https://firebase.google.com/docs/reference/security/database/#authtokenF
{
"rules": {
"c":{
".write":"newData.child('email').val()=== auth.token.email"
},
}
}
Always it showing "Simulated write denied"
How to solve this problem ? Is there any mistake with my firebase rule
It looks like you're not providing an email address in the authentication data.
When you select a provider, the simulator shows the exact auth.token payload that it will use. For the Google provider my Auth token payload looks like this:
The simulator takes the literal JSON that is shown in here, and uses it as auth.token.
{
"provider": "google",
"uid": "27e08474-4e33-460d-ba92-ba437c6aa962"
}
Since there is no email provided, your rules (correctly) fail.
For testing this scenario, you'll want to switch to a custom provider, so that you can specify your own auth token with an email property:
Related
An app that has been working successfully for a couple years has started throwing the following error whenever trying to respond to the NEW_PASSWORD_REQUIRED challenge with AWS Cognito:
{"__type":"NotAuthorizedException","message":"Cannot modify an already provided email"}
I'm sending the below, which all seems to match the docs.
{
"ChallengeName": "NEW_PASSWORD_REQUIRED",
"ClientId": <client_id>,
"ChallengeResponses": {
"userAttributes.email": "test#example.com",
"NEW_PASSWORD": "testP#55w0rd",
"USERNAME": "testfake"
},
"Session": <session_id>
}
Nothing has changed on the front end; is there a configuration change we might have done on the Cognito/AWS side that might cause this error?
I started getting the same error recently. I'm following Use case 23 Authenticate a user and set new password for a user. After some investigation, I found that it is the email attribute in userAttributes that's causing completeNewPasswordChallenge to throw the error. The userAttributes I get from authenticateUser used to be an empty object {}, but it now looks like this:
{ email_verified: 'true', email: 'test#example.com' }
I had to delete the email attribute (as well as the email_verified attribute as shown in the example code in Use case 23) before using the userAttribute for a completeNewPasswordChallenge. So my code is now like this:
cognitoUser.authenticateUser(authenticationDetails, {
...
newPasswordRequired: function(userAttributes, requiredAttributes) {
// the api doesn't accept this field back
delete userAttributes.email_verified;
delete userAttributes.email; // <--- add this line
// store userAttributes on global variable
sessionUserAttributes = userAttributes;
}
});
// ... handle new password flow on your app
handleNewPassword(newPassword) {
cognitoUser.completeNewPasswordChallenge(newPassword, sessionUserAttributes);
}
I guess aws changed their api recently, but I haven't found any doc about this change. Even though the value of the email attribute is the same as the actual email of the user, it throws the Cannot modify an already provided email error if you include it in the request. Deleting it solves the issue.
For my React Native app I am using Parse JS SDK and hosted Parse Server on Back4app.
When I try to register a new user, the user is not authenticated because the response does not return a sessionToken.
However, once the user is in the db and signs in a sessionToken is returned and the user is authenticated successfully.
Request
The request is the same for sign in/up.
await Parse.User.logInWith('google', {
// auth data received from #react-native-community/google-signin
authData: {
id,
id_token: token
}
})
Response on initial Sign Up
The response is supposed to return a sessionToken which is missing. So the user is not authenticated and modifications on the user object are not possible.
{
"authData": {...},
"createdAt": "...",
"objectId": "...",
"updatedAt": "...",
"username": "..."
}
Response on sign in after user was created
{
"ACL": {...},
"authData": {...},
"createdAt": "...",
"objectId": "...",
"sessionToken": "...",
"updatedAt": "...",
"username": "..."
}
I don't use any cloud code. Just a simple auth flow with Google oAuth.
Any help is highly appreciated.
Edit: same issue for 'sign in with Apple'
As far as I know, according to the Official Documentation, Parse will respond 200 (HTTP OK) and include the Session Token only when it verifies the user is already associated with the OAuth authentication data.
So, again, as far as I know, the very first request when you create the user, will not contain the sessionToken.
Take a look to this tutorial https://www.thinkertwin.com/how-to-setup-google-oauth2-login-with-parse-server-in-react/
Here there is an explanation on how to setup your Cloud Code. It's for React, but with small adjustments it will work for React Native.
You also need Cloud Code as you need to store your Client ID and Secret. You don't want to have those on your public application
I have an Express app which supports Google authentication and authorization via passport. I have begun integrating it with Google Assistant and things were going quite well but I am having trouble with the account linking as described at https://developers.google.com/actions/identity/google-sign-in#start_the_authentication_flow
Using the method in the docs at https://codelabs.developers.google.com/codelabs/actions-2/#4 I was able to get user details but when I try to modify to support
app.intent('Start Signin', conv => {
conv.ask(new SignIn('To get your account details'))
})
and
app.intent('Get Signin', (conv, params, signin) => { ...}
the dialogflow always falls back to my default fallback intent and I get an error in Express console
Error: Dialogflow IntentHandler not found for intent: Default Fallback Intent
My dialogflow intent is set to use webhook and other intents work fine (until I add these sign-in intents!)
Reading this thread Dialogflow IntentHandler not found for intent: myIntent (Dialogflow V2) it was suggested that the intent name rather than the action name is used so I check my Actions on Google simulator and the request contains:
"inputs": [
{
"intent": "actions.intent.SIGN_IN",
"rawInputs": [
{
"inputType": "KEYBOARD"
}
],
"arguments": [
{
"name": "SIGN_IN",
"extension": {
"#type": "type.googleapis.com/google.actions.v2.SignInValue",
"status": "OK"
}
}
]
}
],
so I tried updating my Dialogflow intent name to actions.intent.SIGN_IN and modifying the intent name in my Express app accordingly but it doesn't make any difference.
The simulator response includes:
"responseMetadata": {
"status": {
"code": 14,
"message": "Webhook error (206)"
},
but I'm not sure if that is just because for some reason the intent names are not matching up. Any help much appreciated!
As you speculate in the comments, the issue is that your "Get Signin" Intent isn't registered to get the event indicating that the user has signed in (or failed to). Since there is no such Intent setup, it ends up calling the Fallback Intent, which apparently doesn't have an Intent Handler registered in your webhook.
To make your "Get Signin" Intent get the sign-in event, set the "Event" field to actions_intent_SIGN_IN. (Note the similarity to the Intent name you saw in the simulator, but using underscores instead of dots.)
As an aside, the simulator was showing you what the communication between the Assistant and Dialogflow looks like, so it can be somewhat confusing to understand what Dialogflow is doing with it. It didn't have anything to do with the name of your Intent or anything else.
Finally, it often isn't necessary to do this check. You will know if the user is signed in because either the auth token has been set or the id token has been set (depending on your method of Account Linking).
I have a mobile app containing payment method via MasterCard. I have this tutorial:
https://ap-gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/api.html?locale=en_US
I want to create Tokenization which contains customer's master detail, I have followed this tutorial part:
https://ap-gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/operation/Tokenization%3a Create or Update Token (with system-generated token).html?locale=en_US
I tried with :
POST https://ap-gateway.mastercard.com/api/rest/version/41/merchant/{{MyMerchantID}}/token
Params:
{
"sourceOfFunds": {
"type": "CARD",
"provided": {
"card":{
"number": "5123450000000008",
"expiry": {
"month": "05",
"year": "17"
}
}
}
Note: The number is a mastercard test number.
I am always get this error:
error
cause "INVALID_REQUEST"
explanation "Invalid credentials."
result "ERROR"
I followed the params in second URL.
Can anyone help? Are the params correct or I missed something?
In your configuration file, you need to set the following:
$configArray["merchantId"] = "[merchantId]";
// API username in the format below where Merchant ID is the same as above
$configArray["apiUsername"] = "merchant.[merchantId]";
// API password which can be configured in Merchant Administration
$configArray["password"] = "your api password";
Setting the above parameters in the config file will solve your problem
Try replacing "ap-gateway" with the real gateway provided for you. Your merchantID is not supported in test gateway.
First, you should ask you bank to enable the tokenization for your merchant account
POST
https://ap-gateway.mastercard.com/api/rest/version/61/merchant/{{MyMerchantID}}/token
you have to set Authorization->Basic Auth
Username : Your_MerchantID
Password : ApiPassword
Params:
{
"session": {
"id": "SESSION0002510583427E2239608H32"
}
}
Following the server-side authentication proceedures defined here: https://developers.facebook.com/docs/authentication/server-side/.
Ran this command:
https://www.facebook.com/dialog/oauth?client_id=xxxxxx&state=you&redirect_uri=http://lovers.net&scope=ads_management,offline_access
Which results in this:
=">http://lovers.net/?state=you&code=AQA7c30iVuCyDJzlKP8-9z_Rv7JhpnHEEfsiT5doge1TL--WSXdK9NjCl7q7_Ldovrc9SrlaOZe9VzS1pvelthA2hD72Q5aTVjFlviNPuQJ1U3LP16e7zY7lI5avSlcL1wZoOYYi5JeoOsPwe9HaeQvtfBQSYVX2WQCbo2tVFYboSq1_FNSHOpAKsaW86-1IJM#=
Which I turn into this:
=">https://graph.facebook.com/oauth/access_token?client_id=xxxx&redirect_uri=http://lovers.net&client_secret=xxxxx&code=AQA7c30iVuCyDJzlKP8-9z_Rv7JhpnHEEfsiT5doge1TL--WSXdK9NjCl7q7_Ldovrc9SrlaOZe9VzS1pvelthA2hD72Q5aTVjFlviNPuQJ1U3LP16e7zY7lI5avSlcL1wZoOYYi5JeoOsPwe9HaeQvtfBQSYVX2WQCbo2tVFYboSq1_FNSHOpAKsaW86-1IJM#=
Which results in this:
{
"error": {
"message": "Error validating verification code.",
"type": "OAuthException",
"code": 100
}
}
Most likely you've specified a different value for the redirect_uri parameter in the call to /oauth/access_token as you did when you sent the user to the auth dialog - this is the case in the example you've posted in the question, so check it's not also the case in your code.