I am attempting to set up the MTurkR R Package for the first time which requires Access Keys, both "Access Key Id" and "Secret Access Key" from AWS see: http://polmeth.wustl.edu/methodologist/tpm_v20_n2.pdf
However Amazon recently "removed the ability to retrieve existing secret access keys for your AWS (root) account." see here
I tried creating an IAM User and using their Access Key within the credentials() command, but get the following error:
Error (AWS.MechanicalTurk.UnacceptableIdentity):
AWS Identity and Access Management (IAM) user accounts cannot be used for Amazon
Mechanical Turk.
Is there any way around this issue? Do I have to wait for a package update?
Related
I am working on Microsoft authentication using firebase. its a web project in vuejs 2 tech. I have followed this Documentation step by step for firebase and code section also followed this Documentation for creating account in azure portal but getting this error:
error FirebaseError: Firebase: Error getting verification code from microsoft.com response: error=invalid_request&error_description=Proof%20Key%20for%20Code%20Exchange%20is%20required%20for%20cross-origin%20authorization%20code%20redemption.&state=AMbdmDnE2TjhyB-T1hIHqYTh73Za9GIrASM-9NFz4trUb4QSLmP6W_qIFNCSl2fmUyq0tTvTNeB3Yg1a3XmOHg93aDItLCJTEEf9B-6EdpPLzR-_mkV9bI3QLoTyT3JQl9Pldczh3BfRlTZQ2KwKfV8IxgpHoXxKJByVzaB-M1wxWO9ESh7Ap_2BvNYHrq2tSFQHbK9D70l7xzi292de6G4rbGUgKmtuTtND4B671A1sxhD2-1WTWaCXkLMv_R7q5JTiWmfqn12ZipA_RWnMBDkPRhglBVReg6jBCRWKv1PvWN2dVQOQfjIoTKRfUs8VK4KfMDR6rYAVst8UStsO79nPN27_32yBjoU9pdl3 (auth/invalid-credential).
at _errorWithCustomMessage (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:568:20)
at _performFetchWithErrorHandling (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:1085:23)
at async _performSignInRequest (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:1100:29)
at async _signInWithCredential (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:4706:22)
at async PopupOperation.onAuthEvent (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:7965:26)
please suggest what could be the possible fix for the above issue
I was able to fix this problem by doing under written 2 steps
step 1 : I created SPA platform on azure portal but it should be web platform so just deleted the SPA and added web platform to fix this problem
To configure application settings based on the platform or device you're targeting, follow these steps:
In the Azure portal, in App registrations, select your application.
Under Manage, select Authentication.
Under Platform configurations, select Add a platform. Under
Configure platforms, select the tile for your application type
(platform) to configure its settings.
step 2: we have to Application secret in fire base console which need to be copied correctly from azure portal
basic steps to create and add a client secret
In the Azure portal, in App registrations, select your application.
Select Certificates & secrets > Client secrets > New client secret.
Add a description for your client secret.
Select an expiration for the secret or specify a custom lifetime
Select Add.
Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.
please read the last step properly which says we have to copy key value if you left the page the value will be hidden like this with *** so in that case just delete this key and add new client key then copy the value (it "Value" field not "Secret ID" field)
now just add that key to your fire base console in application secret field
Note: try to follow these documentations properly Firebase documentation and microsoft azure documentation
We are transitioning to using Terraform to create our architecture on Google Compute, and part of it utilises Firebase for the front-end. So far, I have managed to get this all working fine, but have hit a snag on Firebase Auth. Essentially, I want to allow 'Email/Password' authentication on a Firbase project programmatically.
The above shows where you find the setting in the UI console, but I want to be able to do that via an API/CLI, and also set the 'Authorised Domain'.
Yes, as of November 2022, this is now possible, either using Terraform, or the gcloud CLI and a bit of scripting. Both methods make use of the REST Identity Toolkit API.
If using Terraform: Your config file needs to specify a google_identity_platform_project_default_config resource: the documentation for it is available here. By way of example – assuming you've already declared a google_project resource called my_project, you could add the google_identity_platform_project_default_config resource as follows:
resource "google_identity_platform_project_default_config" "myconfig" {
project = google_project.myproject.project_id
sign_in {
allow_duplicate_emails = false
anonymous {
enabled = false
}
email {
enabled = true
password_required = false
}
}
}
This would enable email+password authentication, disallow anonymous access, and disallow duplicate email addresses.
If using the gcloud CLI: This would be a good deal fiddlier. I haven't tested it out completely, but it is presumably equivalent to what Terraform is doing behind the scenes. You need to obtain a service account access token, then use cURL (or a similar tool/API) to amend the Identity Toolkit configuration using the PATCH method (documentation here), supplying the token in the "Authorization" header.
gcloud lets you get an access token using the command gcloud auth print-access-token, but according to this 2021 blog post1 by #DazWilkin, the token obtained using your regular human credentials can't perform the necessary PATCH operation; you need to use a token backed by a service account that has the correct permissions.
The blog post gives further details, but roughly, the steps are:
Create a service account and give it the correct permissions. (Not necessary if you already have an appropriate service account; such an account can be created either using the Firebase console or Terraform's google_service_account resource.)
Create a JSON service account key file. (Not necessary if you already have a key created, plus a JSON file for it. These JSON files contain an object with the keys "project_id", "private_key_id", and "private_key", and are exactly the same sort of file as gets generated from the Firebase console if you go to "Project Overview" / "Project Settings" / "Service Accounts" / "Generate new private key". They can also be created programmatically using Terraform's google_service_account_key resource.)
Allow gcloud to perform operations using the service account's permissions, by running gcloud's "auth activate-service-account" subcommand: something like
$ gcloud auth activate-service-account --key-file=/path/to/key-file.json EMAIL_ADDRESS_OF_SERVICE_ACCOUNT
Obtain an access token for the service account by running gcloud auth print-access-token EMAIL_ADDRESS_OF_SERVICE_ACCOUNT.
Supply that token in the header of an HTTP PATCH request using cURL.
For more details, see the blog post; it's concerned with amending the "authorized domains" list for a Firebase project, but enabling email/password authentication would be very similar.
1 Also mentioned in this stackoverflow answer.
Is there a way to lock a user's account after a certain number of failed login attempts to the API Store and API Publisher? I already check at FAQ API Manager, but then the documentation redirect to Identity Server files.
Its there any method on how to solve this issues?
Thank You.
You can change the following properties in APIM_HOME/repository/conf/identity/identity-mgt.properties file.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts
Authentication.Policy.Password.Expire.Time=0
# If account verification is not enabled, following property will decide where user must be lock or not after user is created
Authentication.Policy.Account.Lock.On.Creation=false
Authentication.Policy.Account.Lock.Time=0
Authentication.Policy.Account.Lock.On.Failure=false
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=0
You should first install following Identity Feature in WSO2 API Manager.
Account Recovery and Credential Management
version : 5.7.5
Then you will get the identity-mgt.properties file in your /repository/conf/identity directory.
By changing the following property value to the preferred number you can achive the account locking after several attempts.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=0
Note :
To install the above feature,
Login to Management Console of API Manager 2.1.0 (httpso://localhost:9443/carbon)
Go to Configure > Features > Repository Management and add the following repository.
http://product-dist.wso2.com/p2/carbon/releases/wilkes/
Then search for "Account Recovery and Credential Management Feature".
Select and install the version 5.7.5 as below.
Restart the Server.
I faced with such error
Request must contain either a valid (registered) AWS access key ID or X.509 certificate.
While trying to register an user via Cognito in DynamoDB Local. An user registers ok when I disconnect from DynamoDB and I can create an record in db programmatically.
The error comes from the DynamoDB. Please have a look:
http://docs.aws.amazon.com/amazondynamodb/latest/APIReference/CommonErrors.html
I have a form where the user will enter the AWS Account Name, AWS Access Key, and AWS Secret Key and click submit to add the information to a table in a database. How would I validate the keys prior to them being added to the database?
The only reliable way to confirm not only the format, but also the validity of the keys, is to perform an operation using them.
Do something simple with the EC2 API that requires all three factors prior to storing them in the DB.
On a side note, please be sure you properly secure this database. If it is compromised, so will be as many AWS accounts as you store the credentials to.