I want to check if a user has a valid license for a Windows Store application (desktop bridge). At first the StoreLicense.IsActive[1] property looked promising but the docs state:
This property is reserved for future use, and it is not intended to be used in the current release. Currently, it always returns true.
Interestingly the demo code provided by Microsoft [2] also uses this function, although I can confirm that it always returns true.
What is the proper way to check for a valid license?
Regards,
[1] https://learn.microsoft.com/de-ch/uwp/api/windows.services.store.storelicense.isactive
[2] https://learn.microsoft.com/en-us/windows/uwp/monetize/implement-a-trial-version-of-your-app
It seems like you want to check whether the user currently has a valid license to use the app, in this case, according to this section of the document Get license info for apps and add-ons:
To get license info for the current app, use the GetAppLicenseAsync method. This is an asynchronous method that returns a StoreAppLicense object that provides license info for the app, including properties that indicate whether the user currently has a valid license to use the app (IsActive) and whether the license is for a trial version (IsTrial).
So that from this document you could use StoreAppLicense.IsActive property to check for valid App licence, not StoreLicense.IsActive currently.
More details you could also reference the official sample.
Related
The User-Agent Reduction origin trial is valid from Chrome version 95 to 101 according to the official documentation, but looking at the token acquisition screen, it seems to be valid up to version 111. I am currently on version 109. Is this one excluded?
https://developer.chrome.com/en/blog/user-agent-reduction-origin-trial/
https://developer.chrome.com/origintrials/#/view_trial/-7123568710593282047
Also, this one is intended to test in a situation where the user agent string and javascript api have been completely removed or changed. Is there another way to test before they are completely removed?
We would appreciate it if you could enlighten us.
I have added the necessary settings to the response headers, referring to the official documentation, but it does not work correctly.
https://developer.chrome.com/en/blog/user-agent-reduction-origin-trial/
I can find a release in Azure DevOps Api 5.1 by a request to https://vsrm.dev.azure.com/mycompany/myproject/_apis/release/releases/myreleaseid?api-version=5.1
How can I get the workitems of that release as shown on the devops portal under Deployment - Stages - Workitems?
My naive approach just using https://vsrm.dev.azure.com/mycompany/myproject/_apis/release/releases/myreleaseid/workitems?api-version=5.1
resulted in a 404.
There is a stakeholder in the workitem and I want to send him a notification adter the release.
How can I get the workitems of that release as shown on the devops
portal under Deployment - Stages - Workitems?
Hard to say, but I don't find any document about this topic... So I determine to use F12 to find that. And here's the one I finally find:
Get:https://vsrm.dev.azure.com/mycompany/myproject/_apis/Release/releases/myreleaseId/workitems?baseReleaseId={my baseReleaseId}&%24top=250&artifactAlias={my artifactAlias}
It will returns the IDs of the workItems for the release. Its response format:
After you get the IDs, it's easy to get details if you need using Get Work Items Batch or what.
In addition:
1.myreleaseId is the ReleaseID. (On my side, the ID is 7 if it's Release-7)
2.my artifactAlias is this:
3.For my baseReleaseId, I'm not 100% sure about its meaning. I think it could be something like ReleaseToCompareAgainst. Hint from Daniel. (On my side, if my releaseId=7, then I use basereleaseID=6(7-1), it works to get the correct WIT ids). (Actually I suggest you can use F12 in that web page to check your corresponding URL.)
And according to Mathias F: The baseReleaseId realy is the last previous release that has a deployment (-1 in some cases)
4.About how to use F12 to find rest api which may not be documented:
Hope all above helps :)
On Spotify Developer there is a description of the JSON format that is returned on "Get Audio Analysis for a Track". However, there is no information on "track.codestring", "track.echoprintstring" and "track.rhythmstring". Anyone who knows the definition of the information that is hidden in these long strings?
I'm currently embarking on machine/deep learning applied for Music Information Retrieval.
There seems to be no way to directly adress this question on developer.spotify. So I roamed the web but couldn't find an answer.
This is in the JSON-example on 'https://developer.spotify.com/documentation/web-api/reference/tracks/get-audio-analysis/'
"codestring": "eJxVnAmS5DgOBL-ST-B9_P9j4x7M6qoxW9tpsZQSCeI...",
"code_version": 3.15,
"echoprintstring": "eJzlvQmSHDmStHslxw4cB-v9j_A-tahhVKV0IH9...",
"echoprint_version": 4.12,
"synchstring": "eJx1mIlx7ToORFNRCCK455_YoE9Dtt-vmrKsK3EBsTY...",
"synch_version": 1,
"rhythmstring": "eJyNXAmOLT2r28pZQuZh_xv7g21Iqu_3pCd160xV...",
"rhythm_version": 1
This document for EchoNest seems to be describing the same properties as the Spotify API returns. (For an older version unfortunately)
Analyzer Documentation
I also recommend checking out kaleidosync a visualisation app based on Spotify/EchoNest.
kaleidosync demo
source on github
I'm super late to the party here, but I'll share my findings in case they help someone else. The below is from what looks like an archived version of the original Echo Nest Analyzer Documentation (v3.2). I've extracted a bit of it below and have provided a link to where I was able to browse the document.
Output Data
track data
codestring, echoprintstring: these represent two different audio fingerprints computed on the audio and are used by other Echo Nest services for song identification.
synchstring: a synchronization code that allows a client player to synchronize the analysis data to the audio waveform with sample accuracy, regardless of its decoder type or version. See Synchstring section*.
rhythmstring: a representation of spectro-temporal transients as binary events. This temporal data distributed on 8 frequency channels aims to be independent of timbre and pitch representations. See Rhythmstring section*.
*Echonest API Docs
Synchstring, Rhythmstring
Synchdata decoding - Github
I have looked everywhere for an example of a QSealC signed message, and I could not find any info.
I need to verify the signature of a QsealC signed payload AND I need to sign the responding payload but I understand that the payload is all in json,
Are there examples out there of QSealC signed payloads?
thanks
You will do both the signing and validation as detailed by IETF's draft-cavage-http-signatures, where you should pay special attention to section 4.1.1 for constructing and section 2.5 for verifying the Signature header.
This draft is referenced by both Berlin Group's XS2A NextGenPSD2 Framework Implementation Guidelines and Stet (France). However, note that it's normal that each unique implementation imposes additional requirements on the HTTP Message Signing standard, e.g. by requiring specific headers to be signed or using a specially formatted keyId. I am not sure whether other standardizations such as Open Banking (UK) reference it.
Take note that you do not need actual QsealC PSD2 certificates to begin your implementation work of the neither the signing nor validation process, as you can create your own self-issued certificates, e.g. using OpenSSL, by adding the OID's found in the ASN.1 profile described in ETSI TS 119 495.
However, I strongly recommend you find a QTSP in your region and order certificates both for development and testing, and for use in production when the time comes.
I won't go into details on the actual process of creating the signature itself, as it's very well detailed in draft-cavage-http-signatures, but consider the following example;
You're requesting GET https://api.bank.eu/v1/accounts, and after processing your outgoing request you end up with the following signing string;
date: Sun, 12 May 2019 17:03:04 GMT
x-request-id: 69df69c1-76d0-4590-8f28-50449a21d0d8
psu-id: 289da2e6-5a01-430d-8075-8f7af71f6d2b
tpp-redirect-uri: https://httpbin.org/get
The resulting Signature could look something like this;
keyId=\"SN=D9EA5432EA92D254,CA=CN=Buypass Class 3 CA 3,O=Buypass AS-983163327,C=NO\",
algorithm=\"rsa-sha256\",
headers=\"date x-request-id psu-id tpp-redirect-uri\",
signature=\"base64(rsa-sha256(signing_string))\"
The above signature adheres to Berlin Group requirements as detailed in Section 12.2 in their implementation guidelines (per. v1.3), except some linebreaks added for readability, which in short are ;
the keyId must be formatted as SN={serial},CA={issuer}, but note that it seems to be up to the ASPSP to decide how the serial and issuer is formatted. However, most are likely to require the serial to be in uppercase hexadecimal representation and issuer formatting in conformance with RFC 2253 or RFC 4514.
The algorithm used must be either rsa-sha256 or rsa-sha512
The following headers must be part of the signing string if present in the request; date, digest, x-request-id, psu-id, psu-corporate-id, tpp-redirect-uri
The signature must be base-64 encoded
As developers have just begun to adopt this way of signing messages, you'll likely have you implement this yourself - but it's not too difficult if you just carefully read the above mentioned draft.
However, vendors have begun supporting the scheme, e.g. Apache CXF currently supports both signing and validation from v3.3.0 in their cxf-rt-rs-security-http-signature module as mentioned in the Apache CXF 3.3 Migration Guide. Surely, others will follow.
Validating the actual signature is easy enough, but validating the actual QsealC PSD2 certificate is a bit more cumbersome, but you'll likely have to integrate with EU's List of Trusted Lists to retrieve root- and intermediate certificates used to issued these certificates, and form a chain of trust together with e.g. Java's cacerts and Microsoft Trusted Root Certificate Program. I personally have good experiences using difi-certvalidator (Java) for the actual validation process, as it proved very easy to extend to our needs, but there are surely many other good tools and libraries out there.
You'll also need to pay special attention the certificate's organizationIdentifier (OID: 2.5.4.97) and qcStatements (OID: 1.3.6.1.5.5.7.1.3). You should check the certificate's organizationIdentifier against the Preta directory, as there might be instances where a TPP's authorization is revoked by it's NCA, but a CRL revocation hasn't yet been published by it's QTSP.
DISCLAIMER: When it comes to the whole QsealC PSD2 certificate signing and validation process, I find both Berlin Group and EBA to be very diffuse, leaving several aspects open to interpretation.
This is a rough explanation, but hopefully it give you enough to get started.
I try to publish an App on windows 10 store, but I can not pass test from Windows App Certification Kit:
Restricted Namespace Error encountered: The restricted namespace test
Detected the following errors: Restricted Namespace found:
Impact if not corrected: The Windows Store does not allow an
Application manifest to refer to restricted namespaces. How to fix it:
Removes restricted namespaces from the application manifest.
But I use a restricted namespace for use SMS functions:
Xmlns: r = "http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
r: Capability Name = "cellularMessaging" />
How can made this changes to publish ?
You must also add the rescap namespace IgnorableNamespaces in the Package.appxmanifest file as shown below.
<Package
xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10"
xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest"
xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
IgnorableNamespaces="uap mp rescap">
<Capabilities>
<Capability Name="internetClient" />
<rescap:Capability Name="cellularMessaging" />
</Capabilities>
</Package>
When adding capabilities, keep them in the following order: 'Capability', 'rescap:Capability', then 'DeviceCapability', as there seems to be a problem when mixing them. (source)
Note that the app certification test will probably continue to fail. You need to request permission to actually use these capabilities.
Special and restricted capabilities are intended for very specific
scenarios. The use of these capabilities is highly restricted and
subject to additional Store onboarding policy and review. Follow the
steps below to request access to a restricted capability before
submitting your app to the store.
Determine if you are eligible to submit your app to the store with a
specific restricted capability by looking at the table below. If you
are not eligible, any requests you make will be denied.
If you are eligible visit the Submitting an App support page.
Set the problem type to App submission and certification and the category type to Submitting an app using a restricted capability.
Include the capability you are requesting access to and include a reason for your request. If you do not provide all the information necessary, your
request will be denied. You may also be asked to provide more
information.
Source