I am using streaming api and cometD in community.
It works fine for authorized users but still doesnt work for Guest user. For example, in anonymous window. And every time i receve Handshake denied w/ error '401::Authentication invalid'.
What's the problem exactly? But if i log in anonymous window to org then it works.
Perhaps you will be using {!$Api.Session_ID} which will return null in the case of Salesforce Guest user.
Because Guest User doesn't have a session id to access salesforce streaming API.
You need to authenticate as a user in order to stream and subscribe to events for cometD.
If you want to stream events for guest users:
you have to spend a platform license by creating a dedicated user for it.
save the creds of a user in custom settings
generate an access token using the creds
use the access token as session-id while subscribing to platform events for guest users.
don't forget to remove the data access except for platform events.
Related
I have a problem of sending SMS via API within one account where we have a bunch of numbers with their own extensions.
The goal is to be able to use any of these numbers for sending SMS from Salesforce via callout.
I've created an app with "SMS", "Read Account" permissions.
When I try to send a request from Postman using "Account" credentials with or without extension number, I receive an error: "Phone number doesn't belong to extension"
I cannot log in with default account credentials and different extensions.
I do not have other users credentials.
I cannot add number to extension as it already have own extension.
Is there any way I can solve this? Please, advice.
For now, you need to use an access token authorized by a user (extension) that has privileges to send/receive SMS on the numbers desired.
Given the scenario you describe, you will need to add a degree of indirection between the user taking the action and the user extension to which the number is associated.
To do this, you will need to build an app that manages access tokens for the extensions to which the numbers are assigned. Then your user will need to separately log into the app and select the number, at which time the app will use it's separately managed access token.
The authorization for user extensions associated with the numbers may be able to be authorized using OAuth 2.0 Authorization grant flow or, if your app is a private app the OAuth 2.0 Resource Owner Password Credentials grant flow.
I'm using the /beta endpoints for Microsoft Graph API, but I'm getting an Unauthorized error when trying to create chat messages on behalf of other users (or any user).
In v1.0 of the API, the Create chatMessage method is not Supported, but in Beta it is: https://learn.microsoft.com/en-us/graph/api/channel-post-message?view=graph-rest-beta&tabs=http, as "Teamwork.Migrate.All" permission, which my Application has in Azure.
It is strange, because the same App can create Teams, channels and add members, but not add channel messages.
Anyone know where to look next?
Edit: I got this back now: "You need to add user delegated permissions in your application to at least Group.ReadWrite.All in portal.azure.com and then consent as user or Grant admin consent in portal. And re-run On behalf of a User | Get User Access Token request to update access token."
However, it does not make sense in regards to what the Beta documentation says about the permission "Teamwork.Migrate.All", which my app has as an "Application Permission": "Allows the app to create chat and channel messages, without a signed in user. The app specifies which user appears as the sender, and can backdate the message to appear as if it was sent long ago. The messages can be sent to any chat or channel in the organization."
If I'm an app and I have that permission, what should I do with a User Access Token? I'm using the App Access Token.
For simply posting message to Teams Channel using Application Permission is not supported by Microsoft Graph
Alternatively you can setup Incoming Webhook which is connector in MsTeams's channel and after finish set up on Teams channel you will received URL which you could use Postman or any API consumer app to send request(your message) to Incoming Webhook which will be post in Teams Channel
Sample Result Image
NOTE: Incoming Webhook is not support for replying post
You need to add user delegated permissions in your application to at
least Group.ReadWrite.All in portal.azure.com and then consent as user
or Grant admin consent in portal. And re-run On behalf of a User | Get
User Access Token request to update access token.
It seems that you need to use a user token instead of an application token to create chat messages. The only difference between them is that the user token requires the user to log in. The application token allows the application to create chat messages on behalf of other users. Currently, you can only use user tokens.
As your prompt message says, you need to grant the Group.ReadWrite.All delegation permission to the application, and then grant the admin consent for the permission, and then you need to use the auth code flow to obtain the access token.
Update:
I think what you are doing is importing messages, not creating chat messages, it does require you to have the Teamwork.Migrate.All application permission.
Importing messages is special, it requires you to create team and create achannel in the migration state, you need to include the migration value in the teamCreationMode and channelCreationMode instance attributes in the POST request. See: here.
I use Google API PHP Client in my website.
Once User login with Google after click Google Login button on my site.
I collect data from Google Response that's contain Google Profile ID data.
CHECK, Register and Login logic
If Profile ID not exist in my user table: I will store this visitor Google ID + another data from Google Response to mysql user table.
If profile ID is exist: I set visitor with session, and this user will login directly without need to entered password.
Is it secure to do this logic system for login and register? Is possible to hacker by pass Google ID with this Google PHP API client that's already build with unique token, client id and client secret.
I use PDO driver with prepared query.
Since Google Php client process is working in backend with multiple layer security by google (token, client id, client secret) + my server security (ex: CSRF protection); I personally consider Google PHP client is secure. Otherwise Google Account is hacked by someone who's can login client Account. But point of question is "is it Google Login secure? (PHP CLIENT)", the answered is 'Yes, is trusted and secure'. Because if someone can hack email account, hacker also can reset most of social and media accounts registered with that email even without Login Google button, because most of site with public user use email as verifiaction.
Good morning I am using internal mulesoft Access Management APIs API Reference. I have successfully setup my postman to get the security token after login, and even executed successfully the /api/users/me. However, regardless of the access provided to the connection/login user, i can't get the full list of users (/api/users), receiving a Not authorized error. Let me explain the context. We are running on a federated platform, so we can't manage the users registration from the console, but need to wait until they login through SSO the first time to grant access to the correspondent business group and role. There is a complain as the users need to send the admin a note letting know of their successful first login, and afterwards wait to receive the access to the business group. After they login for the first time, their profiles are created in the root org. You can see them only when you are in the master organization. However, you can't get their new user id when you request a list of users of this master organization (/api/organizations/{orgId}/users). We are looking to execute this /api/users in a batch app that runs periodically and do a cross verification to get the users not associated to any orgid or role. This way we can avoid the requirement of the user sending a note to the admin. When I execute the /accounts/api/users, (API Call), we receive a 401 Unauthorized response, despite the token is correct as it is working fine with the others APIs. there is no mention of any other parameter or requirement in the API reference.
Please advise what can be done to solve this authorization error and complete our app. Thank you in advance.
Had the same issue but figured it out.
Instead of calling /api/users, you should be calling
https://anypoint.mulesoft.com/accounts/api/organizations/{orgId}/members
to get a list of users
I've been reading lots of documentation about Google API access and OAuth flow using it but I don't seem to get it working in my mind, so I want to get some help first in order to have a clear idea about how it works then I can code it using the corresponding API.
What I want to achieve is feed a Java application running in a PC with specific Google user data, like localization through Google Latitude API. In order to get this, OAuth must be used, so I need getting the user consent, then access the user data from the application running in my computer, and I don't know how to manage this.
I've already registered my application with the Google APIs Console and enabled the Google Latitude module. I've also tried the Latitude console application here and it works properly (a browser tab opened asking for a Google user; I entered it and I got the location data), but I'm having problems when trying to adapt the program flow to my needs.
In my application, the 'remote' user is supposed to send a request (a custom JSON message) to the server asking for service enable/disable, like allowing the server to track his/her position through Latitude. Then, AFAIK, the server should send to the user a URL so the user can give the consent, but I don't know how to get this URL and how the server realizes about this consent and gets the token (automatically? Google tracks this authorization process?). Once my server gets the specific user token, then I should be ready to get service data for that user using the received token.
As I said before, I've tried according to different references, but as the documentation seems to be really scattered and much of it is already deprecated, I've been unable to get it working.
Judging from your description, the installed app OAuth2 flow seems to be the right one for you.
At some point, presumably when a user is installing your desktop app, you should fire up a browser - either embedded one in your app or the default browser - and sent them to this Google OAuth2 endpoint. In your request, fill out all the parameters as required by the doc: Latitude API scope, client_id, etc. Google, as an authorization server, will take care of user authentication, session selection, and user consent. If the user grants access to her data to your API, you will receive an authorization code either in the title of the browser window or at a localhost port.
Once you have the code, you can exchange it for an access token and a refresh token. The access token is what you need to call the API and access the user's data. It is short lived though - check the expired_in parameter in the response, I believe it is 3600 sec. - so you will need to periodically ping the token endpoint with your long lived refresh token and exchange it for an access token.
You can find a more thoroough description of this flow in the doc linked above.