<android-package-name>",
"sha256_cert_fingerprints":
["<your-sha256-certificate-fingerprints>"]
}
}]
And the apple-app-site-association like this:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "<your-team-id>.<ios-bundle-identifier>",
"paths": [ "*" ]
}
]
}
}
You can read more about these files here and here.
To obtain the SHA256 fingerprints of your app’s signing certificate you can use the keytool:
keytool -list -v -keystore <your-key-file>
After you enter your keystore password, it will print many of the keystore information including the SHA256 fingerprints.
If your site is hosted on Firebase both assetlinks.json and apple-app-site-association can be generated automatically if you create the Apps on your Firebase's project. Otherwise, just put these files on the root of your domain.
3. Create a Firebase dynamic link
I think this is step is mostly self explanatory but just a few notes:
Set up your short URL link: in the end you will have / that you send to your users
Set up your Dynamic Link: here you define your deelink (the link you want your app to handle)
Define link behavior for iOS: you mostly likely want to click on 'Open the deep link in your iOS App' and select your App from the list (if you haven't yet, create one App for each platform on your project)
Define link behavior for Android: same as previous but with a few more options to select
Configure (or not) campaign tracking and you're done.
Remember that you always should test your deeplinks by clicking instead of by entering directly on the browser. You may send the link to yourself on the WhatsApp or put on some notes app, for example.
Others resources that might be helpful:
https://docs.expo.io/versions/latest/workflow/linking/
https://reactnavigation.org/docs/deep-linking/

In addition to Pedro Andrade's instructions:
1.) Firebase requires the following details under your app > project settings for dynamic links to work.
Android: SHA 256 (App signing key certificate fingerprint) - this can be retrieved via play store > your app > App Integrity > SHA 256
iOS: App ID Prefix (Team ID): developer.apple.com > Certificates, Identifiers & Profiles > your app id > App ID Prefix
Surprisingly, these are mentioned almost nowhere in the docs, but do come up in stackoverflow results and other answers when googling errors that debugging preview links result in:
Android app '<bundle id>' lacks SHA256. AppLinks is not enabled for the app. Learn more.
iOS app '<bundle id>' lacks App ID Prefix. UniversalLinks is not enabled for the app. Learn more.
You can view debugging preview links by adding ?d=1 to your dynamic links.
https://firebase.google.com/docs/dynamic-links/debug
2.) Even if you use a page.link-style domain provided by firebase for your dynamic links, your associatedDomain/intentFilter domains in app.json should still be your actual domain
i.e if you're generating my-app.page.link shortLinks, that are dynamic links to my-app.com, you should use my-app.com in app.json

Pedro Andrade's solution works! Partially...
Explaining:
You must NOT add your dynamic link domain in intentFilters and associatedDomains, because it makes the app to open the link directly in the app, so, the dynamic link is not processed and you don't have access to the link generated by the dynamic link.
It works partially because of this: the dynamic link needs to be opened by the browser (chrome or safari) before being opened in the app.
Example: Open "<your-domain>.page.link/XLSj" in browser, browser will direct to generated link: "<your-domain>.com/params/54" to configured deep link.
I don't know any other way to 'read' the dynamic link by expo in managed workflow.

here api request error --- Invalid credentials

I have a 90-day trial and I am registered at (Evaluation 2018-06-29).
But when I request with my correct copied app id and app code I get the below error.
{
"response": {
"_type": "ns2:RoutingServiceErrorType",
"type": "PermissionError",
"subtype": "InvalidCredentials",
"details": "This is not a valid app_id and app_code pair. Please verify that the values are not swapped between the app_id and app_code and the values provisioned by HERE (either by your customer representative or via http://developer.here.com/myapps) were copied correctly into the request.",
"metaInfo": {
"timestamp": "2018-08-15T18:52:35Z",
"mapVersion": "8.30.86.153",
"moduleVersion": "7.2.201832-36299",
"interfaceVersion": "2.6.34"
}
}
}
Can anyone help, especially someone from here api developer support team?

Go into your account projects and add a new project explicitly for the Freemium plan. Then you should be able to generate a new JavaScript/REST App ID and App Code. If you are using one of the mobile SDKs you would generate a new id / code there as well.
(1) Copy and Paste
I'm not certain this is what may be happening for you, but one of my codes had a leading underscore and it was very easy to copy and paste it incorrectly into my source code.
(2) Domain Protection
Also make sure that if you checked "Secure app credentials against a specific domain" that you are calling the routing service from the same domain.
(3) Shell Interpolation
Without more detail about how you are making the calls to the routing service (curl, postman, javascript, ios, android, etc.) it may also indicate where to offer advice.
For example, if you are using curl make sure your parameters have surrounding quotes as & will be interpreted by a shell such that ?app_id=your-app-id&app_code=your-app-code is not interpreted properly. That could generate the response you saw as the shell took your app_code parameter away before curl could make the request only passing the app_id.

google cloud vision api quickstart error opening file

I am following the following Google Cloud Vision quickstart:
https://cloud.google.com/vision/docs/quickstart
This is using the API Explorer, and I get
Error Opening File
I have created a bucket named vision2018, and checked Share Publicly for the file.
My portion of the request related to the file is:
"image":
{
"source":
{
"imageUri":"gs://vision2018/demo-image.jpg"
}
}
The response I get is:
{
"responses": [
{
"error": {
"code": 5,
"message": "Error opening file: gs://vision2018/demo-image.jpg\"."
}
}
]
}
}
What do I need to specify in order to access files in my GCP storage?
Alternatively, I read other Stack Overflows that talk about GOOGLE_APPLICATION_CREDENTIALS, Simple API Key, and "Create Service account key and download the key in JSON format", ... but these seem to be giving commands in the shell, which this quickstart doesn't even open.
Is there initial setup assumed prior to the quickstart?
I am not ready to call the api from code

You might want to doublecheck your request. I went to the quickstart, replaced the placeholder imageUri with gs://vision2018/demo-image.jpg and it worked just fine. The error message you posted is what would be displayed if you had given gs://vision2018/demo-image.jpg\" instead.
Regarding the second part of your question: these are authentication methods. In this particular case, under Authentication you will find a drop down which lets you chose between API key and Google OAuth 2.0. If you chose the former, you don't need to do anything as a demo key will be used just for the purposes of the quickstart. If you chose OAuth 2.0, a popup will appear prompting you to authenticate with a google account. All in all, what you need to do is follow step-by-step the instructions given by the quickstart.

I was receiving a similar JSON response from the Google Vision API:
"error": {
"code": 7,
"message": "Error opening file: gs://bucket/file.jpg."
}
The fix was to set the GCS file's permission to public-read:
gsutil acl set public-read gs://bucket/file.jpg

Finally I investigated what happened. The problem is that your API token is only grant for process the image (allow right to use OCR engine), but that API is not also for accessing object in GS.
Therefore "message": "Error opening file:
The problem is similar with this post:Authorize Google Cloud Vision API to Google Storage image Maybe the error message is a bit dumb than many years ago.
The solution also mentioned in the answer section, but if you want some thing more clear (expose security side-effect) here it is: Set GCS read-only public
Reason I want to keep using API because it's better for use it in mobile application, we cannot give the OAuth2.0 to any phone. However, still find a way to secure the read-public bucket.

Using Azure Quickstart Templates on Azure Government

I'm attempting to use the 3 VM SharePoint Azure QuickStart Template on Azure Government.
Everything works fine except that the deployment errors out due to the fact that Azure Government expects the storageAccountUri to be blob.core.usgovcloudapi.net, while the default is blob.core.windows.net.
I've changed the JSON files to the expected blob.core.usgovcloudapi.net, but it still complains of the error that the blob URL's domain must be blob.core.usgovcloudapi.net.
I'm wondering why it is being overridden and how I can prevent that.
An example of the change I've made is:
"osDisk": {
"name": "osdisk",
"vhd": {
"uri": "[concat('http://',parameters('storageAccountNamePrefix'),'1.blob.core.usgovcloudapi.net/vhds/',parameters('sqlVMName'),'-osdisk.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
Any help would be appreciated.

You should be able to reference the storage account and that will ensure you always get the correct address (regardless of cloud):
"osDisk": {"name": "osdisk","vhd": {"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/',
variables('storageAccountName')), '2015-06-15').primaryEndpoints.blob, variables('vmStorageAccountContainerName'), '/',variables('OSDiskName'),'.vhd')]"}}
We have some other tips for using a QuickStart that might be hard coded to a single cloud here:
https://blogs.msdn.microsoft.com/azuregov/2016/12/02/azure-quickstart-templates/