I am sending an email to my users with credentials. Now I want to create a link, which when clicked opens the applications (which is similar to WinRar) and if possible auto-fill the cred or auto-login.
I am basically looking for ideas on how to achieve this.
All ideas are welcome. Thanks for the help.
Assuming you’re programming on Windows, you need to register a protocol handler: https://learn.microsoft.com/en-us/windows/win32/search/-search-3x-wds-ph-install-registration
Your application would register itself as a handler for a protocol, like myapp:// and then you could include links in emails that would launch your application.
Please consider the security issues when doing this with credentials as arguments. They’ll be visible to the end user and there’s nothing stopping another application from registering as the handler for these URLs and intercepting the credentials.
Related
We have a native app and an Alexa skill. You can't use the Alexa skill without the app and you need to have your app account first. Some users are creating accounts with the Alexa skill that aren't linked with their app accounts.
We can disable self-registration and the sign-up link goes away in the hosted UI, but it also prevents account creation from the application using Amplify.
I looked at the hosted UI customization CSS to see if I could style that link to hide it, but the CSS customizations don't seem to address that link specifically. I'd like to avoid reinventing the entire auth wheel just to get rid of that one link.
Is there any way to disable the "sign up" link in the Cognito hosted UI without disabling self-registration?
Thanks!
You have 2 options as far as I know.
Use custom lambda trigger on signup to reject calls made from your hosted UI
Use your own login page instead of hosted UI.
Unfortunately, there is no way to modify the contents of the UI. You can only change the CSS and add a logo.
The first method is easier but is a bad implementation because you are confusing your users with a button to register but then rejecting all their attempts. Second method is the best way to achieve what you want.
Another method is to use the adminCreateUser function, give it a temporary password and suppress email sending of the temporary password. Then do adminSetUserPassword to give the user the desired permanent password.
This technique seems to work properly when the "Enable signup" feature is disabled.
I want to integrate Swift Mailer in Phalcon 3 using dependency injection. I have already seen various ways to do solve this issue in Phalcon and Phalcon 2.
It would be great if you can help me with this issue.
Use https://github.com/phalcon-ext/mailer and follow its instruction and you will get a working solution to send emails through Swift Mailer in Phalcon 3.
That being said there were a few issues which I had to tackle to get things up. So here is a list of changes that you have to make on your end:
If you are going to use smtp then change the port to 587 and encryption to tls
Apart from it you are going to face error from google and it will send a security alert to attached gmail id. In the security email which I received; I clicked on allowing access to less secure apps
And then it took me to a google sign-in page where I was able to lower security by allowing less secure apps to access my gmail account.
There might be a better way to send email without lowering security access. If you find one then please let me know.
The github page says to add in your code require_once('vendor/autoload.php'); you can do it in index.php located inside the public folder.
I am working on MAC Application in which I have to create a VPN Connection through my application and which I have done successfully with the Help of EBAS Example code from Apple.
Now when user want to connect to VPN, I need to modify the Network Interface and for that an AUTHORIZATION POPUP Comes to get user Permission.
This is the Process to Modify the Network Interface.
First Lock the System Preference using Below Code
Boolean result = SCPreferencesLock(prefToUnlock,TRUE); // Authentication PopUp Comes here to lock the system preferences.
and then rest of the code to modify the network which is working fine.
Now whenever above line execute popup comes to get authorization to Lock SystemPeference. I want this to be done by Helper Tool Without Authorization Popup. I tried that but it always returns false.
Is there any other way I can archive this.
Thanks
I have a web application that uses google & facebook oauth2 to authorize the users.
But, the application can also be hosted in other sites in a frame.
The problem is that in that case google blocks the login phase (since it's in a frame), is there a way to overcome it?
I don't think so. If possible stay away from embedding other site with frames.
You could contrive something where your client makes an ajax call to your server. If your server send the login redirect, your client can use the 302 location to open a popup window. You will of course need to make sure the user isn't blocking popups.
GMail can used as a SMTP server. I've written the code that does it. But as we all know GMail may occasionally authenticate using captcha (image verification as they call it). The same thing may be the cause to reject SMTP authentication.
As I've seen google shows image verification when you try to log-in for the first time from some machine. All consecutive log-ins from the same machine (to the same account) use regular login. I'm a bit afraid this captcha may also come up again for some other reasons that I can't control.
So. Is it possible to still authenticate when special measures are needed? And how?
I should also mention that logging in from the machine via web browser also enables programmatic SMTP authentication.
Try:
http://www.google.com/accounts/DisplayUnlockCaptcha
Or for Google Apps for your domain:
https://www.google.com/a/yourdomain.com/UnlockCaptcha
I can bet it's an IP based solution, so if your app if deployed somewhere else, It doesn't help.
Google doesn't seem to be particularly clear about what prompts them to block a user's account until he has successfully entered a captcha phrase. However, it's likely that this is a mechanism which is triggered when Google sees what it considers to be unusual or suspicious activity associated with your account. As a result, I would expect it to be unlikely that they will supply an option to opt out of a mechanism which is protecting both them and you, although others are welcome to find evidence to the contrary.
Various discussions of when and how this happens throw up some suggestions which you might like to try to see if they help, such as choosing a stronger password or simply changing your password. Good luck!
IMHO The right way to do this, without implementing the user consent workflow or "hacking your account's security settings", is obtaining a refresh token with the Google OAuth2.0 Playground for Offline Access. After that, you can authenticate using the OAuth 2.0 API.
I got it working after reading Nodemailer/Gmail - What exactly is a refresh token and how do I get one?