App asking about itself with an app token - facebook-access-token

Is there an app token equivalent to the "/me" alias? In other words, is there a way that an application can ask for data about itself without having to hardcode its application ID in the "/{app-id}" request? Essentially, all I want is the app ID itself and I could extract that from the app token, but the token is supposed to be opaque and String manipulation to do that extraction seems hokey. Before I do the hokey thing, was wondering if there's a better way for an application to ask about itself.

/app is a shortcut for 'current app' and will work with a user access token, page access token or app access token
Example:
https://graph.facebook.com/v2.0/app?access_token=<APP ACCESS TOKEN>
Response:
{
"category": "Utilities",
"daily_active_users": "0",
"daily_active_users_rank": 1079202,
"icon_url": "https://fbstatic-a.akamaihd.net/rsrc.php/v2/yE/r/7Sq7wKJHi_5.png",
"link": "https://www.facebook.com/apps/application.php?id=[SNIPPED]",
"logo_url": "https://fbcdn-photos-c-a.akamaihd.net/hphotos-ak-xpa1/t39.2081-0/p75x75/[SNIPPED].png",
"mobile_web_url": "http://www[SNIPPED]",
"monthly_active_users": "1",
"monthly_active_users_rank": 1208403,
"name": "test app",
"subcategory": "Other",
"weekly_active_users": "1",
"id": "[SNIPPED]"
}

Related

403 errors with keycloak API

I'm trying to use the Keycloak API (in node via keycloak-admin library) but I systematically get error 403.
I get successfully an access token via the library; by calling /auth/realms/master/protocol/openid-connect/token (on master realm) .
When I look inside my token, I seem to have the correct roles to be able to query the users :
{ "jti": "xx-..", "exp": 1585561478, "nbf": 0, "iat": 1585561418, "iss": "https://auth-mycompany.com/auth/realms/master", "aud": "mycompany-realm", "sub": "xx-..", "typ": "Bearer", "azp": "admin-cli", "auth_time": 0, "session_state": "xx-..", "acr": "1", "resource_access": { "mycompany-realm": { "roles": [ "view-users", "query-groups", "query-users" ] } }, "scope": "email profile", "email_verified": true, "name": "myname", "preferred_username": "myname", "given_name": "my name", "email": "myemail#mycompany.com" }
However , when I do a GET on https://auth-mycompany.com/auth/admin/realms/master/users or https://auth-mycompany.com/auth/admin/realms/mycompany/users ; I get 403 errors.
Maybe it's linked with the "aud" of my token ? Why do I get a token with "aud": "mycompany-realm" when I query master realm ?
Thanks for any help.
I eventually realize that this is due to the fact that I have implemented Port Restriction for admin endpoints. As described in the documentation, all endpoints starting with /auth/admin get a 403 response. Instead, these endpoints are accessible via another port (for example 9991) which is not accessible over the internet.
What I did to fix my issue : because both my Nodejs service and my keycloak server are running on the same kubernetes cluster, I change the authUrl of my keycloak server with its service name http://servicename.namespace.svc.cluster.local:9991/auth

Integrating Contact Form 7 with third-party app

I am trying to send information from user submissions (Contact Form 7) to third-party app. I am using this plugin
https://wordpress.org/support/plugin/cf7-to-api/
The third-party app provided an access token and this example of creation request for me
curl -X "POST" "https://api.example.com/initial-params" \
-H 'Content-Type: application/json' \
-H 'X-Landing-Page-Access-Token: your-value-here ' \
-d $'{
"move": {
"date": "2018-09-01"
},
"consumer": {
"givenName": "Mike",
"phone": "234234242",
"email": "mike#example.com",
"familyName": "Simon"
},
"origin": {
"zip": 3245,
"beds": 8
},
"destination": {
"zip": 12342
}
}'
and this is their documentation
An end consumer enters details onto a landing page. Once all details have been entered, the landing page POSTs to our API's Initial Params endpoint. Our app stores the parameters and generates a unique identifier. Once the API call to create Initial Params succeeds, the landing page automatically redirects to the survey web app with the identifier set as a URL parameter (e.g., ?identifier=xxx... )
- Important : Our survey web app must have received this import in order for follow-up
messaging to work if the consumer drops off. As a result, it is recommended to automatically
redirect to our survey web app after the Initial Params have been created as opposed to
requiring a button click.
When our survey web app loads, it queries our API to retrieve the parameters. With the
parameter information, it then initializes the survey web app and API to the state specified in the
Initial Parameters. Each screen that has input completely satisfied is automatically skipped. The consumer finishes the process on our survey web app. One this identifier has been generated, the landing page can redirect to our survey web app. This identifier should be passed along to our survey web app via the identifier URL parameter, which will in turn allow the provided consumer details to be loaded inside our app. Example link: https://api.example.com/?identifier=xxx
This is a creation response example the third-party app also provided
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Wed, 18 Jul 2018 16:55:04 GMT
Server: nginx
Content-Length: 380
Connection: Close
{
"status": [
{
"type": "ok"
}
],
"identifier":
"some-unique-identifier",
"serverTime": "247.334 ms"
}
So, I used this https://api.example.com/initial-params as the URL to post to, added the access token using this piece of code in functions.php
add_filter( 'qs_cf7_api_get_args', 'add_http_header' );
function add_http_header( $args ) {
$args['headers']['X-Landing-Page-Access-Token'] = 'example-access-token';
return $args;
}
and I used this in the JSON template
-d $'{
"move": {
"date": "[date]"
},
"consumer": {
"givenName": "[givenName]",
"phone": "[phone]",
"email": "[email]",
"familyName": "[familyName]"
},
"origin": {
"zip": [zip1]
},
"destination": {
"zip": [zip2]
}
}'
My questions are:
How can I check the result I get from them, to see if they are receiving the info and generating the identifier?
How to redirect to their landing page with the identifier in the end when a form is submitted? That identifier is a variable and is unique each time, which means somehow I have to redirect to a variable after submission.
Any help is much appreciated.
Thank you!

How can I retrieve a RingCentral call recording from a monitored incoming call?

I'm monitoring incoming calls on RingCentral by listening for the Call Session Notifications (CSN) telephony/sessions event filter:
/restapi/v1.0/account/~/extension/~/telephony/sessions
From this, I will receive events like the following. The recordings property will appear to indicate a recording is available. How can I retrieve this recording?
{
"uuid":"12345678901234567890",
"event":"/restapi/v1.0/account/11111111/extension/22222222/telephony/sessions",
"timestamp":"2019-03-08T22:30:40.059Z",
"subscriptionId":"11112222-3333-4444-5555-666677778888",
"ownerId":"33333333",
"body":{
"sequence":7,
"sessionId":"1234567890",
"telephonySessionId":"1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
"serverId":"10.11.12.13.TAM",
"eventTime":"2019-03-08T22:30:39.938Z",
"parties":[
{
"accountId":"11111111",
"extensionId":"22222222",
"id":"cs12345678901234567890-2",
"direction":"Inbound",
"to":{
"phoneNumber":"+16505550100",
"name":"Jane Doe",
"extensionId":"22222222"
},
"from":{
"phoneNumber":"+14155550100",
"name":"John Smith"
},
"recordings":[
{
"id":"44444444",
"active":false
}
],
"status":{
"code":"Answered",
"rcc":false
},
"missedCall":false,
"standAlone":false,
"muted":false
}
],
"origin":{
"type":"Call"
}
}
}
There are two ways to retrieve the recording using information in the Call Session Notification (CSN) event, specifically the recordings[0].id property and the sessionID property.
retrieving a full media URL by calling the call-log endpoint with the sessionId property
manually creating recording media URL using the recordings[0].id property.
Note 1: While the call is ongoing, the recording will not be available for retrieval, even when the recording id is present in the Call Session Notification event. The recording will be available to be retrieved shortly after the call concludes.
Note 2: Call recordings can be in MP3 or WAV format determined by the company. To distinguish check the response Content-Type header for the MIME type when retrieving the recording media file.
1) Retrieving Full Medial URL via Call Log API
Making an intermediate API call to the call-log API has the dual benefits of being the official approach for receiving a media URL an providing more metadata for the call. In this approach, the recording.id in the call-log record will match the recordings[0].id property in the Call Session Notification event.
Both the company account and user extension call-log APIs can be called with the sessionId parameter from the event as shown:
GET /restapi/v1.0/account/~/call-log?sessionId={sessionId}
GET /restapi/v1.0/account/~/extension/~/call-log?sessionId={sessionId}
In this example, the sessionId is 1234567890 so you would have a Company Call Log API URL as follows
GET /restapi/v1.0/account/~/call-log?sessionId=1234567890
The response object will have a recording property that provides hypermedia links to get the media file. The file can be WAV or MP3 format which is communicated in the response Content-Type header.
{
"uri": "https://platform.ringcentral.com/restapi/v1.0/account/11111111/extension/22222222/call-log?view=Simple&sessionId=1234567890&page=1&perPage=100",
"records": [
{
"uri": "https://platform.ringcentral.com/restapi/v1.0/account/11111111/extension/22222222/call-log/1234567890ABCDEFGabcdefgh?view=Simple",
"id": "1234567890ABCDEFGabcdefgh",
"sessionId": "1234567890",
"startTime": "2019-03-08T22:30:29.505Z",
"duration": 35,
"type": "Voice",
"direction": "Inbound",
"action": "Phone Call",
"result": "Accepted",
"to": {
"phoneNumber": "+16505550100",
"name": "Jane Doe"
},
"from": {
"phoneNumber": "+14155550100",
"name": "John Smith",
"location": "San Francisco, CA"
},
"recording": {
"uri": "https://platform.ringcentral.com/restapi/v1.0/account/11111111/recording/44444444",
"id": "44444444",
"type": "OnDemand",
"contentUri": "https://media.ringcentral.com/restapi/v1.0/account/111111111/recording/44444444/content"
},
"extension": {
"uri": "https://platform.ringcentral.com/restapi/v1.0/account/111111111/extension/22222222",
"id": 22222222
},
"reason": "Accepted",
"reasonDescription": "The call connected to and was accepted by this number."
}
],
"paging": {
"page": 1,
"perPage": 100,
"pageStart": 0,
"pageEnd": 0
},
"navigation": {
"firstPage": {
"uri": "https://platform.ringcentral.com/restapi/v1.0/account/11111111/extension/22222222/call-log?view=Simple&sessionId=1234567890&page=1&perPage=100"
},
"lastPage": {
"uri": "https://platform.ringcentral.com/restapi/v1.0/account/11111111/extension/22222222/call-log?view=Simple&sessionId=1234567890&page=1&perPage=100"
}
}
}
2) Manually Creating Media URL
You can call the Recording API endpoint and retrieve the media directly by manually constructing the recording URL as follows:
https://media.ringcentral.com/restapi/v1.0/account/{accountId}/recording/{recordingId}/content
In this example, the accountId is 11111111 and the recordingId is 44444444 for the following:
https://media.ringcentral.com/restapi/v1.0/account/11111111/recording/44444444/content
The accountId in the URL path can be set to the currently authorized user's account using ~. Alternately, it can be set explicitly by extracting the accountId from the event property or using the accountId property in the relevant party object. Using ~ is the recommended way to set accountId.
Note: This this approach can be quick, it may be error prone as RingCentral has changed the media hostname once in the past. While there are no anticipated, future changes, calling the call-log API and retrieving the full media URL from the response is the safer and recommended approach. See below for this approach. This is only included as some people will try this and potentially run into issues later.
3) Hybrid Approach
The first approach of calling the call-log end point is the recommended approach, however, it involves an extra API call and most of the time the second approach should work fine.
A hybrid approach is to construct the URL as in approach 2 and then fall back to approach 1 if approach 2 returns a 404 or other error.

Firebase Admin SDK : Verifying ID tokens from the REST API

I'm trying to verify Id tokens received by signing in with the REST API for authentication by using the verifyIdToken(idToken) method in the Admin SDK but instead of getting the decoded token I get the error:
Firebase ID token has incorrect "iss" (issuer) claim. Expected "https://securetoken.google.com/"" but got "https://identitytoolkit.google.com/". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
As I said above I'm getting my token from the REST API, so I was expecting this to work.
The response I get from the API is this:
{
"kind": "identitytoolkit#VerifyPasswordResponse",
"localId": "pu0yjIc8tnR85X2gERdtLx684DK2",
"email": "test#test.com",
"displayName": "",
"idToken": "<token-id>",
"registered": true
}
Is this considered a custom token? if so, how can I verify it?
As of Sep 2018, the issuer of the ID Token returned by REST API seems to be changed from https://identitytoolkit.google.com/ to https://securetoken.google.com/. And I can successfully verify this id token in firebase admin SDK.
[Edit]: The firebase admin SDK still fails to verify the Facebook ID Token returned by identitytoolkit's verifyAssertion REST API.
According to Google Developer
Calling the tokeninfo endpoint
An easy way to validate an ID token for debugging and low-volume use
is to use the tokeninfo endpoint. Calling this endpoint involves an
additional network request that does most of the validation for you,
but introduces some latency and the potential for network errors.
To validate an ID token using the tokeninfo endpoint, make an HTTPS
POST or GET request to the endpoint, and pass your ID token in the
id_token parameter. For example, to validate the token "XYZ123", make
the following GET request:
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
{
// These six fields are included in all Google ID Tokens.
"iss": "https://accounts.google.com",
"sub": "110169484474386276334",
"azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
"iat": "1433978353",
"exp": "1433981953",
// These seven fields are only included when the user has granted the "profile" and
// "email" OAuth scopes to the application.
"email": "testuser#gmail.com",
"email_verified": "true",
"name" : "Test User",
"picture": "https://lh4.googleusercontent.com/-kYgzyAWpZzJ/ABCDEFGHI/AAAJKLMNOP/tIXL9Ir44LE/s99-c/photo.jpg",
"given_name": "Test",
"family_name": "User",
"locale": "en"
}

Meteor HTTP post request not working with google add place api

I am using a HTTP post request to add places with google api in meteor js. The code I used is
var url = "https://maps.googleapis.com/maps/api/place/add/json?key="+googleKey;
Meteor.http.post(url,
{params: {
"location": {
"lat": -33.8669710,
"lng": 151.1958750
},
"accuracy": 50,
"name": "Google Shoes!",
"phone_number": "(02) 9374 4000",
"address": "48 Pirrama Road, Pyrmont, NSW 2009, Australia",
"types": ["shoe_store"],
"website": "http://www.google.com.au/",
"language": "en-AU"
}
},function(err, result){
console.log(arguments);
})
Am getting an error
{ [Error: failed [400] { "status" : "REQUEST_DENIED" } ]
I had tried with changing the params and googleKey,but there is no change in the error. Can somebody help me to use http post request with google api? Thanks in advance
Did you try data in place of params ?
Meteor.http.post(url,
{data: {
"location": {
"lat": -33.8669710,
"lng": 151.1958750
},
"accuracy": 50,
"name": "Google Shoes!",
"phone_number": "(02) 9374 4000",
"address": "48 Pirrama Road, Pyrmont, NSW 2009, Australia",
"types": ["shoe_store"],
"website": "http://www.google.com.au/",
"language": "en-AU"
}
},function(err, result){
console.log(arguments);
})
Works fine on my remote server, but in localhost I have an INVALID_REQUEST response, due to the key I think.
Based on the FAQs of the Places API documentation
The "status": "REQUEST_DENIED" is returned by the Google Places API Web Service when:
You have not activated the Google Places API Web Service in the Google Developers Console.
The key parameter is missing from your request.
The key parameter does not match the your API key in the Google Developers Console.
Your API key has not been correctly set up in the Google Developers Console:
If you are using a browser key, check that your allowed referer(s) are correct.
If you are using a server key, check that your allowed IP(s) are correct.
Android and iOS keys are not supported, please use a Browser or Server key.
The request was not sent as an HTTPS request, HTTPS is required for all Google Places API Web Service requests.
The incorrect HTTP method was used to send the request:
All requests must be sent as a GET request except for Place Add.
All Place Add requests must be sent as a POST request.
The request body you specified looks complete, you can check out the Google Developer Console if you missed some configuration on it.
Hope this helps!

Resources