Yodlee AddSiteAccount1 issues - yodlee

I am trying to verify various MFA based accounts Yodlee API by performing following steps:
Successful call to addSiteAccount1
In response, it does return siteAccountId
In response, it also provides site refresh status that REFRESH_TRIGGERED
if resp['siteRefreshInfo']['siteRefreshMode']['refreshMode'] == 'MFA' and
resp['siteRefreshInfo']['isMFAInputRequired'] == True and
resp['siteRefreshInfo']['siteRefreshStatus']['siteRefreshStatus'] ==
'REFRESH_TRIGGERED'
Now, calling getMFAResponseForSite repeatedly together with getSiteRefreshInfo results into initially code 801 and than 508 eventually timeout.
Eventually, I come out of the loop with result isMessageAvailable: True
{u'itemId': 0,
u'retry': False, u'timeOutTime': 99880, u'memSiteAccId': 10144098,
u'errorCode': 0, u'isMessageAvailable': True, u'fieldInfo':
{u'questionAndAnswerValues': [], u'numOfMandatoryQuestions': -1,
u'mfaFieldInfoType': u'SECURITY_QUESTION'}}
The only concern I have is that it provides mfaFieldInfoType, but it doesn't provide the actual question.
Couple questions:
a. How do I retrieve proper MFA question(s) for the site?
b. If user is initially coming into system and would like to link account more than couple second wait for user will kill the experience - so what's the recommended time period to be allowed to get MFA question?
c. Is this due to development vs. production environment difference?
d. I can retrieve account and holdings details for account, however than the account results in NON_REFRESHABLE state.

After calling addSiteAccount1 API, you get siteAccountId for an account.
Pass the siteAccountId to getMFAResponseForSite API and keep polling until you get the MFA form. then pass the MFA form with valid values to putMFARequestForSite API.
Please refer to our API flow- https://developer.yodlee.com/Aggregation_API/Aggregation_Services_Guide/API_Flow/Add_Site_Account
Blockquote
Sample response-
{ "isMessageAvailable": true, "fieldInfo": {
"questionAndAnswerValues": [
{
"question": "What is the name of your state?",
"questionFieldType": "label",
"responseFieldType": "text",
"isRequired": "true",
"sequence": 1,
"metaData": "QUESTION_1"
},
{
"question": "What is the name of your first school",
"questionFieldType": "label",
"responseFieldType": "text",
"isRequired": "true",
"sequence": 2,
"metaData": "QUESTION_2"
}
],
"numOfMandatoryQuestions": 2,
"mfaFieldInfoType": "SECURITY_QUESTION" }, "timeOutTime": 97340, "itemId": 0, "memSiteAccId": 10003775, "retry": false }

Related

How to config Cognito to get Facebook Login to pass back picture url included?

Recently I had configure to use amplify with #aws-amplify/ui-react library to login Federated users.
Once login, for google user, I would get payload like
{
"id": "",
"email": "",
"name": "",
"picture": "",
"token": ""
}
Yet for facebbook user, I get similar stuff but no picture info
{
"id": "",
"email": "",
"name": "",
"token": ""
}
I had tried to update config in my Cognito for Facebook provider. However, this failed to get picture info for me.
Is it possible to make amplify's federated login through Facebook to pass me back picture info as well? I know I could just call another Facebook api to retrieve picture, but I wish this could be avoided, since Google login would return picture info automatically.
P.S.
Here's my Facebook identity providers config:
PPS.
Here's my recent Cognito attribute mapping config:
For Facebook:
and in CognitoUserSession's idToken's payload:
the picture field would include a JSON object about profile picture's information
For Google, much simpler:
and the payload:
the picture field is simply the image link
Assuming you're requesting public_profile, use "picture" from Facebook Attribute is actually correct, I do face similar problems that I couldn't receive it until i delete the userpool, and creating a new one.
The value you will get from picture should be something like this
{
"data": {
"height": 50,
"is_silhouette": false,
"url": "https://platform-lookaside.fbsbx.com/platform/profilepic/?etcetcetcetc",
"width": 50
}
}

Storing branch attributes offline from Branch.io to track user attribution in my own database

I am trying to store our a campaign attribution identifier offline so that we can do some very custom analytics on the response. Our business team has very specific criteria for determining repeat user activities in our system that can't be tracked with normal analytics, at least not in a very simple way. They need to know how individual users were referred to our system via campaigns, links, etc.
I believe this is as simple as using branch.io to generate a link with specific data in that link. Then, assuming that user ever clicked that link, we should be able to, from our app, use the branch.io SDK to call out to branch.io, retrieve the attribution information, and then pass it to our own servers.
Is this use case possible with branch.io, and am I thinking of it correctly?
Create a branch.io link with a unique referral source
User clicks on that link which may or may not take them to an install
Eventually the user installs our app
On registration within our app we query branch.io using the SDK and ask it for existing attribution information associated to that user.
We make an API call to our own services and pass down whatever we got from branch.io and the user's ID to persist in our own analytics database.
Please let me know if this is possible and if we're thinking of it correctly. I believe this is fundamentally the same use case as custom on-boarding but need to verify for our management team before we bother to implement.
The client-to-server technique that you have described in your response will absolutely work with Branch! If you are interested in a server-to-server approach, your best bet would be to create a webhook from your Dashboard account for the Install event. When installs are referred you'll notice that the json data included in the response will have:
{
"metadata": {
"ip": "<purposely stripped out>",
"referred": true
},
"os": "iOS",
"session_referring_click_timestamp": "2016-02-09T15:57:23.411Z",
"session_referring_click_query": {},
"os_version": "9.2.1",
"first_referring_click_timestamp": "2016-02-09T15:57:23.411Z",
"first_referring_link_data": {
"date_ms": 1455033416690,
"date_sec": 1455033416,
"date": "2016-02-09T15:56:56.690Z",
"data": {
"$og_title": "Jingles Bingleheimer",
"$publicly_indexable": 1,
"face_index": "2",
"~creation_source": 3,
"$identity_id": "225633246304569572",
"monster": "true",
"+url": "https://bnc.lt/ALMc/pkZbNmazPq",
"$one_time_use": false,
"~id": "225633381004658863",
"~channel": "sms",
"body_index": "1",
"monster_name": "Matts Monster",
"$exp_date": 0,
"color_index": "4"
},
"branch_id": "225633381004658863",
"app_short_identifier": "625048",
"domain": "bnc.lt",
"channel": "sms",
"state": 1,
"href": "/ALMc/pkZbNmazPq"
},
"first_referring_click_query": {},
"event": "install",
"event_timestamp": "2016-02-09T15:57:51.019Z",
"session_referring_link_data": {
"date_ms": 1455033416690,
"date_sec": 1455033416,
"date": "2016-02-09T15:56:56.690Z",
"data": {
"$og_title": "Jingles Bingleheimer",
"$publicly_indexable": 1,
"face_index": "2",
"~creation_source": 3,
"$identity_id": "225633246304569572",
"monster": "true",
"+url": "https://bnc.lt/ALMc/pkZbNmazPq",
"$one_time_use": false,
"~id": "225633381004658863",
"~channel": "sms",
"body_index": "1",
"monster_name": "Matts Monster",
"$exp_date": 0,
"color_index": "4"
},
"branch_id": "225633381004658863",
"app_short_identifier": "625048",
"domain": "bnc.lt",
"channel": "sms",
"state": 1,
"href": "/ALMc/pkZbNmazPq"
},
"hardware_id": "<purposely stripped out>"
}
As you can see, it will include the referring link information in the response.
In general, installs will be referred if:
The user clicks on a Branch link and there is an identity associated to the link.
The user installing the app has not installed the app in the past.
Also, webhook documentation can be found here and the SDK will need to be integrated with your app so that Branch can understand that an Install event has occurred.
Note: You can also create webhooks on custom events such as "sign_up_complete" as well.

How to replace session with stateless rest apis?

So, I am trying to make a shopping cart web architecture on rest framework where I am struggling to use browser storages to use as an alternative to maintaining the state.
I tried the window.localStorage and window.sessionStorage() APIs but it failed in the case of the private browsing mode in Safari and Opera.
So can anyone help out in the figuring other methods by which I can maintain states in rest based architecture?
You don't need sessions to store application state. User resources.
On approach would be to model every shopping cart as a resource with a unique ID:
/shop/shoppingcarts/E73AC56C-BDF7-11E5-81F1-8E2EDB915C80
The client application in the browser would read this resource:
GET /shop/shoppingcarts/E73AC56C-BDF7-11E5-81F1-8E2EDB915C80
It would add an item to the cart:
POST /shop/shoppingcarts/E73AC56C-BDF7-11E5-81F1-8E2EDB915C80/items
{
"itemId": "1234",
"quantity": 1
}
It would list the contents of the shopping cart:
GET /shop/shoppingcarts/E73AC56C-BDF7-11E5-81F1-8E2EDB915C80/items
[
{
"itemId": "1234",
"title": "Some nice item",
"quantity": 1,
"price", 12.34,
"priceTotal": 12.34
},
{
"itemId": "9876",
"title": "Some other nice item",
"quantity": 2,
"price", 0.99,
"priceTotal": 1.98
}
]
The web application would remove an item from the cart:
DELETE /shop/shoppingcarts/E73AC56C-BDF7-11E5-81F1-8E2EDB915C80/items/9876
I think you get the idea.

How to specify team/organization permissions for Trello API token?

I can request a token for a user by visiting the following url:
https://trello.com/1/connect?key=<key>&name=appName&response_type=token&scope=read,write&expiration=never
However, when I request the token's info through the API, I get a response that looks like this:
{
"id": "...",
"identifier": "appName",
"idMember": "...",
"dateCreated": "2015-10-15T05:21:19.886Z",
"dateExpires": null,
"permissions": [
{
"idModel": "*",
"modelType": "Board",
"read": true,
"write": true
},
{
"idModel": "*",
"modelType": "Organization",
"read": true,
"write": true
}
]
}
I'd like to be able to request a token only grant privileges to a specific organization. But I can't seem to find clear documentation on what kinds of options the /1/connect endpoint accepts, or what other method I can use to obtain a token for a specific organization that does not expire.
I could make a machine user with access only to the organization, but it would be a shame to pay for another user account when I only want a subset of the permissions I already have.
I don't think that would be possible as you just authenticate against the API as that user and therefore have the ability to see everything that user can. The only way I'm aware of would be (as you suggested) to create a new user and limit what they can see.

Yodlee process MFA with null mfaInfo.fieldInfo

According to
https://developer.yodlee.com/Aggregation_API/Aggregation_Services_Guide/API_Flow/Refresh_Account
once I've received response with isMessageAvailable = true and errorCode is empty I should call getMFAResponse (actually I'm using getMFAResponseForSite)
this response should contain not null mfaRefreshInfo.fieldInfo. Unfortunately all cases I was able to test fieldInfo were null.
Could you please help me to understand what I'm doing wrong. SiteAccountId is 10038630.
If you are using getMFAResponseForSite then use this refresh flow
Now response of getMFAResponseForSite depends upon how soon yodlee encounters the MFA after login attempt.
There are 3 types of responses you can get -
{ "isMessageAvailable": false, "timeOutTime": 0, "itemId": 0,
"memSiteAccId": 10000502, "retry": true }
On your 1st call to the MFA API you may get this if there is a delay in bringing the MFA data , hence you need to go back and call this API again (as suggested in the flow to loop).In this case if with messageAvailable if false and timeoutTime > 0 then it means that Yodlee has timed out the request and you can abort the refresh and try re-initiating it.
{
"isMessageAvailable": true,
"fieldInfo": {
"responseFieldType": "text",
"minimumLength": -1,
"maximumLength": 6,
"displayString": "Security Key"
},
"timeOutTime": 97640,
"itemId": 0,
"memSiteAccId": 10000052,
"retry": false
}
This is the case where you get the MFA response. Here you can see that isMessageAvailable is true and you have field info populated. This response can come at 1st call of getMFAResponseForSite or after 1 or 2 loops.
{
"isMessageAvailable": true,
"fieldInfo": {
"questionAndAnswerValues": [],
"numOfMandatoryQuestions": -1
},
"timeOutTime": 98480,
"itemId": 0,
"errorCode": 0,
"memSiteAccId": 10039332,
"retry": false
}
In this case you can see that there is an error code present, if it's 0(zero) that means login was successful without MFA and Yodlee is able to navigate to account summary page. In case error code is non zero then please refer error code page
Now in your case the siteAccountID is failing with error code 429 and hence you should be getting that information in getMFAResponseForSite API.
can you make sure you are following the right refresh flow and making the right API calls as ideally the behavior will not change from what is represented in the flow diagram.