Basic authentication with StageWebView - apache-flex

Is there a way to perform basic authentication using StageWebView on mobile devices in Flex?
The problem is that mobile (iOS, Android) implementations don't provide authentication dialog and documentation about this is pretty unclear.
On this link:
http://helpx.adobe.com/air/kb/stagewebview-differences-platforms-air-sdk.html
it's suggested to use URLRequest as a workaround, but I already have URLLoader that successfully authenticates and loads data from the same service and it doesn't affect StageWebView.

I'm having the same issue. The problem is after authentication (after the app install page through facebook), it goes blank. I at least found that the url is "m.facebook.com/dialog/permissions.request" and then continues with a massive amount of get variables.
From my research, I believe this is a pop-up window that runs an auto-close function but doesn't seem to work in Adobe AIR. I've tried running a TimerEvent in a "LocationChangeEvent" to nav back (have to run 2 back to back because the webViewObject.historyBack() method does not support parameters), and this works but only after the app has been installed on their facebook account successfully which in turn affects the ability to even install it to their Facebook in the first place.
I also tested reading the url to trigger callbacks but the one major problem is the "Install" page and the "login successful" page have the EXACT same url entirely, at least from start to finish. Haven't tested the title yet due to my frustrations lol...working on that.
If anyone has any suggestions, this would be supremely helpful and seriously appreciated!

Related

MS Teams custom tab SSO not working on desktop App

We have set up our application as a custom Microsoft Teams app. The application is working just fine in the browser but fails to load in the Desktop APP. The application uses Azure Active Directory to perform the login through the saml2.0 implementation and is embedded through an iFrame.
Can't find a good way to debug what the issue might be. The AAD logs are always empty and the DevTools do not show what's happening in the embedded iFrame.
Has anyone encountered this issue before or might know of a way to try and debug it?
This is actually quite common, that it works fine in browser but not in desktop, and there are probably several reasons for that, not least of which that the popup experience is easier to control in browser versus the actual Teams desktop sandbox. It's also common, I think, that people try to launch their own popup to handle the login, which you can't actually do in the Teams desktop. It's a bit wierd, but basically Teams desktop launches a popup for you, which loads your login page, which in turn then needs to do a -redirect- because you're now in a new browser page.
In any case, in my experience, it's always because I've done something wrong, that's why desktop doesn't work correctly. My suggestion is to follow the docs -exactly- and it should work fine.
The most important doc is this one, which really does give some quite straightforward step-by-step. You can also check out this video which helps as well.

Your app contains an Intent Redirection vulnerability

I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13.
I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to overcome this problem? They also said in the email to make changes in the manifest file. If any one has a similar problem and knows the solution for it, your help would be appreciated.
Here is the email:
"One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk. On August 13, 2019, any apps that contain unfixed security vulnerabilities beyond the dates listed on your Play Console alerts will be removed from Google Play.
Action required
Sign in to your Play Console.
Select Alerts to see which apps contain a security vulnerability, and review the guidance on how to resolve the vulnerability.
Update your affected apps to fix the vulnerabilities.
Submit the updated versions of your affected apps.
Upon resubmission, your app will be reviewed again. This process can take several hours. If the app passes review and is published successfully then no further action is required. If the app fails review then the new app version will not be published and you will receive notification via email."
I was having the same issue "intent redirection your app(s) are vulnerable to intent redirection" and I added exported="false" in every activity, but still got rejected, then I realized the problem was in one of the payment libraries I was using, all I had to do is update the library and the new app update got live.
my issue was in RazorPay payment gateway, I updated it from 1.6.3 to 1.6.6 (latest)
implementation 'com.razorpay:checkout:1.6.6'
they already mentioned this issue here, check it out https://github.com/razorpay/razorpay-android-sample-app/issues/202
I have a same issue, actually Latest Unity Add Xiaomi SDK by default which cause this issue.
Simple remove Xiaomi from your Unity it will fix the issue.
We had received a similar email, In the Play Console/Alert tab, we found this
for us, the reason is "com.androidnative.features.social.common.SocialProxyActivity.StartActivity"
which come from Android Native asset[Ultimate Mobile] - Unity3D.
We used that asset for Advertisements, In-app purchase and play game services instead of using the original SDK. So the possible solution is to remove that asset from our game and use the original SDK.
Here is the Screenshot of my alert.
There are several points to keep in mind to resolve that issue:
The most confusing: you must rollout affected application fixed APK/AAB to 100% on all tracks where it had place to be. Important note is that among others you must rollout production track release to 100% in order to Google to reconstruct your issue.
In the new version of Play Console there is no way to find out any specific information about the issue so you should email Google Support to ask for details. As a respone you may possibly get obfuscated method or class signature, so you need to deobfuscate it.
Read carefully through official document to address issues and resolve them. Our application got rejected because SMS BroadcastReceiver did not apply any permission restraints.
Ihsan Ali
The problem is in the UnityChannel.aar file, you need to open it with the help of the archiver and open the AndroidManifest.XML. I in the line android:exported="true" wrote a false as indicated in the article in Google. Now publish the version and if the error will no longer be reported.
I had the same issue. Just remove xiaomi app game centre from your unity>>game build option. Disabling it will surely clear out the issue.

Sharing to WeChat: WeixinJSBridge is undefined

I'm trying to implement sharing to WeChat on our site.
Accordingly to docs, I have to load SDK from http://res.wx.qq.com/open/js/jweixin-1.0.0.js, configure it, and call corresponding methods (onMenuShareAppMessage in my case).
I did all configuration, it seems that it's ok (no errors displayed, wx.ready() callback is executed), but when I call wx methods, nothing happens at all.
Reading SDK code (minified), I can see that everything is wrapped in constructions like window.WeixinJSBridge ? WeixinJSBridge.doSmth() : doNothing(). In my case WeixinJSBridge is undefined.
But what is that WeixinJSBridge and where should I get it? It's not described in docs. Googling it gives some pages on Chinese with same question – "WeixinJSBridge is undefined" and with no answer.
How to properly work with all this stuff?
Or, maybe I'm totally misunderstand the docs and sharing to WeChat from website is impossible at all? Please somebody explain.
Understood. That SDK is only for WeChat browser, built-in inside their mobile application. For other browsers SDK has no sense.
So yep, normally it's impossible to share content to WeChat from website.
WeixinJSBridge is an object available once http://res.wx.qq.com/open/js/jweixin-1.0.0.js is loaded inside the Wechat Web Browser.
It's used specifically to start the payment process in Wechat App.
If you wanna test/debug it, download the wechat testing software for desktop here: https://mp.weixin.qq.com/wiki?action=doc&id=mp1455784140

Firebase dynamic links in UWP

So Firebase has these Dynamic links, which if you click in your Android / iPhone you get redirected to your app instead of the website. So when you want to invite your friends to join you in the app (game, group chat or whatever) you just share this link with them.
I was wondering if this was achievable with UWP. I watched a video about project Rome where they talk about AppUriHandlers which seem to do the job. HOWEVER they require you to have a json file at your web server root which would identify your app, saying "yea, this app is allowed and me are associated, open this app when someone launches this link".
The problem with that is that the Firebase dynamic link points to a google endpoint, e.g. https://aaxy2.app.goo.gl/?link=redirect_here and naturely there is going to be no json file just sitting there.
Is there some other way how to have users redirected to my app just via a link (it needs to be an http link because that's what the Android and iOS versions of the app will be using).
It's not going to be possible; for this exact reason. To ensure that web links aren't hijacked by third parties (for potentially malicious reasons), only the owner of a domain (or more accurately: the person/people with access to the storage where the domains points) can "approve" an app.
Update:
After actually doing my job and properly reading your question, I can give you a correct answer; sorry :/
Linking to UWP apps will work similarly to how it's described for iOS apps in the first section here:
You can do the iOS 8 way and support a uri scheme as described in the Windows docs here.
With the Anniversary Update you can also support AppUriHandlers by directing your users to a web link that will launch your app instead (as described in the Dynamic Links docs for iOS 9).
It looks like, however, that you need to register an iOS or Android app to get going, so that might give you some trouble.

Script to automatically log in to webpage and click button

I have a time clock system that employees login to via browser and punch for time but I find that the process takes our less tech savvy employees 4-5 minutes. Is there a way to make a script that would auto-login for them, load the punch page, and then select the clock function via menu and then click the 'punch' button? Ideally I'd like to make two shortcuts on the desktop linking to these scripts: one for clocking in and one for clocking out. The button and menu both have IDs so I know it is possible to assign those values via javascript, but I'm unsure of how to do the auto-login / page redirection.
I see several ways you could go with this.
Coding scripts using WebDriver. WebDriver is a browser driver library and should be able to generally interact with most elements, so it could likely do what you're looking for. WebDriver works in a variety of programming languages which gives you flexibility. Here's the getting started guide for Java.
Use a macro recorder like AutoHotKey. Later versions come complete with COM support and you could hook up to Internet Explorer. More details are here. If you don't know AutoHotKey, you'll likely want to go through some of the initial tutorials before digging through that post though.
The third way would be to look for an API or web service or even a tool like curl (a command line tool to fetch URLs). Depending on how your time card application is coded, you might be able to create a batch script that never actually renders the page but just calls the URL in succession. This is likely to be the fastest solution for the users but may prove difficult if there's a lot of asynchronous script calls or PUT http requests in your app. A curl tutorial is available here.
Another solution: Sikuli (free, open source, Linux/Mac OS X/Windows). It allows you to write Python script that clicks on the screen based on the screenshot you provide.
You might also be interested in Selenium IDE:

Resources