I'm using the Pushpad.xyz library and got my Chrome notifications to work. On Firefox, I call pushpad('unsupported', callbackFunction) and the callbackFunction successfully executes (another bug that I am figuring out separately since Firefox should be supported). However, I am unable to get Safari notifications to work. I entered my Apple developer's certificates as requested in https://pushpad.xyz/docs/pushpad_pro_requirements.
pushpad('init', projectID);
pushpad('uid', signature);
pushpad('subscribe', function(isSubscribed) { alert(isSubscribed); });
pushpad('unsupported', function() { alert('Unsupported browser'); });
On Safari, I don't get the callback to unsupported and the docs say that Safari is supported. Why does it say that the user (me) has blocked notifications for this website? The callback to "status" always returns false. Is there a way to verify that I set up my Apple certificate correctly? Thanks!
The problem with Safari is definitely related to the download of the push package and its signature.
When pushpad('subscribe') is invoked Safari tries to download a "push package" from Pushpad servers and verifies its integrity and signature. If an error occurs (e.g. the signature verification fails) then the user is not even asked for permission and permission is not granted (its value remains default).
So you see that strange message that says that the user has not granted permission. Actually in your case it's not the user who is blocking the notifications: it's Safari who refuses to subscribe to push notifications because the push package is invalid.
Please try to generate again and fix the APNS private key and APNS certificate in your sender's settings on Pushpad. This should solve the issue.
Make sure to follow exactly the steps described here for APNS:
https://pushpad.xyz/docs/pushpad_pro_requirements
If you are testing your website locally make sure to follow the instructions as described in the "Working Locally" section:
pass the hostname option to init
make sure that the address is exactly http://localhost (if you use for example http://127.0.0.1 Safari won't work locally)
Related
I don't think this issue is specific to PyDrive, but rather Google OAuth. However, some of the solutions I've seen on stackoverflow don't seem to be transferable over to my PyDrive application, which is just a python script to upload files programmatically to a shared drive. It worked fine 2 months ago but I tried to rerun it today and it's not working. Here is the error I'm getting:
Authorisation Error
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
I am using a web application OAuth 2.0 Client ID creds on GCP. All secrets are stored in a local client_secrets.json file.
I run my script, it sends a message to the console that says
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=blahblahblah.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&access_type=offline&response_type=code
Enter verification code:
How it used to work: After I click the link above, it returns a code I paste into the console and then its authenticated. FYI: I plan on running this 24/7 on a remote server.
Now: I click the link above and get the error I posted above. I've tried to change the redirect uri to 127.0.0.1 and it does allow me to auth, then I get a code in my URL, but once I copy that and paste it into the console, I get more errors.
Anyone know the solution for this?
A user of my app reported an issue today about authorizing the user with Google (using OAuth 2.0). So far the application was opening a new BrowserWindow (node integration disabled, session is separated from the main application). You can see the implementation here since the library is OSS. I am using this to authorize the user to access application data on Google Drive.
Today after logging in I see the following message:
This browser or app may not be secure.
Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in.
The learn more link has a section for developers. This section has 2 links. One is how to upgrade the application to PWA. Because the application is an API testing tool it won't be possible to run it in a web browser.
The second link points to a document describing how to migrate to authorization for native application. However described flow requires authorization_code grant. This means I need to include OAuth secret into my application. Electron application, however, is still web application and there's no notion of compiling sources. I would expose client secret to the public which is not secured. Potentially I could build a server application to support it but the app is OSS project. It does not have funding to run a server for authorization.
My question is now how should I implement OAuth 2 for Electron application then. I can't use PWA's and server authorization flow (code grant) is far from ideal in this case.
As Paweł explained, changing the user agent will do the trick. However, you can easily set the user agent by passing an object when loading the URL
win = new BrowserWindow({width: 800, height: 600});
win.loadURL(authUrl, {userAgent: 'Chrome'})
I have tested it and it worked like a charm
Warning: This answer relies on changing the browser's user-agent. As of Jan. 2021, Google disapproves of this and warns not to do this (see EDIT4). Use at your own risk!
The other answers didn't work for me (in Electron 9.0.5), but I eventually found this, which worked:
app.on("ready", ()=> {
session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
details.requestHeaders["User-Agent"] = "Chrome";
callback({ cancel: false, requestHeaders: details.requestHeaders });
});
CreateMainWindow(); // your regular code to create root browser window
});
EDIT: Two other approaches, which I haven't tested, but which may also work:
app.on("ready", ()=>{
session.defaultSession.setUserAgent("Chrome");
...
}
app.userAgentFallback = "Chrome";
EDIT2: Trying again sometime later, approach #2 did not work, but #1 still did. Haven't tried #3 yet.
EDIT3: Trying again later still, it seems that none of these workarounds are needed anymore! Google appears to accept sign-in popups from Electron apps again, without modifications to the user-agent. (odd that they'd revert this; perhaps I just did something wrong in my re-attempt)
EDIT4: While approach #1 still works atm, I recently found this blog post: https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html Apparently Google is restricting usage of Google sign-in in non-standard browsers (which presumably includes Electron) starting in Jan. 2021, and warns developers not to modify their browser's user-agent (which all three of the possibilities I mention do). Use at your own risk! (they don't make clear what outcome will result, but for my own use, I'm opting to use the alternative shown below from now on)
As an alternative to using a Google sign-in popup in your app (which some might be wary of, since Electron apps could in principle insert code into the popup to read the raw password -- not that it matters that much, since Electron apps could just install keyloggers or the like anyway), you could instead open a tab in the user's regular external browser, pointed to a special page that triggers a sign-in popup there, and then just sends the credentials to your Electron app afterward.
Instructions can be seen here (approach 3): https://stackoverflow.com/a/64328193/2441655
After taking a wild guess I decided to alter the user agent string and to remove application name from it as well as Electron/ with version. After this alteration it started working again.
Example implementation:
const win = new BrowserWindow(params);
let ua = win.webContents.userAgent;
ua = ua.replace(/APPLICATION NAME HERE\/[0-9\.-]*/,'');
ua = ua.replace(/Electron\/*/,'');
win.webContents.userAgent = ua;
This assumes the application is using symver and no pre-release tags. Otherwise you would have to tweak the regexp a bit.
I am using http://dummy.restapiexample.com/ API .While using POSTMAN and creating a new employee using POST ,it seems to work .But when I use axios in React Native and do the same thing the POST is returning success response but when I try GET method to get all the new employees I'm not seeing the newly created employee which worked on POSTMAN
This is my POST method
create(){
axios.post('http://dummy.restapiexample.com/api/v1/create',{
"name":this.state.name,
"salary":this.state.sal,
"age":this.state.age
}).then((res)=>console.log(res.data)).then(()=>this.setState({createModal:false})).catch(err=>console.log(err))
}
and this is my GET method
async getData(){
await axios.get('http://dummy.restapiexample.com/api/v1/employees').then((res)=>this.setState({employees:res.data.data},()=>console.log(res.data.data))).catch((err)=>console.log(err))
}
From your example code it seems that you are making a call over http. Note that such calls are blocked by iOS and Android unless you explicitely specify a domain that is allowed to be reached over http.
More information about networking can be found here:
https://reactnative.dev/docs/network
By default, iOS will block any request that's not encrypted using SSL.
If you need to fetch from a cleartext URL (one that begins with http)
you will first need to add an App Transport Security exception. If you
know ahead of time what domains you will need access to, it is more
secure to add exceptions only for those domains; if the domains are
not known until runtime you can disable ATS completely. Note however
that from January 2017, Apple's App Store review will require
reasonable justification for disabling ATS. See Apple's documentation
for more information.
Either allow the domain for non-secure request or use https.
The problem had something to do with running on Android device. Once run on the emulator it seemed to work fine
I have been trying Safari push notification. I followed the Apple doc.
Downloaded Apple intermediate Certificate AppleWWDRCA.cer. Exported my website provisioning profile as p12. To create the push Package used ruby package push_package
It created a package zip and it contains all the details that we needed - icon.iconset, manifest.json, signature and website.json.
When I request permission it successfully retrieves all data and gives me token.
But the real problem is when I try to send notification from a PHP script or APN tester its not receiving in the safari. The v1/logs getting called instead with some circular Json object.
Have no idea what to do next. can anyone please help ??
And one more thing I found is, in the logs SafariNotificationAgent (unknown version)
The error was in payload that I used.
It should be like:
{
"aps":{
"alert":{
"title":"Hi there",
"body":"How are you",
"action":"viewed"
},
"url-args":[""]
}
}
So for a while I've been relying on the PLAIN support for logging into Google's IMAP server in my email client. Recently they started blocking that and return an error (despite listing it as a supported authentication method).
For instance take this example:
Connected to 'imap.gmail.com:993' using SSL
A0001 CAPABILITY
* OK Gimap ready for requests from ##.##.##.## cd6mb38777249ieb
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=XOAUTH
A0001 OK Thats all she wrote! cd6mb38777249ieb
A0002 AUTHENTICATE PLAIN
+
####################################
* NO [WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbszktZSU6iVmh...snip....] Web login required.
A0002 NO [ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure)
SSL connection closed.
ScribeImap_Thread.cpp:647 - Connect to imap.gmail.com:993 failed.
I've tried opening the "https://accounts.google.com/ContinueSignIn..." URL in my browser:
And I get redirected to https://myaccount.google.com/ but the next login attempt fails as well. So it doesn't seem to change the authentication at all.
Is the PLAIN authentication just blocked completely or am I doing it wrong?
Alternatively is there a authentication method that works and DOESN'T need a browser component to log in? (XOAUTH2 seems to need a web login as well)
It's pretty official:
http://googledevelopers.blogspot.com.au/2015/04/a-final-farewell-to-clientlogin-oauth.html
They have shut off PLAIN login completely and it's not coming back.
So there are two options:
Turn on "less secure apps".
Implement OAUTH2.
I've decided to implement OAUTH2 support (which isn't too far off working actually). Initially I thought I would need an embedded browser component in my app, but it turns out that I can launch the system browser and the user can copy the token across in a some what manual process.
Interestingly for those working on OAUTH2 support in their software, Google have setup a playground to see the whole process in practice:
https://developers.google.com/oauthplayground/
I see that this is an old post, but after fighting with Outlook for over a year to get my mail, I FINALLY got it working again.
The first thing I had to do was log into my my Gmail account and turn off the button labeled "Less secure apps" as Outlook is in that category.
Go to the "Less secure apps" section in My Account.
Next to "Access for less secure apps," selectTurn on. (Note to Google Apps users: This setting is hidden if your administrator has locked less secure app account access.)
And if you have 2-step verification on (as I did), it will still make Outlook fail. So the next thing you have to do is create an app password which will generate a password for you, and you use that in Outlook for it to sync correctly.
Visit your App password page. You may be asked to sign in to your Google Account.
At the bottom, click Select app and choose the app you’re using.
Click Select device and choose the device you’re using.
Since Outlook will not be listed, select Other and type in Outlook for future reference.
Select Generate.
Follow the instructions to enter the App password (the 16 character code in the yellow bar) on your device.
Select Done.
Copy the password that was generated.
Open Outlook and paste the password in the Password section. DO NOT use your regular password.
Your mail will sync without anymore issues. (Hopefully)
Once you are finished, you won’t see that App password code again. However, you will see a list of apps and devices you’ve created App passwords for.
I hope this helps everyone who is having an issue. And I hope these directions are easy to follow! Good luck everyone! :-)