querystring parameters in callback URL for AWS Cognito - amazon-cognito

I was using the default login page for cognito & trying to pass query parameters in the callback URL. It seems to work only with 1 query param but not 2 (did not try more than that). I tried encoding the query parameters of the URL (as was mentioned in some posts here) but did not work.
What works
http://localhost:6768/portal.html?up=us-east-2_4AIAW7KJa
what doesn't work
http://localhost:6768/portal.html?up=us-east-2_4AIAW7KJa&idp=us-east-2:2a45e21c-2541-4dcc-9edb-3015ee5fcb96
http://localhost:6768/portal.html%3Fup%3Dus-east-2_4AIAW7KJa%26idp%3Dus-east-2%3A2a45e21c-2541-4dcc-9edb-3015ee5fcb96
Any clue how to make this work? For now, I have cheated & feeding it as val1=val2 & parsing it out.
I created the user pool, identity pool using cloud formation scripts.

This is the purpose of the STATE variable - Documentation & Reference.
To properly configure the state variable: &state=testparam1=param+testparam2=newparam

Response from AWS -
In the console you should provide the unencoded URL -
https://www.google.com?val1=a&val2=b. When accessing the hosted UI you
have to provide the encoded redirect URL -
redirect_uri=https%3A%2F%2Fwww.google.com%3Fval1%3Da%26val2%3Db
Hope this helps!

Related

Firebase Dynamic Links ofl parameter not working

I was creating short dynamic links with the py-firebase-dynamic-links where we can set parameters presented here. However, there is no desktopFallbackLink parameter to be used on the REST API.
I need to set a link to open on desktop. What I am trying to do now is to create the dynamic link manually (to be able to set the ofl parameter) and to use the REST API only to generate the short link (the request payload only contains the longDynamicLink instead of the parameters)
But I may be constructing the url in the wrong way.
Here's how the url looks like at the moment:
{DYNAMIC_LINK}/?link=http.examplelink.com/confirm-account?uuid={uuid}&token={token}/&apn={package_name}&ibi={bundle_id}&ofl={desktop_link}"
example:
https://my_subdomain.page.link/?link=my_deep_link?uuid={uuid}&token={token}&apn=package_name&ibi=bundle_id&aofl=desktop_link
The link that is now generated opens the correct screen both on iOS and Android (but I am not sure if uuid and token parameters are passed correctly because I haven't tested).
But on the desktop it does not open the link specified on the ofl parameter. And it only show the uuid on the url path, not even the token parameter is correctly passed.
I tried to encode the url but it made no difference.
Does anyone know where the error is or how can I set the ofl parameter correctly?
EDIT:
I now have: https://my_subdomain.page.link/?link=my_encoded_deep_link&apn=package_name&ibi=bundle_id&afl=encoded_desktop_link&d=1
With d=1 I can see that the target url encoded_desktop_link is disallowed. What does disallowed url means?

Informatica using URI based REST API

I'm having real trouble getting Informatica PowerCenter or Developer to call a URI based REST API and I'm doing it for something simple (JIRA's API). Basically I want to call JIRA's worklog REST API which is a different URL for a list of issue ids and write it to our DB.
https://docs.atlassian.com/jira/REST/6.2/
/rest/api/2/issue/{issueIdOrKey}/worklog
Informatica PowerCenter supports only HTTP transformation which is only a simple GET. Unfortunately the latest version is still stuck in the 'old' query type URL building where they append inputs into search strings. E.g. if I have a "key" input field with value "ABC-1" and the URL is jira/rest/api/2/search it would actually build the URL on the fly into jira/rest/api/2/search?key=ABC-1. While some of JIRA's API works this way, some use the URI way e.g. jira/rest/api/2/ABC-1/worklog which requires embedding the value into the URI. There's no way I can get this to work :-
if I do jira/rest/api/$key/worklog it still converts the URI into jira/rest/api/$key/worklog/?key=ABC-1 so $key does not get replaced
even if i pre-build the URI outside the mapping it's not feasible as the URI needs to be dynamic to the list of JIRA keys and anyway because it appends ? at the end JIRA throws an error (because ? is a reserved key word for this API)
HTTP transformation does not support NTLMv2 authentication which our company's JIRA instance may upgrade to shortly
Last resort is to use a Java transformation in which Informatica has quite little value add. This also means I need to somehow pass in the JIRA user password for authentication which is a separate challenge (versus just storing as a HTTP connection)
Informatica Developer supports REST Web Consumer Transformation but has similar limitations with only building query type URL. Even worse I can't even dynamically build the URL since it's fixed to the HTTP connection object URL.
Am I straight outta luck?
I got the query and here I would like to answer about this. I can write here only points and it might be you won’t be able to understand that thing properly. So Here I am putting link of blog where the task "how to informatica read rest api is mentioned in detail step by step with video tutotial. Some examples are also there. Feel free to visit
https://zappysys.com/blog/read-json-informatica-import-rest-api-json-file/
Hope it will help.

Auth0 is redireting to my callback-url with an additional #_=_

I am using the auth0-service and I have observed, that after a user logs in successfully, the callback-url is called with an additional string "#_=_"
How can I turn that off? I have already searched the documentaiton at auth0, but searching for "#_=_" does not yield reasonable results
I even had to escape that string with backslashes here in the SO-editor, because it was beeing interpreted...
Please can you offer more information - what library / SDK are you using? For example, what happens if you use:
https://{{YOUR_TENANT}}.auth0.com/authorize?client_id={{YOUR_CLIENT_ID}}&protocol=oauth2&redirect_uri=https://jwt.io&response_type=token id_token&scope=openid email&nonce=123&state=xyz
Just add https://jwt.io as an allowed callback URL in your client settings from Auth0 dashboard.
Bear in mind that for SPA apps etc, the tokens are returned using URL hash fragments - this is deliberate as only meant for Client side consumption - see here for quick description. Mention this only in case you were confusing correct behaviour?

How to return a relative URL from ASP.NET's GetUrlHelper()?

In an ASP.NET MVC 4 website I'm using Web API to return JSON-formatted resources including links for authorized actions (e.g., DELETE). To create these links I'm using the GetUrlHelper() extension method on the HttpRequestMessage...
_httpRequest.GetUrlHelper().Link( routeName, routeValues );
My concern is that the string returned from Link() is a fully qualified URL (it includes the https://example.com/...) when all I think I need is the relative URL (just the /my/resource). Currently, I've got a server problem where our production environment is adding http when it should be https, which doesn't work. I can fix that separately, but it raises the question, should I just supply a relative URL? And if so, is there a better way of getting a relative URL than trimming off the root part of the UrlHelper.Link()-generated URL?
Edit:
After consulting Richardson's & Ruby's meritorious RESTful Web Services, I believe more firmly that a relative URL is wholly appropriate here.
Does the PathAndQuery on Uri help you?
Example: (new Uri(_httpRequest.GetUrlHelper().Link("DefaultApi", new { controller = "Values", p1="abc" }))).PathAndQuery...this would give you like /my/resource?p1=abc

Can we use Request.QueryString in classic ASP if using URL masking?

I'm writing a website for a local club of ours. I've got all the site written in ASP linked to our backend SQL server and it works lovely. I want to create player profiles now. Normally I would use "(a href=playerdetails.asp?ID=1) Player 1 (/a)" then in the ASP section of the page use strsql = "SELECT * FROM Players Where ID=" & request.querystring("ID").
However, this is where my problems starts. To save money for the club, I am also hosting the site for them on my private domain. We have registered there domain and instead of paying for hosting, we're just redirecting the traffic via the domain registers URL forwarding, using masking. Therefore instead of the URL saying www.mydomain.com/club/ it says www.club.com.
Thus the original question... Can I use request.querystring with the setup we have? If not, is there a way around it as the club doesn't really have the budet for a hosted site with SQL in the backend.
Thanks in advance,
Paul.
PS <'s in the link replaced with ('s to display correctly.
A couple of things:
URL Masking uses frames to hide the actual URL. You can still use query string values in the URL, however you will not see the URL in the address bar change, because it will always be www.club.com do to the URL masking.
http://en.wikipedia.org/wiki/Domain_Masking
Second you are opening up your site to SQL injection attacks:
NEVER trust user input
NEVER use Request.QueryString or Request.Form in SQL states without filtering out bad characters and keywords.
http://en.wikipedia.org/wiki/SQL_injection