I am pretty sure I saw somewhere in AWS console which can help me increase the session expiration time of logged in user but I cannot find it ... screenshot or guide appreciated
Token expiration is configured for each App client. Go to your user pool -> App Clients -> Choose a specific app client. Like this:
if this is what you need.
Related
I want to use the gmail api to update myself about the status of a programm I'm running locally 24/7. Basicly once a day it should send me a status report per email from the emailaccount I created just for this case to the same account.
I've got a project set up, the api enabled, got my credentials and created a token.json file. I managed to have it send me emails yada yada yada.
I concentrated on the further development of the programm for some time and then wanted to jump back to this to test out another feature where I wanted to implement a ping me feature. I'd send myself an email asking for a ping back just to check if my program is still running.
While doing that I noticed that my token expired. I tried reading into what I can do about that. Ideally I'd like to have the program just run autonomously. I read for my case that a service account would be ideal but after setting that all up and 2 hours later after a lot of errors I read that interacting with the gmail api with a service account is only open to workspace users since I can't delegate domain-wide authority without one.
So after some further reading I read that next to the access token I created I can refresh that token with refresh tokens. for that I was trying the request function noted in the quickstart tutorial:
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
now running creds.refresh(Request())
I get this error:
google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})
Upon further reading here I read that refesh tokens are only available to projects whose status is set to in progress and not in testing. Projects set to testing are required to have the user manually log in at least once a week which I don't want.
Now for me verifying my project doesn't make sense since I won't have any other users using my access to the gmail api and frankly I wouldn't want that either.
What are my options here to have the script running continuously without having to manually sign in once a week? Considering also that I will be at all times the only user.
Thank you,
Florens
Your still have a few options. For one, you could get a Google Workspace account. The lowest tier would set you back around $6 per user per month. This would allow you to publish the app as internal-only and you don't need to go through the verification process, but you can only use the app with the Workspace account. You can still send emails out to any addresses, though.
If you don't want to pay, you can still set your app to Published status and you do not necessarily have to go through the verification. There are some limitations, such as the app warning that shows up when signing in and a user cap of 100 users, but since you know that the app is safe and you don't need more users you can just ignore this, Google says so in their own documentation:
What app types are not applicable for verification?
Personal Use: The app is not shared with anyone else or will be used by fewer than 100 users. Hence, you can continue using the app by bypassing the unverified app warning during sign-in.
As you already know, the refresh token expires in 7 days only when the app status is set to "testing", so as long as you have it set as "In production" and ignore the unverified app warnings, you should be able to have a normal refresh token that you can use without needing to sign in every 7 days.
Just keep in mind that other users could have access to the app but if you're careful to keep your OAuth credentials to yourself that should not be an issue.
Sources:
Unverified apps
OAuth API verification FAQs
OAuth overview
How can I disable the User from Amazon Cognito User Pool using API ?
I tried to check the API from Amazon and couldn't find one.
Thanks.
There is a specific command for disabling user, please see API reference - API_AdminDisableUser
It looks like it is supported here, https://docs.amplify.aws/cli/auth/admin#admin-queries-api
I'm trying to implement a way to actually logout from my application that is using the Valence API. I can obviously clear the session on my end, but is there a way through the API to actually log out of the Desire2Learn site as well? I've looked through the docs and didn't see anything.
No, there is currently no route to explicitly log out, or log in. You can, however, use the Valence auth process to generate credentials for a new user. What you need to do in that case is use a browser to interact with the user that doesn't have an open session with the LMS: as long as the LMS thinks that the browser doing the user part of the authentication has an open session, it will pass back the user credentials for that user instead of asking the user to re-authenticate.
Typically an inactive session with the LMS expires after a short time and then the LMS will force the user to re-authenticate if your app initiates the auth process.
I'm building a central authentication service(auth.xyz.com), similar to what Google has on accounts.google.com. I have multiple applications, each running on a different subdomain(app1.xyz.com, app2.xyz.com) which will be integrating with my auth service.
I am currently following a cookie based system, written on ".xyz.com" domain, so that it is readable by all the subdomains.
My problem is that I cant figure how to handle the cookie expiry. If the user logs in at time t, and spends 45 mins on app1.xyz.com, and then goes to app2.xyz.com, I dont want him to have to login again. Also, if the user logs in on app1.xyz.com and is then idle for 45 mins, and then hits app2.xyz.com, I want him to have to relogin. How can I achieve this?
I dont want to touch the auth server on every request I get on app1 or app2.
I do not think that is really possible.If that is the case, there will be a security hole in the entire flows of the applications.An cookie expired user can still access the resources on server app1 and app2 without authentication or some other trusted mechanism!.
With my Flattr client using the REST API, it seems that access tokens expire after 1 day. I checked my settings and the client is still authenticated. But when I issue a request to https://api.flattr.com/rest/v2/user I get the following response:
{
"error":"unauthorized",
"error_description":"You are unauthorized to access the resource",
"error_uri":"http:\/\/developers.flattr.net\/api"
}
I think I now know what the problem is. I am logging into Flattr with an iPhone and with the iPhone Simulator using the same account. It seems that using the API with more than one device will cause the user to need to login every time he changes devices.
I guess support for more than one access token at the same time is needed. Please confirm.