i am using Swagger-ui version 2.1.4, i have hosted it locally and provided it my own Json file and API it opens the document fine and lists all the method in the json file, after i put basic authentication in it, i did all changes in the Index.html changes are
function addApiKeyAuthorization(){
var key = "Basic ************";
if(key && key.trim() != "") {
var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("Authorization", key, "header");
window.swaggerUi.api.clientAuthorizations.add("Authorization", apiKeyAuth);
swaggerUi.api.clientAuthorizations.add("Authorization", apiKeyAuth);
}
}
it gives error, screen shot attached.
it gives error when it tries to authenticate swagger get data of the method with anonymous permissions from same API.
When i hit the Curl from the command prompt it bring results. It only fails in Swagger
Did Swagger have any issue with basic Authentication?
You might open up Fiddler and make the request via the browser, like you said you did, and then make the request using Swagger 2.0. Compare the requests and make 100% sure the request headers and url are the same.
Related
I've been examining this code base as an example of how to implement LinkedIn authorization to my project with a Firebase Backend. One thing I'm confused about is these lines:
var code = getURLParameter("code");
var state = getURLParameter("state");
var error = getURLParameter("error");
if (error) {
document.body.innerText = "Error back from the LinkedIn auth page: " + error;
} else if (!code) {
// Start the auth flow.
window.location.href = "/redirect";
}
at window.location.href = '/redirect', I believe it is meant to invoke the cloud function called "redirect". In my code base, it simply goes to an unknown route and triggers my fallback. Am I wrong about the purpose of this line of code? Does anyone know any possible reasons it's not triggering the cloud function (console says 0 invocations)? What other information should I look into to try to debug this?
To provide a bit fuller of an answer:
The example you provided relies on a Firebase.json file. This file provides configuration if (and only if) your application is hosted with Firebase hosting (see docs).
If you expect to host your app elsewhere, you'll need to make sure your /redirect path points to the Firebase function URL itself (probably something like https://us-central1-project-name.cloudfunctions.net/redirect). In the authorization flow, the LinkedIn module in the example repo then will redirect to either a default or a configured callback url.
I am trying to set up Strava authentication (which is plain oAuth2) in Asp.Net Core Blazor App.
I am rather new to Blazor & Web dev (more of a backend background), and I don't seem to find out how to troubleshoot the reason why the Authentication does not work.
When I click the oAuth login button on the Login page in the (default) Blazor Server App, I get redirected to the correct oAuth login screen (of Strava in my case), but after I successfully enter the credentials for that App, the login page shows an error Error loading external login information.
While I would obviously appreciate any help or tips that could point out what is wrong in my code, I'm mostly searching for a way to get better error information and troubleshooting capabilities here. Setting a breakpoint in the EventHandler delegates does not show much.
This is the Startup.cs extract where I have configured the authentication setup :
services.AddAuthentication().AddOAuth("Strava",
oAuthOptions =>
{
oAuthOptions.ClientId = "myappid";
oAuthOptions.ClientSecret = "myclientsecret";
oAuthOptions.Scope.Clear();
oAuthOptions.Scope.Add("read");
oAuthOptions.CallbackPath = "/profile";
oAuthOptions.AuthorizationEndpoint = "https://www.strava.com/oauth/authorize";
oAuthOptions.TokenEndpoint = "https://www.strava.com/api/v3/oauth/token";
oAuthOptions.SignInScheme = IdentityConstants.ExternalScheme;
oAuthOptions.Events = new OAuthEvents()
{
OnRemoteFailure = loginFailureHandler =>
{
Console.WriteLine("Remote Error");
Console.WriteLine(loginFailureHandler.Failure.Message);
return Task.FromResult(0);
},
OnAccessDenied = handler =>
{
Console.WriteLine(handler.Response.StatusCode);
return Task.FromResult(0);
}
};
});
An update that made things work for me, so maybe it can help other people.
I performed the following actions, in order to gain more control on the entire authentication process.
I scaffolded two pages, in which I then could debug & step through (and obviously also update and change things). More information was found in this post:
Account.Login, which enables the customization of the actual login page dotnet aspnet-codegenerator identity -dc CotacolApp.Data.ApplicationDbContext --files "Account.Login"
Account.ExternalLogin, which enables the customization of the actual strava page dotnet aspnet-codegenerator identity -dc CotacolApp.Data.ApplicationDbContext --files "Account.ExternalLogin"
I then found out that the var info = await _signInManager.GetExternalLoginInfoAsync(); always resulted in a null value. And that was because I had to set the IdentityScheme to external. ```
And after that, I had to run some custom logic to do the claim mapping. Most of those details were written down in this stackoverflow post by #Morgeh.
Hope this can help people in the future.
I'm trying to connect my ASP.NET Core 3.1 web app with Yahoo. To do this, I have to set up Authorization with OAuth. I have followed a few different guides, including:
https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html
https://www.yogihosting.com/implementing-yahoo-oauth-2-0-in-csharp-and-asp-net/
I have set up my app in Yahoo, with the configuration found in the below picture:
I then have my code set up to send the authorization request to Yahoo with the following code:
public void YahooAuth()
{
string id = configuration["YahooClientId"];
string returnUrl = "https://www.fantasysimmer.com/FootballSimulator/Sim";
string url = $"https://api.login.yahoo.com/oauth2/request_auth?client_id={id}--&response_type=code&redirect_uri={returnUrl}";
Response.Redirect(url);
}
When this code is ran however, I get an error page with a message "Developers: Please specify a valid client and submit again.", and the URL displays:
https://api.login.yahoo.com/oauth2/error?client_id={Client_ID}--&error=unauthorized_client&error_description=invalid+client+id
I double and triple checked the Client ID, and the client ID in the URL is the same as in my Yahoo App's profile. I'm wondering now, is there an extra step that I missed in registering my app, or is there something wrong with my code?
Edit: Progress is made! The dashes after the client id must have been part of the example, or otherwise were an error. When I removed that, I started getting a new error, saying to enter in a valid request. It had something to do with my return url, because replacing that with 'oob' made it go through.
So there were two errors. The first was that the "--" after the client id were not supposed to be there. I'm not sure why in yahoo's example they have them there, but they aren't needed. The second reason is that my return uri was capitalized in my code, but not capitalized in my app settings. Now it works!
I would like to know how to make an authorized request to firebase storage using the user Id Token as a parameter in the url. Right now with a firebase rule of 'request.auth != null' I receive a 403 network error (Failed to load video: You do not have permission to access the requested resource). Here is my GET request url:
https://firebasestorage.googleapis.com/v0/b/<bucket>/o/<folder_name>%2F<video_name>.mp4?alt=media&auth=eyJh...<ID TOKEN>...Ll2un8ng
-WITHOUT the firebase rule in place I'm able to successfully get the asset with this request url https://firebasestorage.googleapis.com/v0/b/<bucket>/o/<folder_name>%2F<video_name>.mp4?alt=media
-also tried token=, token_id=, tokenId=
-the reason for not using the firebase SDK to fetch the file is so that I can use the flutter video_player (https://pub.dev/packages/video_player#-example-tab-) package and use this with files in firebase, I mention this in case theres a better way to use the video_player library in flutter web right now:
_controller = VideoPlayerController.network(
'https://flutter.github.io/assets-for-api-docs/assets/videos/bee.mp4',
closedCaptionFile: _loadCaptions(),
);
[EDIT] It appears that it's not possible to pass the auth in as a query parameter. After some exploring, I found an acceptable way to still use the video_player with your firebase assets that are protected (If you're not using rules to protect them, you can directly use the firebase url). I will post some general steps here and some sample code:
Use the Storage Firebase SDK package to get the Uint8List, the uri given by getDownloadURL has the correct header auth, for example
import 'package:firebase/firebase.dart';
final url = await storagePath.getDownloadURL();
final response = await http.get(url);
if (response.statusCode == 200) {
return response.bodyBytes;
}
use the Uint8List buffer to init a Blob object which you'll use to then create an ObjectURL which basically gives you the same interface as a file url to use as the network url for your video player
final blob = html.Blob([data.buffer], 'video/mp4');
final videoUrl = html.Url.createObjectUrl(blob);
videoPlayerController = VideoPlayerController.network(
videoUrl)
..initialize().then((_) {...
That's it.
Firebase Storage REST does not (rightly) support authorization from GET query string as you are trying to do. Instead, it uses the standard Authorization header (see here).
Firebase cloud storage internally uses Google Cloud Storage. Mentioned here
If the library you use doesn't support HTTP headers yet, you must consider an alternative. The issue you mentioned in the comment shows that the feature is still under development, so you can also wait for the library to come out with the support for headers.
Internally all this package does for flutter-web is create an HtmlElementView widget here for which it passes a VideoElement (ref here) from the package dart:html with the provided URL which translates to a <Video> tag inside a shadow dom element in your web page. The error 403 could also mean you are trying to access it from a different origin.
I would suggest following approach.
Check your console for any CORS related errors. If yes, then you will have to whitelist your ip/domain in the firebase storage. Check this post for possible approach and more details here.
Check if you are able to access the URL directly with the authorization token as a query parameter as you suggested. If not then, it is not the correct way to access the object and should be corrected. You could update the question with the exact error details.
I am trying to get the current URL in an AppMaker app. However, the standard JavaScript ways do not work, ScriptApp is not available in AppMaker, and the objects that are in AppMaker do not return the correct URL (that starts with https://script.google.com).
Thanks for any suggestions.
You can run a backend/serverside script and use Apps Script
ScriptApp.getService().getUrl()
See the doc ScriptApp Documentation
To have an app URL on client side, you can load it during app startup. Firstly, let's create server script that returns app URL:
/**
* Get the URL of the published web app.
*/
function getAppUrl() {
return ScriptApp.getService().getUrl();
}
Open your Project settings and put next code to App startup script section:
loader.suspendLoad();
google.script.run.withSuccessHandler(function(url) {
appUrl = url;
loader.resumeLoad();
}).getAppUrl();
Now you are able to use appUrl everywhere in Client Scripts.
Using this approach you can create initial app config on startup that requires specific data from server.