I'm using amazon-cognito for my application user access.
I have two different groups inside my user pool.
I want to send differenet email to each user depends on the group he belongs to.
The problem is that the email verification is sent when the user is created at the pool and not after he's linked to a group.
Is there a way do to it?
Any help? advices?
After a lot of digging, I've figured out a solution.
The solution is to use AWS Cognito Lambda.
Use AWS Cognito Lambda for SignUp or AdminCreateUser events depends on your application architecture.
When a user is created either with SignUp or AdminCreateUser functions, there's an option to pass metadata with clientMetadata entry at the object.
For example (from AWS Docs):
{
"ClientMetadata": {
"string" : "string"
},
"DesiredDeliveryMediums": [ "string" ],
"ForceAliasCreation": boolean,
"MessageAction": "string",
"TemporaryPassword": "string",
"UserAttributes": [
{
"Name": "string",
"Value": "string"
}
],
"Username": "string",
"UserPoolId": "string",
"ValidationData": [
{
"Name": "string",
"Value": "string"
}
]
}
According to docs:
clientMetadata
One or more key-value pairs that you can provide as
custom input to the Lambda function that you specify for the pre
sign-up trigger. You can pass this data to your Lambda function by
using the ClientMetadata parameter in the following API actions:
AdminCreateUser, AdminRespondToAuthChallenge, ForgotPassword, and
SignUp.
So, pass the group inside the clientMetadata as an entry:
"ClientMetadata": {
"Group": "MyNiceGroup"
},
...
Inside the lambda implementation, according to the incoming group decide which email to dispatch.
Related
shopware 6 admin api patch - why it's failing? I get error "Only single write operations are supported"
Following is api for rule-condition entity in the database, I update it with Id.
For same api get method is working!
url: api/rule-condition/dbb0d904c7c14860a9a94cf26b94eca6
method: patch
json body
[
{
"op": "replace",
"path": "/data/attributes/value/email",
"value": "test#gmail.com"
}
]
response:
{
"errors": [
{
"code": "0",
"status": "400",
"title": "Bad Request",
"detail": "Only single write operations are supported. Please send the entities one by one or use the /sync api endpoint.",
.......
I also tried changing json body to following
{
"data": {
"attributes": {
"value": {
"email": "test#gmail.com"
}
}
} }
Still it's not updating. Can somebody check and let me know what am i missing?
Documentation I followed:
https://shopware.stoplight.io/docs/admin-api/ZG9jOjEyMzA4NTQ5-writing-entities
This website has all apis and example methods. https://swagger.docs.fos.gg/,
rule-condition entity can also be found there.
Btw : I used postman for testing api
You're passing an array of objects in the request body, suggesting you want to update multiple records, but the endpoint only supports updating a single record. The correct payload in your case should look like this:
{
"value": {
"operator": "=",
"email": "test#gmail.com"
}
}
Notice that value is a json field and not only includes a single value. The exact content and the names of the properties of value depend on the type of condition used and usually it also includes the operator used in the condition.
I have a scenario where I want to restrict access to a document based on his IP address using ory/keto authorization service.
It looks like I can't achieve contextual attribute based authorization using ory/keto. I couldn't find any docs on that in ory/keto doc space. I tried few authorization check payloads to pass the dynamic attributes for the user. An example is provided below (I tried and it didn't work, ory/keto doesn't allow nested subject_sets).
{
"namespace": "document",
"object": "document",
"relation": "view",
"subject_set": {
"namespace": "user",
"object": "john",
"relation": "is",
"subject_set": {
"namespace": "ip-address-range",
"object": "0.0.0.10/11"
}
}
}
Can we achieve Contextual and Time-based authorization with ory/keto? If we can, can I get an example of how could I do it?
There is an issue for this (which was probably the inspiration for Auth0/OpenFGA): https://github.com/ory/keto/issues/319
It is a cool feature but there is no implementation effort yet.
I'm trying to convert from firebase into an auth0 db, by converting firebase export data into the auth0 bulk user import format.
I have a user in firebase (under the firebase_export) section, and the firebase hash config itself (hash config below),
but I'm not clear on how the base64_signer_key fits in or the salt used in the export.
{
"firebase_export": {
"localId": "localId",
"email": "e#ma.il",
"emailVerified": true,
"passwordHash": "base64hash",
"salt": "user_salt",
"lastSignedInAt": "1649680364736",
"createdAt": "1649680237223",
"disabled": false,
"providerUserInfo": []
},
"hash_config": {
"algorithm": "SCRYPT",
"base64_signer_key": "base64_signer_key",
"base64_salt_separator": "base64_salt_separator",
"rounds": 8,
"mem_cost": 14
}
}
I think the schema should look like this, but this is not working.
(I log in to auth0 with a known password and it fails, while passing in firebase).
[
{
"user_id": $localId,
"email": $email,
"email_verified": $emailVerified,
"custom_password_hash": {
"algorithm": "scrypt",
"hash": {
"value": $passwordHash,
"encoding": "base64"
},
"salt" : {
"value": base64Decode($salt) + base64Decode($hash_config.base64_salt_separator),
// based off reading https://github.com/firebase/scrypt
"encoding":"utf8",
"position" "suffix", // based off reading https://github.com/firebase/scrypt, uses PBKDF2_SHA256 which places salt as suffix.
},
"password" : {
"encoding":"utf8"
},
"keylen": 64,
"cost": 2**$hash_config.mem_cost,
"blockSize": $hash_config.rounds,
"parallelization": 1,
},
"blocked": $disabled
}
]
Because Firebase uses a custom bcrypt rather than the standard implementation, auth0 said it is unable to import users.
Other solutions to try:
add a login callback within your code to create/update/delete users in auth0 in an async fashion, to slowly migrate users over.
pay auth0 lots of money to run a custom db migration (still slow).
migrate all users without password and say that we need all users to reset their password
all of which sound suboptimal
I am new to Dialogflow so my question may be too simple. However, I do not understand what is the purpose of naming actions in Dialogflow. I have watched videos on youtube and people in them are using actions when they have a webhook. For example they may have an if condition in their source code
(e.g. in python
if action == 'action_name':
...
)
which executes something particular in this case.
However the json output which is retrieved by the source code has the following form:
{
"id": "123d9e8e-314f-451b-8b15-5e3b55baa980",
"timestamp": "2018-03-16T17:03:05.987Z",
"lang": "en",
"result": {
"source": "agent",
"resolvedQuery": "Hello",
"action": "input.welcome",
"actionIncomplete": false,
"parameters": {},
"contexts": [],
"metadata": {
"intentId": "effe6b2b-3372-4f89-882f-ff937b2b2abb",
"webhookUsed": "false",
"webhookForSlotFillingUsed": "false",
"intentName": "Welcome"
},
"fulfillment": {
"speech": "Hello, how can I help you?",
"messages": [
{
"type": 0,
"speech": "Hello, how can I help you?"
}
]
},
"score": 1
},
"status": {
"code": 200,
"errorType": "success",
"webhookTimedOut": false
},
"sessionId": "491d57cb-0af2-45ac-a658-9e47ec6658ce",
"alternativeResultsFromKnowledgeService": {}
}
Since the json data contains the IntentName why to bother naming an unique action for this specific intent when you can get directly the name of the intent in your json?
I tend to think of this in two ways, depending on exactly what I'm building. (Or sometimes a combination of these two ways.)
The Intent Name is a human-usable name, while the Action is something that is more intended for use by the webhook and more directly maps to a function.
Since you can have more than one Intent use the same Action, it can be convenient to map a few different ways the user may say something (and the parameters they may send along with them) to the same method. While you could do that by listing all the different Intent names in your code, it is easier to do that on the Dialogflow side.
In truth - use whatever works best for you. I tend to name my Intents and my Actions very similarly, but do branching based on what makes the most sense for the code (which sometimes also includes other values that may be sent).
I'm trying to implement VK API, so thanks OAuth code I get a token and just add this scope offline,audio and now doing this request:
https://api.vk.com/method/account.getInfo?access_token=XXXXX&v=5.62
And go this in return:
{
"error": {
"error_code": 15,
"error_msg": "Access denied: no access to call this method",
"request_params": [
{
"key": "oauth",
"value": "1"
},
{
"key": "method",
"value": "account.getInfo"
},
{
"key": "v",
"value": "5.62"
}
]
}
}
Why, there's a scope for this too?
Your application isn't Standalone type or you received access token not via Implicit Flow scheme.
Note: you should set parameter redirect_uri=https://oauth.vk.com/blank.html to get access token without limitations. In other ways access token will be limited to call methods which available only for standalone applications.
you also need to place
scope=messages in authorization method
GetToken.Navigate("https://oauth.vk.com/authorize?client_id="+ VkAPI.__APPID + "&display=page&redirect_uri=https://oauth.vk.com/blank.html&scope=messages&response_type=token&v=5.87&revoke=1");