I have a setup of nuxtjs ssr using vuex featherjs recommended example, feathersjs as the api.
Authentication using JWT & Local strategy works, I receive the access token
but querying user service using nuxtjs gives me an error.
ERROR NotAuthenticated
{type: "FeathersError", name: "NotAuthenticated", message: "No auth token", code: 401, className: "not-authenticated", …}
Querying using postman works but querying using nuxtjs returns the message No auth token.
I have already opened a ticket on github repo.
Related
I have an SPA that uses B2C as its certification.
not AD, im using B2C.
Now I want to display user information on the SPA,
so I want to use MsGraphAPI to get data from B2C.
Therefore, we are trying to obtain an access token using credential flow.
The code is as follows
requestUri = "https://login.microsoftonline.com/{tenandId}/oauth2/v2.0/token";
var params = new URLSearchParams();
params.append("grant_type","client_credentials");
params.append("client_id","XXXX");
params.append("client_secret","ZZZZ");
params.append("scope","https://graph.microsoft.com/.default");
const response = fetch(requestUri, {
method:"POST",
body:params
});
At this time, the developer tool shows a corrs error.
The following error.
access to fetch "https://login.microsoftonline.com/{tenandId}/oauth2/v2.0/token" from origin "http://localhost:3000" has been blocked by CORS policy.
How can I resolve this?
SPA is available at http://localhost:3000.
Is the localhost no good?
The purpose of authenticating is to get user information. You can insert any attribute into the token, and then parse the id_token to display the users profile information in your application. Calling MS Graph API for this seems counter intuitive.
Next, you shouldnt be using client_credentials in your SPA, those are secret credentails, and should only be used by your server. By exposing those credentials in your SPA, any user could extract them and use them to read your entire directroy store. This is why you are getting a CORS error, it's never supposed to be running on the client browser.
I am using AUTH0 V9 API to host the login page on my website and use API to login user via AUTH0. I am using https://auth0.com/docs/libraries/auth0js document as a reference. I installed the auth0-js npm package via the following command
npm install auth0-js
Then initialized the AUTH0 via the following code
<script type="text/javascript">
var webAuth = new auth0.WebAuth({
domain: 'YOUR_DOMAIN',
clientID: 'YOUR_CLIENT_ID'
redirectUri: "http://localhost:3000/login",
responseType: "code",
responseMode: "form_post",
scope: "openid profile email",
});
</script>
Then I using login() method as following
webAuth.login({
realm: 'tests',
username: 'testuser',
password: 'testpass',
});
But this above login code is not working. It's redirecting me to some other URL and not to "http://localhost:3000/login" which I provided while initializing AUTH0 object.
This method also has a reference to "Custom Domain". Do I need to purchase AUTH0 subscription for managing V9 API or I am doing something wrong that's why I am getting the wrong redirect. Please help.
========
Some strange thing I discovered that the same code is working with my personal account but not with my client's business account.
The same code mentioned above worked with my personal account but not with my client's business account and the problem was that client had set up custom error pages in the tenant settings. Whosoever is working with custom login, please check out two things.
Your callback URL is exactly what you are mentioning in your custom login code via AUTH0 V9.
Custom error pages are off in the tenant settings. "Tenant settings -> General Pages -> Error".
I've set up an express basic auth using the express-basic-auth module.
const basicAuthFunc = basicAuth({
challenge: true,
users: { 'admin': s.BASIC_AUTH.ADMIN_PASS }
})
it works on localhost. I'm prompted with a popup js challenge.
i'm deploying to lambda function and using AWS API gateway.
the page does not present me with the challange. I just get the 401 directly.
I tried removing the basic auth and the page loads so it's just related to the basic auth.
what headers should I add to api gateway ?
tried this one :
https://medium.com/#Da_vidgf/http-basic-auth-with-api-gateway-and-serverless-5ae14ad0a270
adding WWW-Authenticate and 'Basic' to 401 response.
didn't work
I'm trying to get an Authorization Code in a react-native Application that uses react-native-app-auth from an SAP Cloudfoundry Endpoint.
This is the Config-format I am passing and which is working for other OAuth Providers(different than Cloudfoundry).
{
clientId: <CLIENT_ID>,
redirectUrl: <CLIENT_ID>',
serviceConfiguration: {
authorizationEndpoint: <ENDPOINTURL>...com/oauth2/api/v1/token,
tokenEndpoint: <ENDPOINTURL>...com/oauth2/api/v1/authorize
},
scopes: ['uaa.user'],
}
I debugged the response and it comes back with accessToken, which seems to be invalid when I test it manually in Postman.
When debugging other Oauth Providers i dont get back an ID-Token at all and directly receive an access Token.
The endpoint itself works in postman with the same settings and gives me back an valid Token.
When debugging other Oauth Providers i dont get back an ID-Token at
all and directly receive an access Token.
id_token is part of OpenID Connect. In first response there are three scopes and not just your uaa.user scope. It seems that openid is set to default scope in that provider so you are receiving id_token as well.
I debugged the response and it comes back with accessToken, which seems to be invalid when I test it manually in Postman.
Why do you think accessToken is invalid?
I am really new to Azure AD. I have read the Azure AD documentation which provides information on authentication and accessing web API's.
What I want to do : I want to use Dynamics CRM API to create a lead or contact through AWS Lambda. Meaning, whenever the Lambda function is ran, it should call the CRM API. The way I need to create a lead is with username and password creds included in Lambda. I am not sure which application scenario I need to use when I am using AWS Lambda as the source to access the web api. I want to pass the user creds with POST request.
Creating an application in Azure AD : So, I am not sure which application type I need to use (Web API or Native App?). And what should be the sign-on URL or Redirect URI?
I have tried creating an application and use Postman as the temporary way just to test whether I can get the access token and access the web api. I could able to get the access token but when I tried to access the API it says
Bearer Error invalid_token, error validating token!
I have given enough permissions while creating application in Azure AD to access Dynamics CRM API. But still unable to access the API.
POST request to get access token through Postman:
request: POST
URL: https://login.windows.net/<tenant-id>/oauth2/token
Body:
grant_type: cliet_credentials
username: xxxxx
password: xxxxxxx
client_id: <app id>
resource: <resource> //I am not sure what to include here
client_secret: <secret_key>
I get the access token in the response. Sending the second POST request using the access token
request: POST
URL: https://xxx.api.crm.dynamics.com/api/data/v8.2/accounts
Headers:
Content-type: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
Authorization: Bearer <access_token>
Body:
{
"name": "Sample Account",
"creditonhold": false,
"address1_latitude": 47.639583,
"description": "This is the description of the sample account",
"revenue": 5000000,
"accountcategorycode": 1
}
It would really help me if I can get a bit more information on where I am stuck. I have already used my one week of time to get this done. Any help will be appreciated.
To do Server-to-Server (S2S) authentication , the application is authenticated based on a service principal identified by an Azure AD Object ID value which is stored in the Dynamics 365 application user record. Please click here and here for detail steps and code samples.