I am using amazon sns mobile push for sending push notifications.For registering the device token with amazon I am using the CreatePlatformEndpoint.
As per amazon documentation(http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformEndpoint.html) :
The CreatePlatformEndpoint action is idempotent, so if the requester already owns an endpoint with the same device token and attributes, that endpoint's ARN is returned without creating a new endpoint.
But when I use the CreatePlatformEndpoint I am able to register the same token with the same attributes(User data) multiple times(upto 3 times). Not able to understand this behaviour.
chetna bhandari,
I was having this problem. I have a platform application for iOS (APNS) and another one for Android (GCM). For iOS, the method createPlatformEndpoint works fine. But for Android, creates multiples endpoints (up to 3, just like you) with same token. Next time I tried to use createPlatformEndpoint, throws an exception.
The correct way to do this is storing the endpoint in your application. If it's not stored yet, create and store.
Then, the pseudo-code is:
retrieve the latest device token from the mobile operating system
if (the platform endpoint ARN is not stored)
# this is a first-time registration
call create platform endpoint
store the returned platform endpoint ARN
endif
call get endpoint attributes on the platform endpoint ARN
if (while getting the attributes a not-found exception is thrown)
# the platform endpoint was deleted
call create platform endpoint with the latest device token
store the returned platform endpoint ARN
else
if (the device token in the endpoint does not match the latest one) or
(get endpoint attributes shows the endpoint as disabled)
call set endpoint attributes to set the latest device token and then
enable the platform endpoint
endif
endif
You can see in this link:
Create a Platform Endpoint and Manage Device Tokens
Related
I'm using ASP.Net Core 6 to build a secured Web API.
HOW I BUILT IT
dotnet new webapi --auth SingleOrg --aad-instance https://login.microsoftonline.com/ --client-id <CLIENT ID> --domain company.onmicrosoft.com --tenant-id <TENANT ID> --calls-graph true -o GraphTestService
APP REGISTRATION OF WEB API
I added a Scope in the Export API "EmployeeRecord.Read"
APP REGISTRATION FOR CLIENT (Public Client)
Added permission for Graph API (User.Read)
Added permission "EmployeeRecord.Read"
HOW I GET TOKEN USING THE CLIENT
I'm using "InteractiveBrowserCredential".
Everything works fine up until the Web service tries to call Graph API. It throws MsalUIRequiredException.
Understandable, since I did not include any graph API permissions when I requested a token.
FINALLY, THE PROBLEM
When I inspect the Bearer token that's returned, it has the "EmployeeRecord.Read" scope. Ok, that's fine. The Web API authorizes it; but the token doesn't have any permissions for Graph API.
When I add a graph API permission to the scopes, I get
AADSTS28000: Provided value for the input parameter scope is not valid because it contains more than one resource. Scope api://<APP URI ID>/EmployeeRecord.Read https://graph.microsoft.com/User.Read offline_access openid profile is not valid.
If I only include the graph API permission, the Web API returns an Unauthorized error.
WHAT I'VE TRIED
In addition to playing with the scopes, I tried adding my client application to the Web API app registration under the "Expose an API / Add A client Application". This made no difference. No difference in token or errors.
You are trying to add scopes for 2 different resource ,the scope parameter cannot be used to specify permissions for multiple resources similar issue .
we recommend you to use MSAL libarry , MSAL will store tokens for you and refresh whenever token is expired. Just call acquireTokenSilent to get an access token silently, and if you get an error, call acquireToken (see details on error handling here: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-handling-exceptions#msal-for-ios-and-macos-errors)
for more info please check similar issue
Thanks
I have a case where we use custom Authorization in Kubernetes via a webhook. Once authorized is there any way the user id could propagated on to the metadata or labels or env of a resource in Kubernetes.
Eg - When a user creates a pod, the userid should be available on the request object.
The only place where the user data is available is in the events that is available via audit logs.
You could use a mutating webhook to inject it. The webhook admission request struct has the user identity data and you can patch the incoming object in the admission response. There is nothing off the shelf for that though, you would have to build it yourself.
General explanation of the problem:
how can i get/log inside an application B, the error/exception message produced by an application A (error description and code are generated with a OnErrorPropagate). Application A is a Process API and B is an Experience Api both deployed on cloudHub.
More Details:
i have a Process API App. and a Experience API APP. deployed on CloudHub that retrieve client data from a DB.
.../getClient?client_Id=xxx
When inside the request the client_id params is not provided the below error message (generated inside an OnErrorPropagate) is shown
"message" : "bad request"
When a client call the Exp.API APP /getClient without the parameter, the PROCESS API APP (invoked by a flow inside the Exp.API implementation) respond with the above error message.... how can i retrieve this message in my Experience API Application?
If i try lo log the payload response (that should contain the error message) from an Experience API APP log, i always get an empty message.
So, is possible to pass an error message generated inside an OnErrorPropagate from an application (PROCESS API APP) to another app (EXPERIENCE API APP)?
All these applications are on cloudhub. Mulesoft 4
You can capture the the error response payload from the process API which will be present in the error object and set it as response for your experience API using this DW expression
#[output application/json --- error.exception.errorMessage.typedValue]
You should capture the payload response in the Experience API when you make the HTTP request to the Process API.
I have deployed an Express app on Heroku, set my web hook on the address and use my DG agent to make post request to the endpoint on Heroku.
The webhook passes over parameters's body to another web service and that's fine. I need to keep track of the cookie the web service passes back in order to send it back to keep the context of the conversation.
At the moment I am saving a file on the server with the Express's session id (req.session.id) and the cookie value. Everything works if I make POST call via Postman or via form, so let's say the web application is tracking sessions properly.
On the contrary, if I test my webhook with the DialogFlow agent, I receive a new session id per each request to my endpoint on Heroku.
I don't understand why... What am i missing?
I do not believe you can rely on the request from DialogFlow maintaining a cookie for you.
We are using DialogFlow, Google Actions, and Node.js. We retain session information by including data in the response we send back, which we then read when the next request comes in. When writing a response we put our session data (JSON) on the assistant.data attribute. When receiving a request we get session data from the incoming event.body.
We had considered trying to live off a unique ID of the incoming request, such as a user ID or device ID, but did not pursue it.
I want to make the glassware, it can take picture and upload taken picture to Google Plus with location information, insert a new card into timeline.
For the uploading the picture to Google Plus with native code by the the glassware, it need to use oAuth flow with GDK. So, that means our server should have to get "userToken" parameter by redirected callback URL according to the guideline of the authorization with GDK.
I also have to pass the flow of the authorization with Mirror API for getting the location information, inserting a new card into timeline. It means our server should have to get "code" parameter by redirected callback URL according to the Mirror API guideline.
However, when i submit the glassware on glassware's submit web page, i can just insert 1 Client ID into "Client ID" form.
According to the glassware guide line, the GDK have to insert the Client ID of Service and the Mirror API have to insert the Client ID of Web Application.
What i have to insert the Client ID into the submit web page ??
How can pass the authorization flow both the GDK and Mirror API ??
If you want to use both GDK auth and the Mirror API to insert items in the timeline, this is the steps that need to happen:
Create one single API Project in the APIs Console and enable the Mirror API --> seems that you've already done that.
Create client IDs:
Create a "Client ID for Web Application": this is the one you are going to use when inserting items in the timeline through the Mirror API
Create a "Client ID for Service Account": this is the one you are going to use when calling the GDK authentications APIs.
Give the API Project ID to the review team: this is the set of numbers that is in the URL (e.g https://console.developers.google.com/project/<PROJECT_ID>/...).
Give an auth URL to the review team: this should be a URL that points to your web server so you can retrieve the ?userToken query parameter for GDK authentication.
When the user clicks on "Install" in MyGlass and is redirected to your auth URL:
Retrieve and save the ?userToken query parameter.
Redirect the user to the OAuth 2.0 authorization URL (you could use the ?state query parameter to pass along the ?userToken query parameter for later use).
Once the user has approved the scopes and is redirected to your redirect URL, exchange the authorization code for OAuth 2.0 tokens (eventually retrieving the userToken in the ?state query parameter if you've used it in step #2).
Push whatever tokens you need through the GDK authentication API using the saved userToken.