Background
I have set up a Twitter app & sandbox dev environment, from which I have a dev environment label ('prod'), consumer API key ('abcdefghijk') and an API secret key.
Using OAUTH I then obtained an access token & secret for the Twitter account I want to access using Twitter's Account Activity API.
Finally, using the Smooch API in node.js I have added the Twitter integration to one of my Smooch apps as follows:
smooch.integrations.create({
appId: SMOOCH_APP_ID,
props: {
type: 'twitter',
tier: 'sandbox',
envName: 'prod',
consumerKey: 'abcdefghijk',
consumerSecret: TWITTER_CONSUMER_SECRET,
accessTokenKey: TWITTER_USER_ACCESS_TOKEN,
accessTokenSecret: TWITTER_USER_ACCESS_SECRET
})
...which registered the integration successfully and shows up as a new subscription in my Twitter developer dashboard ✓
Problem
In the logs for the Smooch app I see an entry status 'refused', Error: 'Twitter ConsumerKey Mismatch: DrkY...[redacted]...DqOt'
I do not recognise this ConsumerKey as being the one I used when setting up the new integration ('abcdefghijk'). I have verified that this is still the key registered on the application by running smooch.integrations.list(SMOOCH_APP_ID), so.. where is this other ConsumerKey coming from?
Thanks #michaels - it's working now.
For anyone else who comes across this question, we migrated our Twitter API app to another Twitter account which seems to have caused this issue. This was a Twitter issue rather than a Smooch issue and was resolved by removing all subscriptions to the old app in Twitter.
Related
i am creating a mobile app for multiple platforms (iOS, Android, PWA (Web)) and have my backend build with the serverless framework on AWS Lambda, using API Gateway and DynamoDb.
My most recent goal is to add a user login using AWS Cognito, enabling my users to either login using their email and password, or a facebook login. I read multiple threads, tutorials and the official AWS Documentation but am super confused because of the mass of different information.
I want to integrate authorized API Endpoints which can only be called when the user is logged in.
Therefore my first question is:
1) Should i rather use AWS Cognito User Pools or AWS Cognito Identity Pools?
I also read that for user pools you can solely use the hosted UI for login, which is not a possibility for my app. I want to style my own login page.
As i could not find any sample code for the client side integration, i went with identity Pools for now, and created an endpoint in my serverless.yml which is specified the following:
functions:
xxx-auth:
handler: endpoints/xxx-auth.execute
events:
- http:
path: xxx-auth
method: put
cors: true
integration: lambda
authorizer: aws_iam
So my second question is:
2) How do i properly integrate the authorization for my Cognito Identity Pool or User Pool?
From another Thread i read that there is the possibility to generate an SDK for the API one created on API Gateway, which handles the signature procedures of the request for you. As i tried to do so in my iOS application, i first log the user in using the following code:
let credentialsProvider = AWSCognitoCredentialsProvider(regionType: .EUCentral1 ,
identityPoolId:"eu-central-1:XXXXXXXX" ,
identityProviderManager: CustomIdentityProvider(tokens: ["graph.facebook.com": FBSDKAccessToken.current().tokenString]))
let configuration = AWSServiceConfiguration(region: .EUCentral1, credentialsProvider: credentialsProvider)
AWSServiceManager.default().defaultServiceConfiguration = configuration
and then use the following created code to submit the PUT request:
public func XXXPut() -> AWSTask<AnyObject> {
let headerParameters = [
"Content-Type": "application/json",
"Accept": "application/json",
]
let queryParameters:[String:Any] = [:]
let pathParameters:[String:Any] = [:]
return self.invokeHTTPRequest("PUT", urlString: "/XXX", pathParameters: pathParameters, queryParameters: queryParameters, headerParameters: headerParameters, body: nil, responseClass: nil)
}
But i cannot see any code that signs the HTTP request. Therefore the third question is:
3) How do i create the SDK that properly sends the signed HTTP request to my API Gateway backend?
I also tried the same for Cognito User Pools, using a simple "Authorization" header, but could not figure out a way to obtain the respective Authorization token on the iOS application without using any kind of hosted UI.
It would be very kind if someone could explain this jungle to me.
I figured it out by myself:
1) It depends. I am now using a combination of both for the following reason:
For a Facebook Login, we are using a Cognito Identity Pool, as the Cognito UserPool does not support a Facebook Login outside of the hosted UI. For Email signup and login we use a UserPool inside the Cognito Identity Pool.
2) The code snippet i posted was correct.
3) The code snippet was also correct. My mistake was that i did not correctly display and inspect the reply of my API and therefore thought the request was not authorized, but it was.
I'm experimenting with the automatic setup of projects in BIM 360 Field using the Autodesk Forge API. The code is designed to run on internal systems and currently uses the two legged authentication method. I've managed to get a project setup, I'm now trying to add a project admin using the recommended V2 import endpoint:
POST projects/:project_id/users/import
As I'm using two legged authentication I'm specifying my x-user-id in the header. When I run this I receive the following error:
{fault.name} - The client_id specified does not have access to the api product
This happens no matter which V2 endpoint I use; even though all services are enabled in the Forge Dev Centre for the app. I've looked at this answer and Mikako's solution works, but this is by using the V1 endpoint, I'd like to be able to use this endpoint, and other V2 endpoints. What could be going wrong with my V2 implementations?
I think it is because your project is Field classic. Field classic is a pre-Forge era web services. It's not a part of Forge.
You may try Field API:
https://bim360field.autodesk.com/apidoc/index.html#api/v1/project_users_method_3
The newer version of Field is under preview right now for customers who has Field.
For more info about what is Forge, what is not, please refer to this post:
https://fieldofviewblog.wordpress.com/2017/01/17/bim-360-and-forge-overview/
or about Field classic in general:
https://fieldofviewblog.wordpress.com/forge/
In the global Wirecloud instance i have a widget which uses the KeystoneAPI mentioned here:
https://wirecloud.readthedocs.io/en/stable/development/object_storage_api/
So far so good.
However now i want to move to KeyRock for authentication. I still want to pass tokens from my wirecloud widget to backend services like the Wilma PEP proxy which is not connected to KeyRock as well. But the KeystoneAPI seems to be tied to Keystone (hence the name probably).
Is there a KeyRockAPI accessible from Wirecloud widgets? How can a widget obtain the KeyRock OAuth2 token the user logged in with? I cannot find any documentation on this.
WireCloud doesn't allow widgets and operators to read the OAuth2 token assigned to the user, but it provide support for injecting the token into HTTP requests if they go through the WireCloud's proxy. This injection is controlled by several HTTP headers, this is an example:
MashupPlatform.http.makeRequest(url, {
requestHeaders: {
"X-FI-WARE-OAuth-Token": "true",
"X-FI-WARE-OAuth-Header-Name": "X-Auth-Token"
},
...
});
You can find more info about how to use this feature in the FIWARE Academy course, more specifically in the 3.1.8. Accessing third-party services using IdM tokens section (take into account that this document is the same you pointed in your comments, but in html format ;) ).
Answers to the others questions formulated as comments:
Installed docker containers of KeyRock and Wirecloud, tried out the objectstorage demo widget, which failed to retrieve an authentication token. Traced the problem to %idm_token% not being filled in by the python code, presumably in plugins.py because it looks for an AUTHENTICATION_BACKEND of 'fiware' whereas the documentation states to include 'wirecloud.fiware.social_auth_backend.FIWAREOAuth2'.
I recommend you to create a new question in StackOverflow to tackle this problem. Please, provide more details on your configuration.
So my authentication token from wirecloud will be bound to that application? If so, the token is useless to my own application unless i can get a new token for it. Am i wrong here?
Yeah, the Mashup portal is the application number 17 in the Account portal and the OAuth2 token obtained by WireCloud is bound to that application. I cannot foresee if that token is useful for your application or not. This token can be used for authenticating users, but the IdM limits the returned information (e.g. roles) depending on the application bounded to the token. So, evidently, this integration is not perfect, but we are missing some integration features from the IdM to make it more useful.
I'm unable to get my Google Compute instance to speak to the Datastore (within the same project).
I believe I've set everything up correctly:
Google Compute instance has the full API scope
All the relevant APIs have been enabled in the project
Billing is enabled in the project
The tutorials claim that I won't even need to have a service account to use the API, but since it didn't work I also tried setting up a service account and put the key file on my instance. Still no luck.
Here's the code I'm trying to run (I created a Test entity in the Datastore of the project, and I can successfully look it up using Google's API explorer with an OAuth2 token for my account):
const gcloud = require('gcloud')({
projectId: 'roger-web-client',
keyFilename: './roger-web-client-8d1fbd8baae2.json',
});
const dataset = gcloud.datastore.dataset();
dataset.get(dataset.key(['Test', 5629499534213120]), (error, entity) => {
console.log(error || entity);
});
This results in the error 403 Forbidden. If I comment out keyFilename, I get 401 Unauthorized instead, which seems to imply the magic authorization on Google Compute instances isn't working for me.
Ideas?
I am developing an app against an Enterprise account that has SSO enabled. When I authenticate, it will accept just my email address if I am already authenticated with Box in my browser session. All looks good, and I get the message via Box "Thanks for logging in"...and that I am free to proceed with my app.
However, when I try to get my auth token, I get the "get_auth_token_error", and the Box documentation doesn't give me any details on this, other than saying it is a generic error state.
I've tested this with a non-enterprise app (which obviously is not SSO), and all works. Note I am v1 of the Box API
Enterprise Box accounts with SSO enabled need to have the API keys for each application turned on.
The problem turned out that my API key had not been turned on. This is only applicable with SSO enabled enterprise Box accounts. A request has to be made to the Box API team to turn this on.
What confused things was at the same time Box had a known issue with SSO authentication via the API.
There was an issue earlier in the week with SSO. We have rolled out a fix for the issue. If you are still having problems with SSO in your application, can you please reach out to us at api at Box dot com and give us additional information for reproducing your problem.