The docs say "Add “profile” and/or “groups” to get additional user information returned in the id_token". How? What format? When I do the following:
https://.onelogin.com/oidc/2/auth?client_id=&redirect_uri=&response_type=code&scope=openid,groups
I get an error saying openid is required, as if it didn't recognize it because I tacked on the ',groups' to the querystring. What do they mean by "add" in the docs?
https://developers.onelogin.com/openid-connect/api/authorization-code
Related
In this message formatting doc: https://api.slack.com/docs/message-formatting, you can use special control sequence characters < and > to perform server-side parsing (server-side as in Slack API's server-side).
So using <#U024BE7LH> in your chat.postMessage() call will get parsed to something like #bob or whatever the username associated with that ID is, in the actual text that shows up in slack.
Unfortunately, this will cause a notification for the person you're referring to. How do I make it so that it doesn't notify the person? I've tried to enclose in a code block, i.e.:
`<#U024BE7LH>`
or
```
<#U024BE7LH>
```
But it still pings. I'm thinking the only way is to get a list of users and parse the name from the ID.
According to this, backticks should work but empirically it hasn't for me. The Slack employee says to just convert the user ID to their name and use that without the templating.
https://forums.slackcommunity.com/s/question/0D73a000005n0OXCAY/detail?language=en_US&fromEmail=1&s1oid=00Dj0000001q028&s1nid=0DB3a000000fxl3&s1uid=0053a00000Ry9cX&s1ext=0&emkind=chatterCommentNotification&emtm=1667894666436&emvtk=fH.W2M01lq9W1cf31RSROPwB7LYs.och8RgbVTqoNlg%3D&t=1667931570045
How to validate the all mandatory parameters at one time.I want to display all mandatory parameters not entered in user .For Example I have 4 parameters username,pwd,phno,address.
If the user not provided the information of two parameters like pwd and address.
By using the XSD against validation concept,It throwing the SAX Exception on PWD.but it not showing the exception on Adress as well.
Condition:
1.Input format may jsonformat,xml,or any thing.
Please share information.
I have not found concrete information from this site.
I want to setup the following url in my MVC4 website, using the user's full name in the url:
http://www.myapp.com/profile/steve-jones
I have setup the following route in Global.asax:
routeCollection.MapRoute(
"profile", "profile/{userName}",
new { controller = "myController", action = "profile", userName = string.Empty
});
And I can take the parameter 'steve-jones' and match it to a user with matching name. My only problem though is, what if there is more than one 'Steve Jones', how can I handle this?
Does anyone know of a workaround/solution to this so that I can use a user's full name as part of the url and still be able to retrieve the correct user in the controller method?
Am I forced into including the user's id with the url (something that I do not want to appear)?
The usual way of handling this is by appending a number when creating the profiles. So if "steve-jones" is already a name in the database, then make the user's display name "steve-jones2". You basically have to insist that all profile urls are unique, which includes updating any existing database and account creation code.
Alternatively (and/or additionally), if two same names are found then have the script reroute to a disambiguation page where the user is presented with links and snippet of profile info of the many existing Steve Joneseses so they can go to the full correct profile.
Another way of handling it is by giving all user profiles an additional numeric code on the end. At my university all logins are based on name, so they give everyone pseudo-random 3-digit extensions so that they are safe as long as they don't get 1000 people with the exact same names :)
Some people might be happier being steve-jones-342 if there is no steve-jones or steve-jones1, if you're concerned.
Nested forms are great, but I have noticed that it can sometimes lead to error message that are oddly formatted.
To give a concrete example:
I have a form that lets someone create a new Account. Each account has one or more Users (has_many). The signup form uses the Account model for creating the form and also includes a number of fields for creating the first User (as an account must have at least one user). In other words, it is a nested form.
Because an account can have many users, the prefix of the error messages says "users" instead of "user". Also, the error messages use the relationship name (users) and the attribute name (for example, "password") to construct the error message. This results in error message such as "Users email can't be blank." instead of "Email can't be blank.".
Is there a way to customize the error message or omit "users" from the error message?
In your :message parameter of your validation, you can add a caret which will strip the default message.
:message => "^ Email can't be blank"
I've searched a lot but I couldn't find the proper answer to my question regarding my conditions.
I'm building a REST API, and the case, which seems a border line case to me, is the following:
-I'm dealing with two entities, Users and Roles. An User can have multiple roles assigned.
-To assign a Role to a User, the Role must be already in the DataBase.
-To assign a Role to a User, the only thing needed is the 'code' of the role, that is a short string.
-The uri path template used now is:
--Users: localhost:8080/api/users
--Given User: localhost:8080/api/users/{userId}
--Roles of a given User: localhost:8080/api/users/{userId}/roles
Now, to 'link' a given User with a given Role, two options come to my mind.
-The first is the one that sounds as best practice in any scenario, sending the post data in the body, perhaps as a JSON.
-The other one, sending it through the uri and with an empty body. For example, to link User with id U001 with role R001, one would have to post to the following uri sending no data in the body: localhost:8080/api/users/U001/roles/R001
The thing is that I don't mind using the first option, and it seems to be the best and most correct one, but in this particular case, I'm not sure wether it is better to send an almost empty body (because it only holds the role id, a very short string) posting it to 'localhost:8080/api/users/U001/roles' or skipping the body and just sending the role id through the uri as a path parameter like localhost:8080/api/users/U001/roles/R001
Thank you all in advance for your help.
There is nothing wrong with putting role in the URI. Your intuition was on the right track. I'd do it this way.
PUT: locahost:8080/api/users/{userid}/role/{roleId}
And here's why.
FIRST: The PUT verb is Idempotent. In other words (taken straight from the spec)
... the side-effects of N > 0 identical requests is the same as for a single request.
Which is what I'd assume you want in this regard. You don't want multiple records in your state storage for each instance of user & role. A user should feel at ease making the same PUT request without adversely effecting (adding duplicate records) the system.
When doing the same thing with a POST I'd expect to have a new record created for every request.
SECOND: The PUT verb is supposed to identify a specific resource. (taken straight from the spec)
... PUT request identifies the entity enclosed with the request -- the user agent knows what URI is intended and the server MUST NOT attempt to apply the request to some other resource. If the server desires that the request be applied to a different URI,
it MUST send a 301 (Moved Permanently) response; the user agent MAY then make its own decision regarding whether or not to redirect the request.
What if role R102 becomes obsolete and R104 is preferred? Return a 301 (Moved Permanently) with a HEADER (Location : localhost:8080/api/users/{userid}/role/R104).
FINALLY: When everything works well. Return a 201 (Created) when created and a 200 (No Content) on every subsequent request to the same URI. If they provide a Role that is not in the system return a 501 (Not Implemented).
Hmm - in this case - a POST with a 302 may be a bit messy.
Why not a very simple 'PUT'/'DELETE' with indeed the URIs suggested ?
With simple; 20X meaning succeeded, possibly some 30X to indicate it was already there - and anything else a fail ?