I receive the information from Microsoft:
App Policies: 10.3 App Is Not Testable
The app must be testable. If it is not possible to test your app for any reason, including, but not limited to, the items below, your app may fail this requirement.
If your app requires login credentials, provide us with a working demo account using the Notes to Tester field.
If your app requires access to a server, the server must be functional to verify that it's working correctly.
If your app allows a user to add a gift card balance, give us a gift card number that can be used in the testing
How to pass certificate?
It seems that the tester cannot test your app properly, which violates the Windows Store Policy and will make your app get unpublished or fail to pass the certification.
Please follow and check the notes provided by Microsoft:
If your app requires login credentials, provide us with a working demo account using the Notes to Tester field.
If your app requires access to a server, the server must be functional to verify that it's working correctly.
If your app allows a user to add a gift card balance, give us a gift card number that can be used in the testing.
And I would like to suggest you to provide a hosted video of your app’s functionality working properly in the notes for certification when you resubmit your app so that tester can see your app perform normally and know how to test it in an appropriate way.
Please refer to Notes for certification. This can really benefit your app to pass the certification.
Related
I want to integrate cybersource as a HOP i.e. the user will be redirected to the service provider to complete the payment. I am not able to find proper APIs for generating the hosted order pay for redirecting the user. Have gone through a documentation of Cybersource:
https://developer.cybersource.com/library/documentation/dev_guides/Secure_Acceptance_Checkout_API/Secure_Acceptance_Checkout_API.pdf
But it doesn't seems to be helpful. Can anyone help me with this.
a better way to do this is through java script redirect. You don't have
to use the gateway to host anything.
This method is completely PCI compliant in that it will keep you out of scope.
You generate the payment page from your web site and use a java script to
redirect PAN data to the payment server.
I don't know if Cyber Source supports this. This is the same pattern that is
used by wallet payments. Your Direct debit payments can use the same method even though PCI requirements do not apply there ( yet ).
If you want a sample java script to do this let me know
I'm trying to get Microsoft to approve an Web addin that takes a user's email attachments and pushes them to our Web Application. We have some very robust testing notes (up to the max in the free form text box that is) and it includes access to an Office 365 mail account, which in the first submission attempt they told me was required.
In this recent attempt they sent back a response that we had incomplete testing notes:
Your submission did not include all information needed for successful
verification and testing of your offer. We were unable to login to
your Outlook account. Please see the attached (CannotLogin) image.
Please include all necessary instructions and resources for successful
verification and testing in the Notes for certification field when
re-submitting your offer. The Notes for certification field is
available on the Review and Publish page when you are editing your
offer listing.
That's it. They've never made any attempt to reach out to ask to sign in, but this seems to be required in testing. I'm wondering what we do to get this submission through. Do we leave out the email account to test with completely and have them test with one of their own accounts? Or do we put instructions in our submission explicitly to reach out to us for account verification? All we need them to do to test this is have some email with some attachments and use our credentials to our hosted web app (in our testing notes) to push that information to us.
** This is Microsoft's recommended source for support, which is odd, we've tried other forums to try to reach out. I'm aware this question may be 'off topic' according to SO guidelines. I've found that they've responded on Stackoverflow in better fashion.
**** Update ****
The submission attempt failed again. We included a specific email in our submission with test data in the account. Following screenshots explain that the requirement is an Office 365 account. Are we supposed to include an Organization domain specific office 365 account?
The validation team use their own test accounts to confirm the sign up for an account flow and the majority of the testing. If there is any features that require an account with unlocked features, say from a paid for account - that needs to be provided by the add-in submitter. If a large amount of configuration is required or a large amount of test data needs to be present in the account, they will use the provided account. They must be able to log in and use that provided account and as they validate a large amount of add-ins per day, there is no method to contact partners mid-validation. It is the add-in submitters responsibility to ensure a test account is provided and that that account can be accessed.
Am developing a Windows Store 8.1 app using C# and xaml.
I am doing Single sign on using Azure Active Directory Account login.
I do not want users to be redirected to the Microsoft Account login screen, and then come back. I want to supply them with the login credential screen where we capture their username and password, and then we want to programatically do the authentication against Azure AD, and get back the claims identity.
How can i achieve this?
This is not a supported scenario for security concerns. One of the value propositions for AAD is that the password management, across the whole login lifecycle, is managed and secure. This is particularly important for scenarios in which AAD is securing a 3rd-party SaaS solution. A developer should not be able to have access to a user's credentials at any point.
All that said, it sounds like there is another question here which is answerable: How can I customize the login screen that AAD gives me?
AAD Premium does offer features for adding custom branding to your tenant. However, you still will be working with a screen that is provided for you.
I'm in the middle of developing an application that integrates Box with an identity management environment for the purposes of SSO and user lifecycle management. Basically, our users use SAML to sign into their Box accounts, and then the status of their Box accounts is managed based on the status of their corporate accounts - if we terminate a user, the user's Box account needs to get disabled. This is one of many use cases that were in progress before the OAuth2 change.
Prior to the OAuth2 change, I was able to authenticate my enterprise admin account with the api_key and auth_token. This worked very well.
Now, with OAuth2, I'm not sure how to proceed. There is no UI for this at all, and I have no place to handle a redirect for the authorization token. Moreover, this is a nightly process that runs using the enterprise admin account, so I would have to get a new refresh token and bearer token every time this runs.
This doesn't make a lot of sense for my use case. Is there an alternative?
I am busy writing the same code with the same frustration as you have. However the refresh token does live for 14 days and what I plan to do is store the returned values encrypted in the registry. Each run my first action is to refresh the bearer key.
There however is no current timeline on the phasing out of the V1 Auth method and since some of the Enterprise stuff is yet to be ported to API V2 I suspect that if enough Enterprises push the BOX API team for a solution on this I am sure they will listen.
If I am honest I prefer the OAuth2 solution as it stops the key to your whole Enterprise data been sent in clear text across the internet as a URL param in API V1 and if someone did manage to break the SSL then only get a access token that is worth 60 mins max.
Not sure what language your writing the routines in but I am working with the API V2 SDK written by John Hoerr on GitHub and apart from a few little issues that he has fixed straight away from a .Net perspective it makes hitting the API a much more pleasant experience with all the de\serialisation handled by the SDK.
Hi I have an HTML5 app which has a User Login. The app has a Notes option. I am looking for a service which would help me to sync the notes for that user account. So the same user can login in a different device and see the Notes in their device. I cannot use iCloud as Android doesnt support it.
We tried to store the notes in the user db using jsonp but still had some issues.
Someone mentioned about Pusher.com but looks like the service is expensive for a starter like us. Is there any more reliable and cheap options for us? W
Parse is probably more in line with what you are looking for. Pusher provides a service for sending push notifications, but you mentioned the need to store data in the cloud. Parse can accomplish this and does have a free basic plan that you can get started with.