ReplyUrl of Authorization Server not found - azure-api-management

I am self-hosting the api management developer portal using a custom domain name via a Azure CDN and storage account. Authentication is provided using Azure AAD B2C. We have configured an authorization server to request access token using authorization code flow. When we access the managed site it correctly requests the access token and processes it using the reply url "https://apim-instance-name.developer.azure-api.net/signin-oauth/code/callback/name-of-auth-server", however, when we use the custom domain name it returns 404 not found when AAD B2C redirects the browser to https://custom-domain-name.com/signin-oauth/code/callback/name-of-auth-server". Is there something I'm missing?
Screenshot of redirected browser not finding reply url

Related

Fail to Deploy Forge by using Azure

I want to ask about the Deployment of Forge API by Azure.
I had done it through the resource from Learn Forge, and it seems to work smoothly on the local site, but when I try to publish it, Although it shows permission
after I sign in, it shows 400 error refused, how can I do this for this error?
This is typically caused by an incorrect callback URL for the 3-legged authentication workflow.
When you develop your application locally, you typically set the callback URL (both in your application's code and in https://forge.autodesk.com/myapps) to something like http://localhost:3000/api/forge/callback/oauth).
However, when you deploy your application to Azure, AWS, Heroku, or any other cloud hosting provider, the callback URL must be updated accordingly. For example, if you deploy your application as an Azure Web App, the callback URL could look something like https://my-cool-app.azurewebsites.net/api/forge/callback/oauth. And again, you'll have to change the URL both in https://forge.autodesk.com/myapps, and in your Azure Web App settings.

How to use a Google Service Account to authenticate via IAM in Google Apps Scripts?

I am writing a Google Apps Script
I'd like to make an https call to an external server.
This server happens to be on GCP (Google Cloud Platform) and sitting
behind IAM.
In order to be able to authenticate with the server, I need to pass an Authorization Bearer header. My problem is, what do I pass as the Authorization Bearer?
From what I understand, I have 2 options that I've tried and failed at:
Use the default GSA appsdev-apps-dev-script-auth#system.gserviceaccount.com. and grant it IAM permissions (that didn't work).
Create a custom GSA, save the private token in the Apps Scripts Properties. However, how do I convert that token to a JWT so I can use it for the Authorization Bearer

What to put as 'Authorized Domain' under Firebase authentication for a single page Google App Script webapp

In my Google App Script webapp, I would like to implement Firebase Phone authentication using FirebaseUI. But I am getting an error 'Hostname match not found' error when authenticating after reCaptcha verification.
So, please help me to understand:
If Firebase phone auth can be implemented for GAS webapps using FirebaseUI?
If yes, then what should I put as the 'Authorized Domain'? (I have tried with script.google.com, but it did not work)
Edit: After further studying, I found that the GAS webapp is served over a subdomain of script.googleusercontent.com and was able to use FirebaseUI phone auth by adding the subdomain as 'Authorized Domain' under Firebase auth.
Now, I would like to understand:
The subdomain over which a GAS webapp is served, is it exclusive and static per appscript project?

I need to implement authentication on my web app

My scenario:
A Google Apps Script Web Application served from its server-side index.html to fill the students score on a spreadsheet.
The script is embedded as iframe in a website page hosted on Firebase.
I need a way to protect this web app and make it only accessible for specific users via Firebase Auth. username and password.
It's not possible to protect static web content with Firebase Auth. What you can do instead is is protect access to your backend using a ID token provided by the client to the server, and the server can validate that the user can take action. You would use the Firebase Admin SDK on the backend to validate the token.

Oauth2 chrome extension different user

Can I authorize and get oauth2 access token in chrome extension for currently logged in user in gmail instead of chrome user.
Thank you
You can follow this documentation for the user authentication.
Use the Chrome Identity API to authenticate users: the getAuthToken for users logged into their Google Account and the launchWebAuthFlow for users logged into a non-Google account. If your app uses its own server to authenticate users, you will need to use the latter.
Here are the five steps you need to complete for Google account authentication:
Add permissions to your manifest and upload your app.
Copy key in the installed manifest.json to your source manifest, so that your application ID will stay constant during development.
Get an OAuth2 client ID for your Chrome App.
Update your manifest to include the client ID and scopes.
Get the authentication token.
Apps can get OAuth2 tokens for these users using the getAuthToken API.
You can also check these tutorials:
Using OAuth 2.0 for Client-side Web Applications
OAuth 2.0 from chrome extensions