RS256 jwt certificate not working on FeathersJS - feathersjs

I can't make FeathersJs work along RS256. I used the generator, but i receive
error: NotAuthenticated: error:0906D06C:PEM routines:PEM_read_bio:no start line when user logs in with correct JWT access token.
"authentication": {
"secret": "whateverSecret",
"strategies": [
"jwt"
],
"path": "/authentication",
"service": "users",
"jwt": {
"header": {
"typ": "access"
},
"audience": "https://yourdomain.com",
"subject": "anonymous",
"issuer": "feathers",
"algorithm": "RS256", //set to RS256
"expiresIn": "1d"
},
"auth0": {
"clientID": "myClientid",
"clientSecret": "myClientSecret",
"successRedirect": "/",
"domain": "myDomain.auth0.com",
"scopes": [
"profile"
]
},
"cookie": {
"enabled": true,
"name": "feathers-jwt",
"httpOnly": false,
"secure": false
}
}
and inside user.hooks.js is the default generator.


The RS256 requires quite a bit more configuration to work. This issue mentions to make sure that your private key (secret) is a valid certificate and contains the proper newlines.
You will also likely have to customize the JWT verifier to pass the public key as the signing secret when verifying the JWT.

Related

Integrating Docusign Identity Verification (Phone Authentication) with an envelope

I was using identity verification feature from Docusign with envelopes. Previously, envelopes are working fine without it. Then I enabled this feature and searched on the Docusign API Documentation, how to implement this feature. I got the necessary details like authentication token, workflow id. Try to hit the endpoint using Post request. Everything's fine but having issues in the body part of the post request getting invalid phone number response. Thank you for your time! Please help!
//Post request endpoint
https://demo.docusign.net/restapi/v2.1/accounts/f8594d59-9d52-xxxx-xxxx-xxxxxxxxxxxx/envelopes
//header
Authorization: Bearer {accestoken}
Content-Type: application/json
Acces: application/json
//request body
{
"accountId": "f8594d59-9d52-xxxx-xxxx-xxxxxxxxxxxx",
"templateId": "4e2ba389-5d26-xxxx-xxxx-xxxxxxxxxxxx",
"emailSubject": "Please sign the contract",
"templateRoles": [
{
"roleName": "Sender",
"name": "Name",
"email": "fName.lName#xyz.com",
"identityVerification": {
"workflowId": "c368e411-1592-xxxx-xxxx-xxxxxxxxxxxx",
"steps": null,
"inputOptions": [
{
"name": "phone_number_list",
"valueType": "PhoneNumberList",
"phoneNumberList": [
{
"countryCode": "1",
"number": "8956324511"
}
]
}
]
}
},
{
"roleName": "Customer",
"name": "cFName",
"email": "cFName.cLName#gmail.com"
}
],
"status": "sent"
}
//Response
{
"errorCode": "PHONE_NUMBER_INVALID",
"message": "Phone number is not valid."
}
//Expected Response can vary
{
"envelopeId": "e8342cd0-ea2b-xxxx-xxxx-xxxxxxxxxx",
"uri": "/envelopes/e8342cd0-ea2b-xxxx-xxxx-xxxxxxxxxx",
"statusDateTime": "2023-01-13T05:22:35.0100000Z",
"status": "sent"
}

According to https://www.areacodehelp.com/where/area_code_895.shtml area code 895 is not valid.
Try with a valid phone number to confirm the issue, but to me it looks like the number you used here is indeed not a valid phone number.
PS
If you meant to use a number in Azerbaijan, you need to change the country code from "1" to "895" as it's a country code for a different country (the way you have is if for the USA)

So, basically what I found is ID verification won't work with template roles because of the syntax compatibility. But it will work with composite templates, I made it work with composite template.
Additionally, both of the methods are compatible idVerification or phoneAuthentication. I am using idVerification for the first Signer and phone Authentication for the second signer
Docusign docs have more methods as well like sms auth, etc. Explore it from these links:
https://developers.docusign.com/docs/esign-rest-api/how-to/phone-auth/
https://developers.docusign.com/docs/esign-rest-api/reference/envelopes/envelopes/create/
Check examples, in my usecase I explored Generic JSON Request/Response
Thanks for all the support from Inbar and the community!
{
"accountId": "f8594d59-9d52-xxxx-xxxx-xxxxxxxxxx",
"emailSubject": "Please sign the contract",
"status": "sent",
"compositeTemplates": [
{
"compositeTemplateId": "1",
"serverTemplates": [
{
"sequence": "1",
"templateId": "4e2ba389-5d26-xxxx-xxxx-xxxxxxxxxx"
}
],
"inlineTemplates": [
{
"sequence": "2",
"recipients": {
"signers": [
{
"roleName": "Sender",
"recipientId": "1",
"name": "Name",
"email": "fName.lName#xyz.com",
"identityVerification": {
"workflowId": "c368e411-1592-xxxx-xxxx-xxxxxxxxxx",
"steps": null,
"inputOptions": [
{
"name": "phone_number_list",
"valueType": "PhoneNumberList",
"phoneNumberList": [
{
"countryCode": "1",
"number": "1234567890"
}
]
}
]
}
},
{
"roleName": "Customer",
"recipientId": "2",
"name": "cName",
"email": "cfName.clName#gmail.com",
"phoneAuthentication": {
"senderProvidedNumbers": [
"+11234567890"
],
"recipMayProvideNumber": false
},
"idCheckConfigurationName": "Phone Auth $"
}
]
}
}
]
}
]
}
Note: Use valid phone number!

Why doesn't Autodesk Forge 'workflowAttribute' appear in webhook updates for Model Derivative work?

According to Forge API Reference, there is a workflowAttribute available to 'set some custom workflow information'. Its part of the misc object in the Body Structure of the POST request used to submit a job.
I am using the following request:
convertResponse = await axios({
method: "post",
url:
"https://developer.api.autodesk.com/modelderivative/v2/designdata/job",
headers: {
"Content-Type": "application/json",
Authorization: access_token
},
data: JSON.stringify({
input: { urn: url_safe_encoded_urn },
output: {
destination: { region: "us" },
formats: [
{
type: "svf",
views: ["2d", "3d"],
advanced: { generateMasterViews: true }
}
]
},
misc: {
workflow: "designgen-forge",
workflowAttribute: { projectId }
}
})
});
But when the webHook calls my callback function, I see nothing like hookAttribute available in the data:
{
"version": "1.0",
"resourceUrn": "dXJuOmFkc2sub2JqZWN0czpvcy5vYmplY3Q6c3VmZm9say1nZW5kZXNpZ25sb3ZlLWRldi10ZW1wLzkxZjhhNGZmLTM5NTYtNGM5Yi05NzkyLThiMWMxNDQyZGJkNyUyRnJldml0LTkxZjhhNGZmLTM5NTYtNGM5Yi05NzkyLThiMWMxNDQyZGJkNy5ydnQ",
"hook": {
"hookId": "6d770063-d5dc-4c66-8ed8-e84207ade07d",
"tenant": "designgen-forge",
"callbackUrl": "https://bigchief.ngrok.io/dev/workitemcomplete",
"createdBy": "9DqOEPqAd4ZZYQ2MAxuT2VQwMfAJrBGp",
"event": "extraction.updated",
"createdDate": "2020-10-20T20:14:31.874+0000",
"system": "derivative",
"creatorType": "Application",
"status": "active",
"scope": {
"workflow": "designgen-forge"
},
"urn": "urn:adsk.webhooks:events.hook:6d770063-d5dc-4c66-8ed8-e84207ade07d",
"__self__": "/systems/derivative/events/extraction.updated/hooks/6d770063-d5dc-4c66-8ed8-e84207ade07d"
},
"payload": {
"TimeStamp": 1603289180515,
"Env": "production",
"URN": "<my urn>",
"EventType": "UPDATED",
"Payload": {
"status": "inprogress",
"bubble": {
"guid": "<my guid>",
"owner": "<my guid>",
"hasThumbnail": "true",
"startedAt": "Wed Oct 21 14:05:39 UTC 2020",
"type": "design",
"urn": "<my urn>",
"success": "75%",
"progress": "50% complete",
"region": "US",
"status": "inprogress",
"children": []
},
"scope": "fd2d74bb-1d5a-407c-a344-20dffa327504",
"registerKey": []
}
}
}
I would imagine that is the intent of the workflowAttribute object to populate something in the callback data, otherwise, whats the point. Am I not specifying it correctly? Or is this not implemented? If not, webhooks become nearly unusable, I suppose the alternative is to make and destroy a webhook for each request, which is so ugly its not really a solution.

Thank you for bringing this to our attention. We could reproduce the issue as well - i.e. that the content of the workflowAttribute provided in the body of POST job request will not show up in the webhook callback.
It's being looked into, and I hope it will work soon, but I cannot yet provide a deadline for that.
In the meantime, the workaround could be either:
a) keep track of the extra data (in your case projectId) associated with the urn of the given file on the server or in a database (you might already be using one)
b) create separate webhooks, as you suggested, with different id for the "scope" -> "workflow" parameter and provide the data as the "hookAttribute" - that will show up in the callback
Update on 2020-12-14: it's working now - see https://forge.autodesk.com/blog/custom-data-translation-webhook

Implicit Invocation of Google Assistant Action App with DialogFlow not working

I'm getting the
"API Version 2: Failed to parse JSON response string with 'INVALID_ARGUMENT' error: \": Cannot find field.\"."
and so am hoping you can help me, as I cannot get Implicit Invoking working for my app.
I've attached screenshots of the Welcome Intent setup on DialogFLow as well as pasted the Google Cloud fail logs here:
Google Cloud FAIL LOGS:
{
"request": {
"conversationToken": "",
"debugLevel": 1,
"inputType": "KEYBOARD",
"locale": "en-US",
"mockLocation": {
"city": "Mountain View",
"coordinates": {
"latitude": 37.421980615353675,
"longitude": -122.08419799804688
},
"formattedAddress": "Googleplex, Mountain View, CA 94043, United States",
"zipCode": "94043"
},
"query": "ask follow-up to log a call",
"surface": "GOOGLE_HOME"
},
"response": {
"conversationToken": "GidzaW11bG...",
"response": "Follow up isn't responding right now. Try again soon.",
"visualResponse": {
"visualElements": []
}
},
"debug": {
"agentToAssistantDebug": {
"agentToAssistantJson": "{\"message\":\"Failed to parse Dialogflow response into AppResponse, exception thrown with message: Empty speech response\",\"apiResponse\":{\"id\":\"875b123f-bcb2-4f45-b2f4-10193a6132c3\",\"timestamp\":\"2018-01-30T06:33:52.773Z\",\"lang\":\"en-us\",\"result\":{},\"status\":{\"code\":200,\"errorType\":\"success\"},\"sessionId\":\"1517294032097\"}}"
},
"assistantToAgentDebug": {
"assistantToAgentJson": "{\"user\":{\"userId\":\"ABwppHHDarg-rpyAaSt0hm8TZaycr30xhUpQcRKfchRbXriPUKmmzi_BqQrpXInBGyGmgfF4yIEiMX0jInJ8rQ\",\"accessToken\":\"{\\\"access_token\\\":\\\"00D3600000uHY5!AQoAQAcyjXEI.J.5EnB4.R.EdNXBKlymGOI4I6PPJVb465uyQLxnbQDyjPHtD0uE0W1RMdhnhgXLEpr8qPIMOTcnvsfKH0j\\\",\\\"signature\\\":\\\"etNbI3erh1iYmsTqCRicfKKJknRtGnCb1esvufdg7g=\\\",\\\"scope\\\":\\\"refresh_token web api\\\",\\\"instance_url\\\":\\\"https://follow-up-ed.my.salesforce.com\\\",\\\"id\\\":\\\"https://login.salesforce.com/id/00D3600000uHY5EAM/0053600000L9ePAAS\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"issued_at\\\":\\\"1517293582207\\\"}\",\"locale\":\"en-US\",\"lastSeen\":\"2018-01-30T06:26:14Z\"},\"conversation\":{\"conversationId\":\"151729432097\",\"type\":\"NEW\"},\"inputs\":[{\"intent\":\"Log Call by Business\",\"rawInputs\":[{\"inputType\":\"VOICE\",\"query\":\"ask follow-up to log a call\"}],\"arguments\":[{\"name\":\"trigger_query\",\"rawText\":\"log a call\",\"textValue\":\"log a call\"},{\"name\":\"Type\",\"rawText\":\"call\",\"textValue\":\"call\"}]}],\"surface\":{\"capabilities\":[{\"name\":\"actions.capability.AUDIO_OUTPUT\"},{\"name\":\"actions.capability.MEDIA_RESPONSE_AUDIO\"}]},\"isInSandbox\":true,\"availableSurfaces\":[{\"capabilities\":[{\"name\":\"actions.capability.AUDIO_OUTPUT\"},{\"name\":\"actions.capability.SCREEN_OUTPUT\"}]}]}",
"curlCommand": "curl -v 'https://api.api.ai/api/integrations/google?token=1ee421e5c9504f5b995ce9df62f7d275' -H 'Content-Type: application/json;charset=UTF-8' -H 'Google-Actions-API-Version: 2' -H 'Authorization: eyJhbGciOiJSUzI1NiIsImtpZCI6IjI2YzAxOGIyMzNmZTJlZWY0N2ZlZGJiZGQ5Mzk4MTcwZmM5YjI5ZDgifQ.eyJhdWQiOiJzYWxlc2ZvcmNlLWEwOWVkIiwiYXpwIjoiMTE4NDUyMTUyMjE5LW1zZ2VldXBkaGU5YWp0MzZpNnJxbHJtdTExZGQ1Y2gyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZXhwIjoxNTE3Mjk0MTUyLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJqdGkiOiI5ZTJjOGI1OGQzZjRiNTc3MmQ0MDc2ZjIwNWIyMGEyYTdmYTQ3MGY3IiwiaWF0IjoxNTE3Mjk0MDMyLCJuYmYiOjE1MTcyOTM3MzJ9.WnIVnDFUESVaLYOITacgDzS_4qPCat8YEMTHgsSzvHUzJNNeZ3oaDqUZ5lwECI0jfp2qHpW7Il5Tv1iDyPScOeggvm2cZZa4OXdr7PLr362eT5wyOZnsFWlrU8n4KlNZsuKl_uMSxhftP0qD2eUuwAKQ0bbAPurApTF_iY8Gzh2V0QYpn1Ol06bJLJo8B9z4lXmFuGfzldjWXojQ1eA794nItQKtt2X7tiSfBOoXOL2fpT8omy293vcMI-dWtf5FY1nH9_bN1GKHCbOQ4LiJTB__r7PVHOcq-SNb9_CtKaXvrLo9EW3CyfnHlc0SGv1UUo9akbvDZEwZG9B3gH7K1g' -A 'Mozilla/5.0 (compatible; Google-Cloud-Functions/2.1; +http://www.google.com/bot.html)' -X POST -d '{\"user\":{\"userId\":\"ABwppHHDarg-rpyAaSt0hm8TZaycr30xhUpQcRKfchRbXriPUKmmzi_BqQrpXInBGyGmgfF4yIEiMX0jInJ8rQ\",\"accessToken\":\"{\\\"access_token\\\":\\\"00D36000000uHY5!AQoAQAcyjXEI.J.5EnB4.R.EdNXBKlymGOI4I6PPJVb465uyQLxnbQDyjPHtD0uE0W1RMdhnhgXL8Epr8qPIMOTcnvsfKH0j\\\",\\\"signature\\\":\\\"etNbI3erh1iYmsTqCRicfKKJknRtGnC4b1esvufdg7g=\\\",\\\"scope\\\":\\\"refresh_token web api\\\",\\\"instance_url\\\":\\\"https://follow-up-dev-ed.my.salesforce.com\\\",\\\"id\\\":\\\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"issued_at\\\":\\\"1517293582207\\\"}\",\"locale\":\"en-US\",\"lastSeen\":\"2018-01-30T06:26:14Z\"},\"conversation\":{\"conversationId\":\"1517294032097\",\"type\":\"NEW\"},\"inputs\":[{\"intent\":\"Log Call by Business\",\"rawInputs\":[{\"inputType\":\"VOICE\",\"query\":\"ask follow-up to log a call\"}],\"arguments\":[{\"name\":\"trigger_query\",\"rawText\":\"log a call\",\"textValue\":\"log a call\"},{\"name\":\"Type\",\"rawText\":\"call\",\"textValue\":\"call\"}]}],\"surface\":{\"capabilities\":[{\"name\":\"actions.capability.AUDIO_OUTPUT\"},{\"name\":\"actions.capability.MEDIA_RESPONSE_AUDIO\"}]},\"isInSandbox\":true,\"availableSurfaces\":[{\"capabilities\":[{\"name\":\"actions.capability.AUDIO_OUTPUT\"},{\"name\":\"actions.capability.SCREEN_OUTPUT\"}]}]}'"
},
"sharedDebugInfo": [
{
"name": "ResponseValidation",
"subDebugEntry": [
{
"debugInfo": "API Version 2: Failed to parse JSON response string with 'INVALID_ARGUMENT' error: \": Cannot find field.\".",
"name": "UnparseableJsonResponse"
}
]
}
]
},
"errors": [
[
{
"debugInfo": "API Version 2: Failed to parse JSON response string with 'INVALID_ARGUMENT' error: \": Cannot find field.\".",
"name": "UnparseableJsonResponse"
}
]
]
}
Google Cloud SUCCESS LOGS:
{
"request": {
"conversationToken": "",
"debugLevel": 1,
"inputType": "KEYBOARD",
"locale": "en-US",
"mockLocation": {
"city": "Mountain View",
"coordinates": {
"latitude": 37.421980615353675,
"longitude": -122.08419799804688
},
"formattedAddress": "Googleplex, Mountain View, CA 94043, United States",
"zipCode": "94043"
},
"query": "Talk to Follow-Up",
"surface": "GOOGLE_HOME"
},
"response": {
"conversationToken": "CiZDIzVhNm...",
"expectUserResponse": true,
"response": "Follow-Up is Online. Would you like to log a call, add a note or create a reminder?",
"visualResponse": {
"visualElements": []
}
},
"debug": {
"agentToAssistantDebug": {
"agentToAssistantJson": "{\"conversationToken\":\"[\\\"defaultwelcomeintent-followup\\\",\\\"sessiondata\\\"]\",\"expectUserResponse\":true,\"expectedInputs\":[{\"inputPrompt\":{\"richInitialPrompt\":{\"items\":[{\"simpleResponse\":{\"textToSpeech\":\"Follow-Up is Online. Would you like to log a call, add a note or create a reminder?\",\"displayText\":\"Follow-Up is Online. Would you like to log a call, add a note or create a reminder in Salesforce?\"}}],\"suggestions\":[{\"title\":\"Log a call\"},{\"title\":\"Add a note\"},{\"title\":\"Create a reminder\"},{\"title\":\"Exit\"}]}},\"possibleIntents\":[{\"intent\":\"assistant.intent.action.TEXT\"},{\"intent\":\"907faabf-33a2-49ff-a368-263d01e812fc\"},{\"intent\":\"a4bdf329-5430-4833-827d-620ed00e4288\"},{\"intent\":\"68d2be51-880d-44dd-9939-1c09089b5fbf\"},{\"intent\":\"d9f56992-363e-410d-a00e-1e9a59ed613d\"},{\"intent\":\"66de3f32-c11a-4e36-80b1-64582bc1ef69\"},{\"intent\":\"befff469-3348-49d7-b9d6-5bbe7eef2aa6\"},{\"intent\":\"a813eeba-2a35-4f20-8fdb-09f8e9b08b7c\"},{\"intent\":\"e9add01c-1067-4c14-a48c-979f4934e192\"},{\"intent\":\"1dbe2f1a-a12e-4f22-9092-11dafce0cf26\"},{\"intent\":\"94c36f7f-8fff-4c55-b6f4-f5556fa83d8a\"},{\"intent\":\"d503d957-6dea-4d40-b161-adb779df2f66\"},{\"intent\":\"040b1388-4aaa-4e3b-8af9-67c111bd9cc7\"},{\"intent\":\"494afd87-d03a-49a6-a5da-340061c9121a\"}],\"speechBiasingHints\":[\"$Classification\",\"$Type\",\"$BusinessName\",\"$Task\",\"$FollowUp\",\"$Calendar\"]}],\"responseMetadata\":{\"status\":{},\"queryMatchInfo\":{\"queryMatched\":true,\"intent\":\"6bb1ee8e-8a54-4422-b20e-de50839c40bc\"}}}"
},
"assistantToAgentDebug": {
"assistantToAgentJson": "{\"user\":{\"userId\":\"ABwppHHDarg-rpyAaSt0hm8TZaycr30xhUpQcRKfchRbXriPUKmmzi_BqQrpXInBGyGmgfF4yIEiMX0jInJ8rQ\",\"accessToken\":\"{\\\"access_token\\\":\\\"00D36000000uHY5!AQoAQAcyjXEI.J.5EnB4.R.EdNXBKlymGOI4I6PPJVb465uyQLxnbQDyjPHtD0uE0W1RMdhnhgXL8Epr8qPIMOTcnvsfKH0j\\\",\\\"signature\\\":\\\"etNbI3erh1iYmsTqCRicfKKJknRtGnC4b1esvufdg7g=\\\",\\\"scope\\\":\\\"refresh_token web api\\\",\\\"instance_url\\\":\\\"https://follow-up-dev-ed.my.salesforce.com\\\",\\\"id\\\":\\\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"issued_at\\\":\\\"1517293582207\\\"}\",\"locale\":\"en-US\",\"lastSeen\":\"2018-01-30T06:33:52Z\"},\"conversation\":{\"conversationId\":\"1517294128019\",\"type\":\"NEW\"},\"inputs\":[{\"intent\":\"actions.intent.MAIN\",\"rawInputs\":[{\"inputType\":\"VOICE\",\"query\":\"Talk to Follow-Up\"}]}],\"surface\":{\"capabilities\":[{\"name\":\"actions.capability.MEDIA_RESPONSE_AUDIO\"},{\"name\":\"actions.capability.AUDIO_OUTPUT\"}]},\"isInSandbox\":true,\"availableSurfaces\":[{\"capabilities\":[{\"name\":\"actions.capability.SCREEN_OUTPUT\"},{\"name\":\"actions.capability.AUDIO_OUTPUT\"}]}]}",
"curlCommand": "curl -v 'https://api.api.ai/api/integrations/google?token=1ee421e5c9504f5b995ce9df62f7d275' -H 'Content-Type: application/json;charset=UTF-8' -H 'Google-Actions-API-Version: 2' -H 'Authorization: eyJhbGciOiJSUzI1NiIsImtpZCI6IjI2YzAxOGIyMzNmZTJlZWY0N2ZlZGJiZGQ5Mzk4MTcwZmM5YjI5ZDgifQ.eyJhdWQiOiJzYWxlc2ZvcmNlLWEwOWVkIiwiYXpwIjoiMTE4NDUyMTUyMjE5LW1zZ2VldXBkaGU5YWp0MzZpNnJxbHJtdTExZGQ1Y2gyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZXhwIjoxNTE3Mjk0MjQ4LCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJqdGkiOiIxY2M5ODYxOGVlNzI5NzQ4YjdiZTczZmI3NjY2ZDM3YzllYjk0ZDQ4IiwiaWF0IjoxNTE3Mjk0MTI4LCJuYmYiOjE1MTcyOTM4Mjh9.S28YQqlVGJEK0xXfgZ-rxgwdXlfBMBoV3UXBIsvN6SeKK3PYvkvShqpKB5Icr89TSvzS7riq2H9YBwzrvPCRQscrH_3tVRyQL2EsCQhnpGQhnvVdO7rwE2b1-xnoAj7dy9D8EOuNskOK7V2Qek7u-_ZdU9r7w4W_saVwhyFtGMjfXFjgPgRurZq3Ei3-fnZ9GJ-3RqlgGU8FiSSFXheBgSvwWq9Ai7QeiVDaGcjxovX1qZXhkhu9W5lPPdTE1tUYVZ3CZcJfE5YqQiPJfQj6OJwguRg5Qb3aKMHlBV50Pb5Ux302ZWT_L49lVxk-cFM0-oTeNo5YLuFzQIwCgpcaoA' -A 'Mozilla/5.0 (compatible; Google-Cloud-Functions/2.1; +http://www.google.com/bot.html)' -X POST -d '{\"user\":{\"userId\":\"ABwppHHDarg-rpyAaSt0hm8TZaycr30xhUpQcRKfchRbXriPUKmmzi_BqQrpXInBGyGmgfF4yIEiMX0jInJ8rQ\",\"accessToken\":\"{\\\"access_token\\\":\\\"00D36000000uHY5!AQoAQAcyjXEI.J.5EnB4.R.EdNXBKlymGOI4I6PPJVb465uyQLxnbQDyjPHtD0uE0W1RMdhnhgXL8Epr8qPIMOTcnvsfKH0j\\\",\\\"signature\\\":\\\"etNbI3erh1iYmsTqCRicfKKJknRtGnC4b1esvufdg7g=\\\",\\\"scope\\\":\\\"refresh_token web api\\\",\\\"instance_url\\\":\\\"https://follow-up-dev-ed.my.salesforce.com\\\",\\\"id\\\":\\\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"issued_at\\\":\\\"1517293582207\\\"}\",\"locale\":\"en-US\",\"lastSeen\":\"2018-01-30T06:33:52Z\"},\"conversation\":{\"conversationId\":\"1517294128019\",\"type\":\"NEW\"},\"inputs\":[{\"intent\":\"actions.intent.MAIN\",\"rawInputs\":[{\"inputType\":\"VOICE\",\"query\":\"Talk to Follow-Up\"}]}],\"surface\":{\"capabilities\":[{\"name\":\"actions.capability.MEDIA_RESPONSE_AUDIO\"},{\"name\":\"actions.capability.AUDIO_OUTPUT\"}]},\"isInSandbox\":true,\"availableSurfaces\":[{\"capabilities\":[{\"name\":\"actions.capability.SCREEN_OUTPUT\"},{\"name\":\"actions.capability.AUDIO_OUTPUT\"}]}]}'"
}
},
"errors": []
}
And the DialogFLow JSON blob here:
FAIL DIALOGFLOW
{
"id": "60acafcf-ceb2-485c-b3f6-663407832e1c",
"timestamp": "2018-01-30T06:39:56.632Z",
"lang": "en",
"result": {
"source": "agent",
"resolvedQuery": "ask follow up to log a call",
"action": "input.welcome",
"actionIncomplete": false,
"parameters": {},
"contexts": [
{
"name": "defaultwelcomeintent-followup",
"parameters": {},
"lifespan": 2
},
{
"name": "sessiondata",
"parameters": {},
"lifespan": 1
}
],
"metadata": {
"intentId": "6bb1ee8e-8a54-4422-b20e-de50839c40bc",
"webhookUsed": "true",
"webhookForSlotFillingUsed": "false",
"webhookResponseTime": 340,
"intentName": "Default Welcome Intent"
},
"fulfillment": {
"messages": [
{
"type": "suggestion_chips",
"platform": "google",
"suggestions": [
{
"title": "\"Log a call\""
},
{
"title": "\"Add a note\""
},
{
"title": "\"Create a reminder\""
}
]
},
{
"type": 0,
"speech": "Follow-Up isn't responding right now. Please try again later."
}
]
},
"score": 0.5
},
"status": {
"code": 200,
"errorType": "success",
"webhookTimedOut": false
},
"sessionId": "24069c06-d6c0-4723-a0d9-fa284884d023"
}
SUCCESS DIALOGFLOW
{
"id": "210514e2-6702-4d30-9689-eb3279fdde6d",
"timestamp": "2018-01-30T06:41:19.848Z",
"lang": "en",
"result": {
"source": "agent",
"resolvedQuery": "talk to follow up",
"action": "input.welcome",
"actionIncomplete": false,
"parameters": {},
"contexts": [
{
"name": "defaultwelcomeintent-followup",
"parameters": {},
"lifespan": 2
},
{
"name": "sessiondata",
"parameters": {},
"lifespan": 1
}
],
"metadata": {
"intentId": "6bb1ee8e-8a54-4422-b20e-de50839c40bc",
"webhookUsed": "true",
"webhookForSlotFillingUsed": "false",
"webhookResponseTime": 237,
"intentName": "Default Welcome Intent"
},
"fulfillment": {
"messages": [
{
"type": "suggestion_chips",
"platform": "google",
"suggestions": [
{
"title": "\"Log a call\""
},
{
"title": "\"Add a note\""
},
{
"title": "\"Create a reminder\""
}
]
},
{
"type": 0,
"speech": "Follow-Up isn't responding right now. Please try again later."
}
]
},
"score": 1
},
"status": {
"code": 200,
"errorType": "success",
"webhookTimedOut": false
},
"sessionId": "24069c06-d6c0-4723-a0d9-fa284884d023"
}
Google Actions Testing Logs FAIL
{
"request": {
"conversationToken": "",
"debugLevel": 1,
"inputType": "KEYBOARD",
"locale": "en-US",
"mockLocation": {
"city": "Mountain View",
"coordinates": {
"latitude": 37.421980615353675,
"longitude": -122.08419799804688
},
"formattedAddress": "Googleplex, Mountain View, CA 94043, United States",
"zipCode": "94043"
},
"query": "ask follow up to log a call",
"surface": "GOOGLE_HOME"
},
"response": {
"conversationToken": "GidzaW11bG...",
"response": "Follow up isn't responding right now. Try again soon.",
"visualResponse": {
"visualElements": []
}
},
"debug": {
"agentToAssistantDebug": {
"agentToAssistantJson": "{\"message\":\"Failed to parse Dialogflow response into AppResponse, exception thrown with message: Empty speech response\",\"apiResponse\":{\"id\":\"49c16313-09e6-4431-9765-37095a19e3bb\",\"timestamp\":\"2018-01-31T01:45:41.734Z\",\"lang\":\"en-us\",\"result\":{},\"status\":{\"code\":200,\"errorType\":\"success\"},\"sessionId\":\"1517363140452\"}}"
},
"assistantToAgentDebug": {
"assistantToAgentJson": "{\"user\":{\"userId\":\"ABwppHGKOxCmVg53MPiRI_5NnIt0vUjDf0Hqwxgm9pTNnH8vOquUymEX8T2OtFC1NA48-X4JiKBTk0an2wTYVw\",\"accessToken\":\"{\\\"access_token\\\":\\\"00D36000000uHY5!AQoAQFHFHGAYHInuT1.FtcUSN7k81w1tgkEh.ijyqq1Pw3UqtlCM6SGi_qTrvFDAvPBG673Lgr119bpIUEUNuOnC4XF2d7o2\\\",\\\"refresh_token\\\":\\\"5Aep861QbHyftz0nI9mDOXbILtyhnTRY2lNmFwvaIHwc6w_JBasCpmEoOoWUo5W9asHeibIB9HbomiclZ2P_6pk\\\",\\\"signature\\\":\\\"nUZJxL8SFUVOScLjP6c5ydpjwL8iLRyHZ+xOyehfLhc=\\\",\\\"scope\\\":\\\"refresh_token web api\\\",\\\"instance_url\\\":\\\"https://follow-up-dev-ed.my.salesforce.com\\\",\\\"id\\\":\\\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"issued_at\\\":\\\"1517363133651\\\"}\",\"locale\":\"en-US\",\"lastSeen\":\"2018-01-31T01:44:48Z\"},\"conversation\":{\"conversationId\":\"1517363140452\",\"type\":\"NEW\"},\"inputs\":[{\"intent\":\"Log Call by Name\",\"rawInputs\":[{\"inputType\":\"VOICE\",\"query\":\"ask follow up to log a call\"}],\"arguments\":[{\"name\":\"trigger_query\",\"rawText\":\"log a call\",\"textValue\":\"log a call\"},{\"name\":\"Type\",\"rawText\":\"call\",\"textValue\":\"call\"}]}],\"surface\":{\"capabilities\":[{\"name\":\"actions.capability.AUDIO_OUTPUT\"},{\"name\":\"actions.capability.MEDIA_RESPONSE_AUDIO\"}]},\"isInSandbox\":true,\"availableSurfaces\":[{\"capabilities\":[{\"name\":\"actions.capability.SCREEN_OUTPUT\"},{\"name\":\"actions.capability.AUDIO_OUTPUT\"}]}]}",
"curlCommand": "curl -v 'https://api.api.ai/api/integrations/google?token=1ee421e5c9504f5b995ce9df62f7d275' -H 'Content-Type: application/json;charset=UTF-8' -H 'Google-Actions-API-Version: 2' -H 'Authorization: eyJhbGciOiJSUzI1NiIsImtpZCI6IjI2YzAxOGIyMzNmZTJlZWY0N2ZlZGJiZGQ5Mzk4MTcwZmM5YjI5ZDgifQ.eyJhdWQiOiJzYWxlc2ZvcmNlLWEwOWVkIiwiYXpwIjoiMTE4NDUyMTUyMjE5LW1zZ2VldXBkaGU5YWp0MzZpNnJxbHJtdTExZGQ1Y2gyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZXhwIjoxNTE3MzYzMjYwLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJqdGkiOiI5NDQxOTU4YzVkYWY3ZjgyODkzOTdhYWRkNjgzMzNmNDQ1ZjY2NDFkIiwiaWF0IjoxNTE3MzYzMTQwLCJuYmYiOjE1MTczNjI4NDB9.Fc5SWQakdTwfhW3x1NGgbwzT4pjec5GW2fOVc0Vh9aZ8XseAOeMWDRdiVK5Q4ApRMfJWC239P2LYvXGzW2tqZBPjxS_LKdD_6GbRJaNAYMs2SyiTuJmLs0G9RqFzXja-0mz8q_lejpWSuLgjzO7H136lHjR4d6bFiNS0ec3UIzIrgx7oaGCtRFuEtj4af82llyztaKkDAtwpankG01CBWm_sX_FmFD9svLUk7u22NA3KXsCM23fasLcmietBEj6LktnfiR6Tk85mk4n5FYi4VJ7KHzsfgIPC2zkmJVaAc1OczLvV_qtLb_9hoM_3k8jLMXK0n1oypQHZSpCvElOzwQ' -A 'Mozilla/5.0 (compatible; Google-Cloud-Functions/2.1; +http://www.google.com/bot.html)' -X POST -d '{\"user\":{\"userId\":\"ABwppHGKOxCmVg53MPiRI_5NnIt0vUjDf0Hqwxgm9pTNnH8vOquUymEX8T2OtFC1NA48-X4JiKBTk0an2wTYVw\",\"accessToken\":\"{\\\"access_token\\\":\\\"00D36000000uHY5!AQoAQFHFHGAYHInuT1.FtcUSN7k81w1tgkEh.ijyqq1Pw3UqtlCM6SGi_qTrvFDAvPBG673Lgr119bpIUEUNuOnC4XF2d7o2\\\",\\\"refresh_token\\\":\\\"5Aep861QbHyftz0nI9mDOXbILtyhnTRY2lNmFwvaIHwc6w_JBasCpmEoOoWUo5W9asHeibIB9HbomiclZ2P_6pk\\\",\\\"signature\\\":\\\"nUZJxL8SFUVOScLjP6c5ydpjwL8iLRyHZ+xOyehfLhc=\\\",\\\"scope\\\":\\\"refresh_token web api\\\",\\\"instance_url\\\":\\\"https://follow-up-dev-ed.my.salesforce.com\\\",\\\"id\\\":\\\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"issued_at\\\":\\\"1517363133651\\\"}\",\"locale\":\"en-US\",\"lastSeen\":\"2018-01-31T01:44:48Z\"},\"conversation\":{\"conversationId\":\"1517363140452\",\"type\":\"NEW\"},\"inputs\":[{\"intent\":\"Log Call by Name\",\"rawInputs\":[{\"inputType\":\"VOICE\",\"query\":\"ask follow up to log a call\"}],\"arguments\":[{\"name\":\"trigger_query\",\"rawText\":\"log a call\",\"textValue\":\"log a call\"},{\"name\":\"Type\",\"rawText\":\"call\",\"textValue\":\"call\"}]}],\"surface\":{\"capabilities\":[{\"name\":\"actions.capability.AUDIO_OUTPUT\"},{\"name\":\"actions.capability.MEDIA_RESPONSE_AUDIO\"}]},\"isInSandbox\":true,\"availableSurfaces\":[{\"capabilities\":[{\"name\":\"actions.capability.SCREEN_OUTPUT\"},{\"name\":\"actions.capability.AUDIO_OUTPUT\"}]}]}'"
},
"sharedDebugInfo": [
{
"name": "ResponseValidation",
"subDebugEntry": [
{
"debugInfo": "API Version 2: Failed to parse JSON response string with 'INVALID_ARGUMENT' error: \": Cannot find field.\".",
"name": "UnparseableJsonResponse"
}
]
}
]
},
"errors": [
[
{
"debugInfo": "API Version 2: Failed to parse JSON response string with 'INVALID_ARGUMENT' error: \": Cannot find field.\".",
"name": "UnparseableJsonResponse"
}
]
]
}
Google Cloud Logs SUCCESS Post
{
insertId: "epw74xfuhr98a"
labels: {
channel: "preview"
source: "JSON_RESPONSE_VALIDATION"
}
logName: "projects/salesforce-a09ed/logs/actions.googleapis.com%2Factions"
receiveTimestamp: "2018-01-31T02:07:08.026897050Z"
resource: {
labels: {
action_id: ""
project_id: "salesforce-a09ed"
version_id: ""
}
type: "assistant_action"
}
severity: "DEBUG"
textPayload: "Sending request with post data: {"user":{"userId":"ABwppHGKOxCmVg53MPiRI_5NnIt0vUjDf0Hqwxgm9pTNnH8vOquUymEX8T2OtFC1NA48-X4JiKBTk0an2wTYVw","accessToken":"{\"access_token\":\"00D36000000uHY5!AQoAQPlRWyuv4mA0oNyUUcUWBr1PRzsaQB0NGFR3f9CD6j4Z_vHGSHCcRtGyOet5F_jEdvo.ykj1es.d2y.d7lFwanc1x1en\",\"refresh_token\":\"5Aep861QbHyftz0nI9mDOXbILtyhnTRY2lNmFwvaIHwc6w_JBZrL0KU0BZ3nLp.5Q1bBdSVn.zL53m3QsG0ZW1J\",\"signature\":\"UncpON0wsMm9OfoudbJw4liWBdWktyCat6lxArAO3iU=\",\"scope\":\"refresh_token web api\",\"instance_url\":\"https://follow-up-dev-ed.my.salesforce.com\",\"id\":\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\",\"token_type\":\"Bearer\",\"issued_at\":\"1517364271309\"}","locale":"en-US","lastSeen":"2018-01-31T02:05:39Z"},"conversation":{"conversationId":"1517364426179","type":"NEW"},
"inputs":[{"intent":"actions.intent.MAIN","rawInputs":[{"inputType":"VOICE","query":"open follow-up"}]}],
"surface":{"capabilities":[{"name":"actions.capability.MEDIA_RESPONSE_AUDIO"},{"name":"actions.capability.AUDIO_OUTPUT"}]},"isInSandbox":true,"availableSurfaces":[{"capabilities":[{"name":"actions.capability.SCREEN_OUTPUT"},{"name":"actions.capability.AUDIO_OUTPUT"}]}]}."
timestamp: "2018-01-31T02:07:06.435444389Z"
trace: "projects/118452152219/traces/1517364426179"
}
Google Cloud Logs FAIL Post
{
insertId: "5kahhnfa51fzb"
labels: {
channel: "preview"
source: "JSON_RESPONSE_VALIDATION"
}
logName: "projects/salesforce-a09ed/logs/actions.googleapis.com%2Factions"
receiveTimestamp: "2018-01-31T02:08:18.510485438Z"
resource: {
labels: {
action_id: ""
project_id: "salesforce-a09ed"
version_id: ""
}
type: "assistant_action"
}
severity: "DEBUG"
textPayload: "Sending request with post data: {"user":{"userId":"ABwppHGKOxCmVg53MPiRI_5NnIt0vUjDf0Hqwxgm9pTNnH8vOquUymEX8T2OtFC1NA48-X4JiKBTk0an2wTYVw","accessToken":"{\"access_token\":\"00D36000000uHY5!AQoAQPlRWyuv4mA0oNyUUcUWBr1PRzsaQB0NGFR3f9CD6j4Z_vHGSHCcRtGyOet5F_jEdvo.ykj1es.d2y.d7lFwanc1x1en\",\"refresh_token\":\"5Aep861QbHyftz0nI9mDOXbILtyhnTRY2lNmFwvaIHwc6w_JBZrL0KU0BZ3nLp.5Q1bBdSVn.zL53m3QsG0ZW1J\",\"signature\":\"UncpON0wsMm9OfoudbJw4liWBdWktyCat6lxArAO3iU=\",\"scope\":\"refresh_token web api\",\"instance_url\":\"https://follow-up-dev-ed.my.salesforce.com\",\"id\":\"https://login.salesforce.com/id/00D36000000uHY5EAM/00536000000L9ePAAS\",\"token_type\":\"Bearer\",\"issued_at\":\"1517364271309\"}","locale":"en-US","lastSeen":"2018-01-31T02:08:07Z"},"conversation":{"conversationId":"1517364498025","type":"NEW"},
"inputs":[{"intent":"ReminderIntent","rawInputs":[{"inputType":"VOICE","query":"ask follow up to create a reminder"}],"arguments":[{"name":"trigger_query","rawText":"create a reminder","textValue":"create a reminder"},{"name":"Task","rawText":"creates","textValue":"create"},{"name":"Task","rawText":"reminders","textValue":"reminder"}]}],
"surface":{"capabilities":[{"name":"actions.capability.AUDIO_OUTPUT"},{"name":"actions.capability.MEDIA_RESPONSE_AUDIO"}]},"isInSandbox":true,"availableSurfaces":[{"capabilities":[{"name":"actions.capability.AUDIO_OUTPUT"},{"name":"actions.capability.SCREEN_OUTPUT"}]}]}."
timestamp: "2018-01-31T02:08:18.282416932Z"
trace: "projects/118452152219/traces/1517364498025"
}
Screen shots:
DialogFlow Welcome Intent
DialogFlow LogCall Intent
DialogFlow / Assistant Integration Tab
Google Actions Simulator error
Google Cloud Error Logs

The issue is because the intent you are trying to match "Log call by name" which expects an input context "sessionData", will never be matched because invoking your app using a deep-link "ask follow up to log a call" doesn't send that context in the request. That explains why your default response (Text response) for that intent isn't returned.
To fix it you need to:
Remove the input contexts from the intents you intend to use as deep-links OR duplicate those intents and remove the input contexts from the duplicates.
Best practice 1: Have a fallback intent that has no input contexts, which will catch any unmatched in-dialog queries.
Best practice 2: Have a fallback intent that specifically handles unmatched deep-links at invocation time. (See image below)

The agentToAssistantJson field has an encoded JSON entry for result which typically suggests that your webhook isn't returning anything. Normally, Dialogflow returns the static messages you've defined in the Intent in this case, but it sounds like that isn't happening here. Verify that the URL you're using for fulfillment is correct and that it is returning valid JSON.
In this case, I think there are a few things that could be causing the problem.
The phrase "Ask follow up to log a call" should be triggering the Log Call by Name Intent it looks like. But this Intent isn't listed as one of the implicit invocation Intents. The Assistant might be passing this off to Dialogflow, and Dialogflow, finding no match, returns nothing.
But even if it did match the phrasing for the Log Call by Name Intent, and that Intent was an implicit invocation Intent, there are two other elements of the Intent that seem strange.
The first is that the Intent is expecting an input context of sessionData. But since this is meant to be used as an initial Intent, there can be no input context. Dialogflow may be told by the Assistant that this is the matching Intent, and then reject it because the input context doesn't match.
Similarly, the second oddity is that you're looking for an event called CALL_BY_NAME. Events generally override any phrases that may be spoken - they're meant to capture non-textual activities (the WELCOME intent, for example, or an option being selected, or the user saying nothing). Unless you're triggering the event (which you can do), you probably wouldn't want it. As above, I'm wondering if the Assistant is telling Dialogflow this is the Intent to use, but Dialogflow isn't getting the event, so rejects it and sends back nothing.
tl;dr
There are three possible things to look at and fix:
Make sure the Intent is listed as an implicit invocation Intent in the Assistant Integration.
Remove the incoming context.
Remove the event.

How to add inline image by Microsoft Graph API?

Background
When I use Outlook client to send a mail with inline image.
The image in html email looks like this, which has cid:
<img size="100" src="cid:3bb599fc-f3eb-465b-af83-aa6a495f563a" style="max-width:100%">
When I use
GET /me/messages/{messageId}/attachments
The contentId in the result returned matched the cid in html.
{
"value": [
{
"#odata.type": "#microsoft.graph.fileAttachment",
"id": "aaa",
"lastModifiedDateTime": "2017-11-30T09:32:09Z",
"name": "image.png",
"contentType": "image/png",
"size": 100,
"isInline": true,
"contentId": "3bb599fc-f3eb-465b-af83-aa6a495f563a",
"contentLocation": null,
"contentBytes": "validBase64Bytes"
}
]
}
Using Microsoft Graph API
Now I am trying to use Microsoft Graph API to add inline image.
POST /me/messages/{messageId}/attachments
{
"#odata.type": "#microsoft.graph.fileAttachment",
"name": "1.jpg",
"isInline": true,
"contentBytes": "validBase64Bytes"
}
However, the contentId is null in the result returned.
{
"#odata.type": "#microsoft.graph.fileAttachment",
"id": "aaa",
"lastModifiedDateTime": "2017-11-30T09:35:50Z",
"name": "1.jpg",
"contentType": "image/jpeg",
"size": 100,
"isInline": true,
"contentId": null,
"contentLocation": null,
"contentBytes": "validBase64Bytes"
}
And if I set contentId manually in POST
POST /me/messages/{messageId}/attachments
{
"#odata.type": "#microsoft.graph.fileAttachment",
"name": "1.jpg",
"isInline": true,
"contentId": "myContentId",
"contentBytes": "validBase64Bytes"
}
It will return the error
{
"error": {
"code": "BadRequest",
"message": "Unable to read JSON request payload. Please ensure Content-Type header is set and payload is of valid JSON format.",
"innerError": {
"request-id": "36e95f0a-ad75-46c6-b86c-d585a150b96d",
"date": "2017-11-30T09:37:41"
}
}
}
So how to add inline image correctly?

Weird, I tried to run the exact same code again, it won't give me any error now.
POST /me/messages/{messageId}/attachments
{
"#odata.type": "#microsoft.graph.fileAttachment",
"name": "1.jpg",
"isInline": true,
"contentId": "myContentId",
"contentBytes": "validBase64Bytes"
}
Not sure whether it is a temporary issue. I will inform Microsoft team to check the log.
If I am wrong for how to use the API, please definitely point out. Thanks.
I will leave it here for future people to save some time to implement adding inline image.

Openshift Open ID Identity Provider with lookup mapping method

I'm using an OpenIDIdentityProvider with mappingMethod: claim to authenticate admin users in the Openshift admin console. I'm using the auth0 service to authenticate users. The admin users are defined in an ansible playbook on deployment, effectively making the admin users hard-coded.
Is it possible to completely manage all admin and developer users using the OpenIDIdentityProvider, a lookup mapping method and adding something like extraScopes: [roles] to pull through the additional authorization roles into the authentication request? That would enable me to completely manage users and roles separately from the ansible playbook. Next level bonus points for managing permissions on the authentication provider side.
The Openshift documentation is very light on details for authentication / authorization outside of the default mappingMethod: claim.
Below is my identity provider json file for the claim-based mapping method:
{
"items": [
{
"name": "auth0",
"challenge": false,
"login": true,
"mappingMethod": "claim",
"kind": "OpenIDIdentityProvider",
"clientID": "supersecretsauce",
"clientSecret": "extrasupersecretsauce",
"extraScopes": ["email", "profile"],
"claims": {
"id": [
"email"
],
"preferredUsername": [
"email"
],
"name": [
"name"
],
"email": [
"email"
]
},
"urls": {
"authorize": "https://fancypants.auth0.com/authorize",
"token": "https://fancypants.auth0.com/oauth/token",
"userInfo": "https://fancypants.auth0.com/userinfo"
}
}
]
}
To my simple mind the below would suffice for a working lookup-based mapping method with roles returned by the authentication provider:
{
"items": [
{
"name": "auth0",
"challenge": false,
"login": true,
"mappingMethod": "lookup",
"kind": "OpenIDIdentityProvider",
"clientID": "supersecretsauce",
"clientSecret": "extrasupersecretsauce",
"extraScopes": ["email", "profile", "roles"],
"claims": {
"id": [
"email"
],
"preferredUsername": [
"email"
],
"name": [
"name"
],
"email": [
"email"
],
"role": [
"roles"
]
},
"urls": {
"authorize": "https://fancypants.auth0.com/authorize",
"token": "https://fancypants.auth0.com/oauth/token",
"userInfo": "https://fancypants.auth0.com/userinfo"
}
}
]
}
An example of a functional role value would be cluster-admin.

OpenID can only be used for authentication. You are attempting to use it for both authentication and authorization. This is not possible as roles and bindings are managed by Openshift - they cannot be delegated to an external service.