I am trying to set the language from the Session language set for Customer in CX. This value is set during the login through CDC.
How can I send the same language in all the requests to the Backend OCC call from Spartacus?
Language settings are set in src/app/app.module.ts
For example:
B2cStorefrontModule.withConfig({
...
context: {
currency: ['USD'],
language: ['en'],
baseSite: ['electronics-spa'],
},
...
}),
Related
I use to login via schema configuration (nuxt.config.js):
strategies: {
/**
* #description OAuth 2.0 authentication scheme
* {#link https://auth.nuxtjs.org/reference/schemes/oauth2}
*/
keycloak: {
_scheme: 'oauth2',
client_id: CLIENT_ID,
authorization_endpoint: NUXT_ENV_AUTH_LOGIN,
userinfo_endpoint: NUXT_ENV_AUTH_USER_INFO_ENDPOINT,
access_token_endpoint: NUXT_ENV_AUTH_ACCESS_TOKEN_ENDPOINT,
response_type: 'token id_token',
token_type: 'Bearer',
token_key: 'access_token',
scope: ['openid', 'profile', 'email'],
},
},
and it work perfectly using the classic form login.
Now i would like to login a user without a form but starting from a valid access_token generated by a CURL (curl or whatever....).
At the moment i can't figure out how to make it work. I tried to invoke methods like explained here https://auth.nuxtjs.org/api/auth/#refreshtokens but without a good result.
What's required to be loggog in, i suppose is to have a token set into localStorage and cookie (as i see post a normal login) and set the user data into the nuxt store.
Thank you for any advice.
I'm attempting to migrate from Strapi 3 -> 4
I've managed to restructure my folder structure to get the schema working for all my content types.
However, in v3 I had an extra policy on the user-permissions plugin the verified the users jwt token with auth0.
I took the v3 implementation from these docs.
I'm attempting to get it to apply the same logic in v4 and i'm a bit lost since the new docs don't seem fully up-to-date.
I'm adding a new policy in /src/extensions/users-permissions/strapi-server.js
Taken from the docs here
module.exports = (plugin) => {
plugin.policies["permissions"] = async (ctx) => {
let role;
console.log("IN HERE");
if (ctx.state.user) {
// request is already authenticated in a different way
return true;
}
// ... A bunch more logic
return false
}
return plugin
}
If I run yarn strapi policies:list then my 'permissions' policy is listed.
However, when trying to use that policy anywhere, I don't see my console log to see that it's being applied.
I've tried to specify that policy in the routes setup:
module.exports = {
routes: [
{
method: "GET",
path: "/addition-requests",
handler: "addition-request.find",
},
{
method: "GET",
path: "/addition-requests/:id",
handler: "addition-request.findOne",
},
{
method: "POST",
path: "/addition-requests",
config: {
policies: ["plugin::users-permissions.permissions"],
},
handler: "addition-request.create",
},
],
};
Is there anything obvious I'm missing?
And is there a way to apply a policy to every request that requires auth rather than specifying a policy on the route?
It appears from reading this comment it appears as though any request made to a Strapi endpoint that contains a Bearer token is treated like a request that requires auth.
That seems to be why the policy isn't being run as if I remove the Authorization header the policy does run. The question of how to execute a policy on an endpoint that requires auth still remains however.
It appears that the issue around being able to do custom validation on a users jwt is an issue that a few people are facing with v4 Strapi. See my topic on their forum.
The client id parameter is not passed when logging in from an app add-in to outlook.
The default browser uses Microsoft edge and uses the Microsoft openid login function.
The code below is the msal code set in my angular app.
const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1 || window.navigator.userAgent.indexOf('Chrome') > -1;
export var _msalConfig: Configuration = {
auth: {
clientId: '', // This is your client ID
authority: 'https://login.microsoftonline.com/common/', // This is your tenant ID
redirectUri: '', // This is your redirect URI
},
cache: {
cacheLocation: "localStorage",
storeAuthStateInCookie: isIE,
}
};
#NgModule({
declarations: [
AppComponent,
HomeComponent,
],
imports: [
BrowserModule.withServerTransition({ appId: 'ng-cli-universal' }),
HttpClientModule,
FormsModule,
RouterModule.forRoot(appRoutes, { useHash: true }),
MsalModule.forRoot(_msalConfig, {
popUp: !isIE,
consentScopes: [
'user.read',
'openid',
'profile',
],
unprotectedResources: [],
protectedResourceMap: [
['https://graph.microsoft.com/beta/me', ['user.read']]
],
extraQueryParameters: {}
})
],
})
If you log in from the web page, it works normally, but if you log in through the add-in app inside Outlook, the following error message appears.
error:invalid_request
error_description:The mandatory 'client_id' parameter is missing.
If anyone knows about the error, please help me.
Sounds like client-id is not passed correctly. I would suggest you to debug and see how the control flow works; also i would suggest you to use developer tools in IE/Edge. This way you can see whether the value is passed correctly or not. In addition, i want you to check the documentation.
When using the SSO token as an identity in an Outlook add-in, we recommend that you also use the Exchange identity token as an alternate identity. Users of your add-in may use multiple clients, and some may not support providing an SSO token. By using the Exchange identity token as an alternate, you can avoid having to prompt these users for credentials multiple times. Here is the link.
I am using node.js in my application, with shopify-api-node (v3.2.0), to authenticate customer login along with other features if shopify. As per shopify documentation (https://shopify.dev/docs/storefront-api/reference/mutation/customeraccesstokencreate) I am using GraphQL to access shopify API.
My code looks something like this below :-
const Shopify = require('shopify-api-node');
const shopify = new Shopify({
shopName: process.env.SHOPIFY_DOMAIN_NAME,
apiKey: process.env.SHOPIFY_API_KEY,
password: process.env.SHOPIFY_API_KEY_PASSWORD
});
const query = `mutation {
customerAccessTokenCreate (input: {
email: "user#mail.com",
password: "password123"
}
)
{
customerAccessToken {
accessToken
expiresAt
}
customerUserErrors {
code
field
message
}
}
}`;
shopify
.graphql(query)
.then((output) => {
console.log(output);
})
.catch((err) => {
console.error(err)
});
After this I am getting below error :-
Error: Field 'customerAccessTokenCreate' doesn't exist on type 'Mutation'
at got.then (/Users/admin/Documents/Code/shopify-node-app/node_modules/shopify-api-node/index.js:239:19)
at process._tickCallback (internal/process/next_tick.js:68:7)
locations: [ { line: 2, column: 5 } ],
path: [ 'mutation', 'customerAccessTokenCreate' ],
extensions:
{ code: 'undefinedField',
typeName: 'Mutation',
fieldName: 'customerAccessTokenCreate' }
Even I am getting the same thing from postman itself.
Any help would be appreciated.
There are two types of GraphQL:
the storefront GraphQL - https://shopify.dev/docs/storefront-api/reference
the admin GraphQL - https://shopify.dev/docs/admin-api/graphql/reference
While they seems similar the strorefront is much more limited but can be used on the front-end, while the admin one is more rich in method and functionality but can't be used safely on the font-end.
The documentation and the method you are trying to make is referring to the Storefront API, but the package you are using is for the Admin GraphQL API.
You can create a storefront access token via the storefrontAccessToken method if you want to make storefront request but the Admin API GraphQL allows for more customization.
So you need to make sure you are using the proper API.
If you plan to use the storefront API, you shouldn't use NodeJS and just create a private app ( from Admin -> APP -> Private App) which will provide you a Store Front Access Token (if you enable it at the bottom and select the proper scopes) that can be used directly on the front-end.
If you plan to use the Admin API, you will need to create a public app and host it, then you can use NodeJS and pass the information via a Proxy in Shopify.
Summary
You are making a request to the Storefront API, while using a library for the Admin API.
I am trying to create the following authentication for an app:
User enters phone number and receives an SMS with a code generated in the server (the SMS is handled through an external service). If the user enters the right code he is logged in.
This means I must have two login stages: registering user with a phone and logging him in with the code, so this is what I think the client should look like:
Meteor.getSmsCode = function(phone, username, callback) {
Accounts.callLoginMethod({
methodName: 'getsmscode',
methodArguments: [{
getsmscode: true,
phone: phone,
username: username
}],
userCallback: callback
});
};
Meteor.loginWithCode = function(phone, code, callback) {
Accounts.callLoginMethod({
methodName: 'login',
methodArguments: [{
hascode: true,
phone: phone,
code: code
}],
userCallback: callback
});
};
But I am confused about the server side - there should be two methods:
the first should only register a user (and communicate with the SMS service) and second should log him in.
This is the server test code for now:
Meteor.users.insert({phone: '123456789', code: '123', username:'ilyo'});
Accounts.registerLoginHandler(function(loginRequest) {
var user = Meteor.users.findOne({phone: loginRequest.phone});
if(user.code !== loginRequest.code) {
return null;
}
var stampedToken = Accounts._generateStampedLoginToken();
var hashStampedToken = Accounts._hashStampedToken(stampedToken);
Meteor.users.update(userId,
{$push: {'services.resume.loginTokens': hashStampedToken}}
);
return {
id: user._id,
token: stampedToken.token
};
});
And this is what happens when I try it:
Why an I getting the 500?
Why doesn't the user have a code and phone fields?
What method should I use for the getSmsCode?
Meteor.createUser is described on How can I create users server side in Meteor?
Then, the Accounts.onCreateUser would contain business logic http://docs.meteor.com/#accounts_oncreateuser
A more exact message for the 500 would be on the server-side stdout. Probably security.
Your Login Handler must return an object as follows:
{ userId: user._id }
Sorry I don't elaborate in the whole problem, I don't agree on your full approach but looks you are in the right path to get the feature you need.
Also, this question is one year old, now there are a few packages at atmosphere that address this kind of authentication =)