I get an error when i press "allow button" in the push notification.
In auth0 logs this error appear:
Type OTP Auth failed
Description Guardian - Second factor verification failed: RSA challenge validation failure
My problem was that in the mobile phone, i had deactivate the option "automatic time zone and auto date/time" when i activated this option, the login works.
Related
I'm using firebase as my OTP, whenever I log-in thru my app it always send OTP....can I create a code that can check if the number is already signed in on the console so it won't send OTP again??
Firebase automatically persists and restores the user's credentials when the app is restarted, so you should not have to send an OTP each time.
Check on how to detect the user's authentication state for your platform the first snippet in the documentation for Android, iOS, and Web
I'm working on building a mobile / web app and would like to utilize AWS Cognito for authentication.
I wanted to do a Proof Of concept before implementing it completely. As part of that, I have setup a user pool and used Amplify to Signup, SignIn users.
As part of Sign up I was able to verify the user using verification code to either a phone (or) email.
Also as part of Sign In, I received the MFA tokens in my phone/email and validated the MFA before logging in.
My question is, I would like to differentiate email/phone verification methodology(SignUp) vs MFA Token methodology(SignIn).
Is it possible to verify user email via a verification link (SignUp) and utilize token based MFA for SignIn ?
I tried changing the user pool MFA message from code to link. I m getting a verification link in my email, however I m not getting an MFA - because I have used email as my verification method.
Per the documentation, email verification doesn't trigger MFA as part of SignIn.
In your user pool, if you have selected both email and phone as required,phone is given more priority. At the time of sign up and sign in, you are just given a MFA code via sms but not email.
But if you want to use Email for sign up and phone MFA sms code for signing in, please read this-
You need to call 3 methods(GetUser,GetUserAttributeVerificationCode and VerifyUserAttribute) from the AWS SDK to verify the other attribute.
Referfence Article - AWS Docs
Hope it helps.
We have developed an new application which has been integrated with Google File Picker API on Client side application. We are trying to show the OAuth Consent Screen to the end user by showing the Application name " Gsuite Intergration" when the user try to login OAuth Sign In screen.
For running the application from local development server (https://localhost:4200) then OAuth pop up showing the Application name like "Continue to Gsuite Intergration" before the Sign in Header. Its expected behaviour what we are looking. Please refer the "GoogleFilePickerPopup_Localhost.png" attachment.
But when we deploying same application into the server (https://applicationname.domain.com) then OAuth pop up showing as "Continue to domain" instead of "Continue to Gsuite Intergration" before the Sign in Header. Its not expected behaviour as we need to display the Application name what we have updated Under the Oauth Consent screen. Please refer the "GoogleFilePickerPopup_server.png" attachment.
You need to request app verification so your brand configuration can be verified before the name is displayed to your users. See the OAuth App Verification FAQ about circumstances under which verification is needed: https://support.google.com/cloud/answer/9110914?hl=en#circumstances
I'm in development mode. The link I'm using to login into facebook is already using _top as target
Here is the error:
Refused to display
'https://www.facebook.com/connect/ping?client_id=299414960683257&domain=localhost&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D43%23cb%3Df6b24dd350a5c%26domain%3Dlocalhost%26origin%3Dhttps%253A%252F%252Flocalhost%252Ff1a8662460963a%26relation%3Dparent&response_type=token%2Csigned_request&sdk=joey'
in a frame because it set 'X-Frame-Options' to 'deny'.
I had same error in a previous project and I resolved just using _top as target. Another important detail is that I've no error if the user is already logged in facebook. So the error is shown only when the login procedure try to show login page, the same doesn't happens on first access when the user have to allow permissions required by the app.
As I understood in development mode only app's developers, testers and administrators can login. But I can't find anywhere that the user must be already logged in when click on login button. May this error disappear when the app switch in live mode or there could be other problems?
When accessing "/api/auth/facebook" i'm redirected to facebook ouath dialog, but when trying to cancel, i keep getting redirected to the same facebook ouath dialog.
This means i cannot cancel this process.
Is this a bug?
I fixed this issue a little while back.
https://github.com/ServiceStack/ServiceStack/pull/850