I'm using Identity Server 4. I have an external identity provider that I want to get the claims from the id token. In the documentation, http://docs.identityserver.io/en/latest/topics/signin_external_providers.html, it says that all the claims will be available. When I sign in only a few claims are shown in the Home/secure page. If I goto the Diagnostics page and look at the Id Token, they are there. I would like to include some of the claims in the id token and access token that the service is returning. I have created a Profile service thinking that I could add them there, but the same claims that show in the home/secure page are the only ones available:
Here is my external config in start up:
services.AddAuthentication()
.AddOpenIdConnect("external", "external", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = "https://external idp address.com";
options.ClientId = "secret";
options.Scope.Clear();
options.Scope.Add("openid profile");
options.SaveTokens = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
};
options.ClaimActions.MapAll();
});
Related
Is there a way to get user details (profile attributes etc) if I have IdentityPool or UserPool ID (sub) of a user with AWS SDK?
The use case is that I'm saving some information submitted by a user in a DB with a key equal to user ID (sub). So, when I'm reading it from the DB, I want to restore back some user info from my pool for my app UI.
I found a similar question (Getting cognito user pool username from cognito identity pool identityId), but it seems, the answer given is focused around serverless deployment, and still has some gaps.
Thanks in advance
Since you have the user's sub, you can use AdminGetUser. It returns the UserAttributes in the pool.
I think I found a solution, it was on the surface actually.
Having user pool id one can use ListUsers call with filter sub = \"${userId}\". The client to be used is CognitoIdentityProviderClient, if JS is used.
const client = new CognitoIdentityProviderClient({
region: REGION,
credentials: fromCognitoIdentityPool({
client: new CognitoIdentityClient({ region: REGION }),
logins: {
[PROVIDER_ID]: token
},
identityPoolId: ID_POOL_ID
})
});
const filter = `sub = \"${userPoolId}\"`;
const resp = await client.send(new ListUsersCommand({
UserPoolId: USER_POOL_ID,
Filter: filter,
Limit: 1
}));
Of course AdminGetUser can be used as well, as Ulas Keles mentioned above, if it's applicable
Problem:
I am working on an Android app which interacts with nodejs REST server using node orm for mysql backend. On my server, I have a functionality of authenticating users based on email verification. Once verification is successful, node orm fetches the user object, changes the verified column value and saves it back.
But, the change is not reflecting in the db after execution. Only if we run the same code another time, it is reflecting in the database
Code
exports.activateEmail = function(email, callback) {
log.info('In verifyEmailDao.js, activateEmail module');
var db = connectionObj.getConnection();
var Candidate = db.models.jobseeker_id;
Candidate.find({email : email}, function(err,candidate){
if(err){
log.info('cannot find account with email to activate', email);
callback(false, null);
}
else {
candidate[0].verified = true;
log.info('candidate email now activated.! status is', candidate[0].verified);
candidate[0].save(function(error){
log.info('Email verified any errors?', error);
callback(true, candidate[0].id);
});
}
});
}
Edit 1:
jobseeker_id.js (node-orm model)
var orm = require('orm');
module.exports = function(db){
console.log('coming inside candidateId.js');
var JobSeekerId = db.define('jobseeker_id', {
id : {type:'serial' , key:true},
first_name : String,
last_name : String,
email : String,
password : String,
verified : Boolean
},{
validations : {
email : orm.enforce.unique("Already registered")
}
});
}
Server log:
{"name":"test-app" "msg":"In verifyEmailDao.js, activateEmail module"}
{"name":"test-app","msg":"candidate email now activated.! status is true"}
{"name":"test-app","msg":"Email verified any errors? null"}
{"name":"test-app","msg":"Email sucessfully activated. Now deleting the entry from verify email link table for candidate id 30}
{"name":"test-app","msg":"In verifyEmailDao.js, deleteRandomLink module"}
{"name":"test-app","msg":"error is---> null"}
{"name":"test-app","msg":"Entry deleted from verify email table as email is activated"}
There will no be no changes in the log when I execute the code for second time, but the change in the db will be reflected!
After 2 days of hell I finally fixed the issue by adding a statement db.settings.set('instance.cache', false) to the db config file. Though I did'nt clearly understand how db update issue was resolved by setting the cache to false, this did the trick!
I am trying to use amazon product advertising API lookup product details for products in my DB. However, the response is always undefined. Am I doing anything wrong ?
var amazon = require('amazon-product-api');
var client = amazon.createClient({
awsId: "my aws id",
awsSecret: "my secret key",
awsTag: "my aws tag"
});
client.itemLookup({
responseGroup: 'Images,ItemAttributes,Offers,EditorialReview',
IdType: 'ASIN',
ItemId: "B00UTKTX36"
}).then(function (results){
console.log("results", results);
}).catch(function(err){
console.log(err.Error[0].Message);
});
Two things -
1. B00UTKTX36 is not a valid ASIN anymore (atleast as of now) http://www.amazon.com/dp/B00UTKTX36
2. ItemLookup operation on ASINs should not contain SearchIndex parameter. So comment this line https://github.com/t3chnoboy/amazon-product-api/blob/master/lib/utils.js#L57 in your node_modules/amazon-product-api/lib/utils.js and you are good to go.
We are writing a specialized PHP e-mail client and would like to give administrators of this client the ability to create user accounts on hMailServer.
I tried out imap_createmailbox(...) but it just creates a directory in the user's folder structure but does not "create a mailbox for a new user" as we want.
Is there some kind of interface that hMailServer has so that I can enable our PHP e-mail client to create hMailServer accounts via code?
Yes there two interfaces to create accounts in hmailserver.
One, via database, you can choose account and password hash type (0,1,2,3) and signature and other classic informations. I don't recommend this method for synchronisation reason, hmail-server take a caching time to consider the database update.
Two, which i recommend is to use API COM, its offers all possible methods in all cummon languages.
You have to enable D-COM in your windows server.
The API guide
hmailserver version: hMailServer 5.6.4 - Build 2283
complete solution of create new email account by hmailserver in c#
if you have configured hmailserver successfully, so then you can use the following steps to create new account by hmailserver in c#
hmailserver connection
private Domain HMailServerConnection() {
var objGlobal = new ApplicationClass();
objGlobal.Authenticate(ConfigurationManager.AppSettings["HMailUsername"], ConfigurationManager.AppSettings["HMailPassword"]);
return objGlobal.Domains.get_ItemByName(ConfigurationManager.AppSettings["hMailDomain"]);
}
function to create new email account
public string AddNewAccount(string email,string password)
{
try
{
Domain domain = HMailServerConnection();
Accounts accounts = domain.Accounts;
Account mailbox = accounts.Add();
mailbox.Address = email;
mailbox.Password = password;
mailbox.Save();
return "success";
}
catch(Exception ex)
{
return "error";
}
}
App settings in App.config or web.config
<appSettings>
<add key="hMailDomain" value="domainname"/>
<add key="HMailUsername" value="Username"/>
<add key="HMailPassword" value="password"/>
</appSettings>
see the link
its working i tested it.
<?php
header('Content-Type: text/html; charset=utf-8');
$obBaseApp = new COM("hMailServer.Application", NULL, CP_UTF8);
$obBaseApp->Connect();
$hmail_config['rooturl'] = "http://localhost/";
$obAccount = $obBaseApp->Authenticate("Administrator", "hMailserver Administrator
password");
if (!isset($obAccount)) {
echo "<b>Not authenticated or Administrator's password wrong</b>";
} else {
try {
echo "<b>Logon COM [OK], now we can add accounts</b>";
$obDomain = $obBaseApp->Domains->ItemByDBID(1);
$obAccount = $obDomain->Accounts->ItemByDBID(1); // account id
$domainname = $obDomain->Name;
$obAccounts = $obDomain->Accounts();
$obAccount = $obDomain->Accounts->Add();
$newalias = "powerranger";
$firstname = "Arnold";
$lastname = "Schwarzenegger";
$my_domainname ="#mydomain.com";
$obAccount->PersonFirstName = $firstname;
$obAccount->PersonLastName = $lastname;
$obAccount->MaxSize = 102; // 102 MB set inbox space
$obAccount->Address = $newalias .$my_domainname;
$obAccount->Password = "secret"; // provide this in Thunderbird/Outlook ect.
$obAccount->Active = true; // set account to active
$obAccount->Save(); // save, finish.
/* If we reaching this point, everything works as expected */
echo "<br/><h3> Account was successfully created, now you can login with".
"an POP3 or IMAP-Client </h3>";
}
/* OK, if something went wrong, give us the exact error details */
catch(Exception $e) {
echo "<h4>COM-ERROR: <br />".$e->getMessage()."</h4><br />";
}
}
I have a webapp where a user can log in and see a dashboard with some data. I'm using APIary for mock data and in my Postgres Database each of my users have an ID. These ID's are also used in the APIary JSON file with relevant information.
I'm using REST::Client and JSON to connect so for example the url for the user's dashboard is: "/user/dashboard/12345" (in Apiary)
and in the database there is a user with the ID "12345".
How can I make it so when the user logs in, their ID is used to pull the data that is relevant to them? (/user/dashboard/{id})? Any documentation or advice would be much appreciated!
The docs of Dancer2::Plugin::Auth::Extensible are showing one part of what you need to do already. In short, save the user ID in the session. I took part of code in the doc and added the session.
post '/login' => sub {
my ($success, $realm) = authenticate_user(
params->{username}, params->{password}
);
if ($success) {
# we are saving your user ID to the session here
session logged_in_user => params->{username};
session logged_in_user_realm => $realm;
} else {
# authentication failed
}
};
get '/dashboard' => sub {
my $client = REST::Client->new();
# ... and now we use the user ID from the session to get the
# from the webservice
$client->GET( $apiary . '/user/dashboard/' . session('logged_in_user') );
my $data = $client->responseContent();
# do stuff with $data
};
For those who want to know what I ended up doing:
Dancer2::Plugin::Auth::Extensible has
$user = logged_in_user();
When I printed this it showed me a hash of all the values that user had in the database including the additional ID I had. So I accessed the id with
my $user_id = $user->{user_id};
And appended $user_id to the end of the url!