I recently installed Ngrok in order to test my localhost meteor App on my phone.
I am successful in accessing the meteor app via a tunnel by ngrok.
However when I try to login using I get this error message:
The login process shows the following error message:
400. That’s an error.
Error: redirect_uri_mismatch
Application: AppName
You can email the developer of this application at: my#emailadress.com
The redirect URI in the request, http://localhost:7123/_oauth/google,
does not match the ones authorized for the OAuth client.
Updating the Authorized JavaScript origins & redirect URIs to the Ngrok forwarding addresses, doesn't have an effect.
How do I correctly use ngrok in conjuction with Google Oauth?
Any help would be greatly appreciated
Use ngrok and change the Root URL to the one supplied by ngrok.
ROOT_URL=http:XXXXXXXX.ngrok.io meteor to start meteor.
It's trying to use http://localhost:7123/_oauth/google instead of a more ngrok-like url that could be, for example: https://fd4fdbbb.ngrok.io/_oauth/google
You can check the parameters that you are using to run the app and the environment variables too.
For example, I typically use
ServiceConfiguration.configurations.upsert(
{ service: 'facebook' },
{
$set: {
appId: process.env.facebookConsumerKey,
secret: process.env.facebookConsumerSecret,
loginStyle: 'popup'
}
}
);
And run meteor using a bash script that looks like:
#!/bin/bash
export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
nvm install 4.4.7
IP_ADDRESS=`ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | grep -v '10.0.0.1'` echo "Starting app on: $IP_ADDRESS:3000"
# NODE_DEBUG=request \
# facebookOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/facebook \
facebookAppName="BlahApp - local dev" \
facebookConsumerKey=12345 \
facebookConsumerSecret=xxxxxx \
facebookOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/facebook \
MONGO_URL=mongodb://$IP_ADDRESS:27017/staging-blah-app \
ROOT_URL=http://$IP_ADDRESS:3000 \
BIND_IP=$IP_ADDRESS \
MOBILE_DDP_URL=http://$IP_ADDRESS \
MOBILE_ROOT_URL=http://$IP_ADDRESS \
meteor --port $IP_ADDRESS:3000 --settings development-settings.json
So you can, instead of using googleOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/google could use https://fd4fdbbb.ngrok.io/_oauth/google
The issue was that the environment variable were not read by meteor, and even though it was overwritten on the client side, somehow the server connected to google with a wrong callback url.
Now for the solution... I started by ensuring that the settings in the google service configuration were reset by running this in the terminal after killing the app:
meteor reset
In a separate terminal, I then started ngrok to generate a tunnel link:
./ngrok http 7123
Yielding the tunnel link:
http://adba9b9f.ngrok.io/
In a separate terminal I start my app by assigning it to "port 7123" and setting "http://adba9b9f.ngrok.io" as the absoluteUrl like this:
ROOT_URL=http://adba9b9f.ngrok.io meteor --port 7123
To confirm that this command has been carried out, I typed this into the browser console
Meteor.absoluteUrl()
The response:
"http://adba9b9f.ngrok.io"
Indicates that the Meteor.absoluteUrl() command was successful.
Next, I accessed my app via the "http://adba9b9f.ngrok.io" tunnel and clicked on the "Configure google button", where GLADLY noticed that the Authorized JavaScript origins were preset to:
http://adba9b9f.ngrok.io and
Authorized redirect URIs preset to: http://adba9b9f.ngrok.io/_oauth/google
I then filled in the Client ID and Client Secret part with details from the google credentials, and updated the google credentials with the details from the configure google button details and saved.
Am happy to say... Everything works desirably now.
Related
I am using the command:
curl -O -u username:API_KEY https://artifactory_url/artifactory/docker_repo/image/tag/sha
The file created after curl completes successfully is empty
This could happen if redirect download feature is enabled on Artifactory side. The reason is, when a repository is configured to redirect downloads, a client requesting Artifactory for an artifact(exceeding a specific file size) hosted in that repository receives a 302 response initially with a Location header containing a signed direct download url. Then the client uses the particular URL to download the actual file.
Hence we would need to make sure follow redirect option is enabled by the client attempting to download it. In case of curl it can be achieved by adding -L
curl -O -L -u username:API_KEY
https://artifactory_url/artifactory/docker_repo/image/tag/sha
I am posting a follow on question to this one that I posted recently: Docker container failed to start when deploying to Google Cloud Run. I am new to GCP, and am trying to teach myself by deploying a simple R script in a Docker container that connects to BigQuery and writes the system time. I've been able to successfully deploy the Docker container, but I cannot invoke it. I believe I'm misunderstanding something fundamental about APIs, and I'd greatly appreciate any input!
So far, I have:
1.- Used the plumber R package to expose the R code as a service by "decorating" it with special annotations
# script called big-query-tutorial.R
library(bigrquery)
library(tidyverse)
project = "xxxx-project"
dataset = "xxxx-dataset"
table = "xxxx-table"
bq_auth("/home/rstudio/xxxx-xxxx.json", email="xxxx#xxxx.com")
#* #get /time
systime <- function(){
# upload Sys.time() to Big Query
insert_upload_job(project=project, data=dataset, table=table, write_disposition="WRITE_APPEND", values=Sys.time() %>% as_tibble(), billing=project)
}
2.- Translated the R code from (1) to a plumber API with this R script
# script called main.R
library(plumber)
r <- plumb("/home/rstudio/big-query-tutorial.R")
r$run(host="0.0.0.0", port=8080)
3.- Made the Dockerfile
FROM rocker/tidyverse:latest
# BEGIN rstudio/plumber layers
RUN apt-get update -qq && apt-get install -y --no-install-recommends \
git-core \
libssl-dev \
libcurl4-gnutls-dev \
curl \
libsodium-dev \
libxml2-dev
RUN R -e "install.packages('plumber', repos='http://cran.us.r-project.org')"
RUN R -e "install.packages('bigrquery', repos='http://cran.us.r-project.org')"
# add json file for authentication with BigQuery and necessary R scripts
ADD xxxx-xxxx.json /home/rstudio
ADD big-query-tutorial.R /home/rstudio
ADD main.R /home/rstudio
# open port 8080 to traffic
EXPOSE 8080
# when the container starts, start the main.R script
ENTRYPOINT ["Rscript", "/home/rstudio/main.R", "--host", "0.0.0.0"]
4.- Successfully run the container locally on my machine, with the system time being written to BigQuery when I visit http://0.0.0.0:8080/time and then refresh the browser.
5.- Pushed the container to my container registry in Google Cloud
6.- Successfully deployed the container to Cloud Run.
7.- Created a service account (i.e., xxxx#xxxx.iam.gserviceaccount.com) that has roles "Cloud Run Invoker" and "Cloud Scheduler Service Agent".
8.- Set up a Cloud Scheduler job by filling out the fields in the console as follows
Frequency: ***** (i.e., once per minute)
Timezone: Pacific Standard Time (PST)
Target: HTTP
URL: xxxx-xxxx.run.app
HTTP method: GET
Auth header: Add OIDC token
Service account: xxxx#xxxx.iam.gserviceaccount.com (i.e., account from (7))
Audience: xxxx-xxxx.run.app (I leave this field blank, it is automatically added)
When I click on "RUN NOW" in Cloud Scheduler, I get the error
httpRequest: {
status: 404
}
When I check the log for Cloud Run, every minute there is the 404 error. The request count under the "METRICS" tab averages out to 0.02/s.
Thank you!
-H.
A couple of recommendations:
Make sure your service account has roles/iam.serviceAccountTokenCreator and roles/cloudscheduler.serviceAgent that will enable impersonation. And roles/run.Invoker to be able to call Cloud Run.
Also you have chosen OIDC Audience
A bit about the audience: field in OIDC tokens.
You must set this field for the invoking service and specify the fully qualified URL of the receiving service. For example, if you are invoking Cloud Run or Cloud Functions, the id_token must include the URL/path of the service.
Example declaration:
gcloud beta scheduler jobs create http oidctest --schedule "5 * * * *" --http-method=GET \
--uri=https://hello-6w42z6vi3q-uc.a.run.app \
--oidc-service-account-email=schedulerunner#$PROJECT_ID.iam.gserviceaccount.com \
--oidc-token-audience=https://hello-6w42z6vi3q-uc.a.run.app
I'm facing issue while integrating spinnaker with Nexus.
Basically, here is my process - Building docker image using Jenkins and uploading to Nexus. Next, want to trigger spinnaker pipelines based on new image available on Nexus to deploy apps on kubernetes.
I've used these 2 commands
hal config provider docker-registry enable
hal config provider docker-registry account add my-docker-registry \
--address <pvtIP>:9082 \
--repositories repository/<repoName> \
--username <userName> \
--password
Getting error as below
+ Get current deployment
Success
- Add the my-docker-registry account
Failure
Problems in default.provider.dockerRegistry.my-docker-registry:
! ERROR Unable to fetch tags from the docker repository:
repository/test-docker-snapshots/, Unrecognized SSL message, plaintext
connection?
? Can the provided user access this repository?
- WARNING None of your supplied repositories contain any tags.
Spinnaker will not be able to deploy any docker images.
? Push some images to your registry.
- Failed to add account my-docker-registry for provider
dockerRegistry.
is it mandatory to have nexus on HTTPS ? I'm running on http, and using in internal network only...
please advise.. thanks..
If your nexus repo is running on HTTP then you should set --insecure-registry flag in your command. So you would final command would be as follows:
hal config provider docker-registry account add my-docker-registry \
--address <pvtIP>:9082 \
--repositories repository/<repoName> \
--insecure-registry true \
--username <userName> \
--password
i have installed latest version of Artifactory Pro (5.8.3) on Centos7. The default admin credentials are admin/password. i want to change the password through command-line but unable to do so.
Does any one has any inputs how to do this?
Following troubleshootings i tried:
jfrog rt c rt-server-1 --url=http://domain/artifactory --user=admin --password=password ...
nothing happens , when i try to use a new password i get 401: unauthorize error
jfrog guide tells to generate security.xml and add the hash code of the new password but security.xml does not get generated even after following all their steps.
also tried to use curl commands but no use.
If any one has gone through similar issue please share your findings. let me know if you need more info.know on case
JFrog CLI currently does not support changing of a user's password. the CLI config method you were using simply lets you configure your server and credentials to be used by other CLI command later.
What you can do is use a simple curl command to invoke the change password API as described here.
specifically, in your example changing the Admin's password to "NewPassword" will be something like:
curl -X POST -u admin:password -H "Content-type: application/json" -d '{ "userName" : "admin", "oldPassword" : "password", "newPassword1" : "NewPassword", "newPassword2" : "NewPassword" }' http://yourartifactory:8081/artifactory/api/security/users/authorization/changePassword
I am in my Terminal and I want to send a POST request to a given URL. I have tested this with a REST client so I know that the parameters work.
So lets say I want to POST the following parameters:
username=tony
password=secret
To my URL: https://exmaple.com/login/
I tried the following curl command in my Terminal (I am using OSX Lion)
curl --data "username=tony&password=secret" http://exmaple.com/login/
I get an 500 Server Error back from the server so I am now thinking of something that could be different between the REST Client and the curl command.
Thanks for your help
Update: I am using a https service. Do I have to adjust my curl command to account for this?
Try this
curl -F username=tony -F password=secret http://exmaple.com/login/
-F (reference) should probably do the same as --data? Possible the problem is in the webapp.
Maybe the app you are hitting uses basic auth for authentication? Try this one:
curl --user name:password http://exmaple.com/login/