Azure App Service Oauth failure after Mobile Service migration - google-oauth

Up to this point, I had a functioning Azure Mobile Service with service-directed OAuth working nicely for Google. I tried to rehost the mobile service as an app service since mobile services are deprecated. I also have an HTML/JS web app that accesses my service through the MobileServiceClient JS client. This is where the fun starts.
After changing the redirect address to the appropriate app service address in the Google API manager, I get a message saying I'm successfully logged in in a new popup window: .
Clicking on "Return to Website" takes me to the address of my app service, not the app that initiated the OAuth request, and if I close this window, the MobileServiceClient throws a "cancelled" exception and I don't get my credentials.
What am I missing or what changed that I need to account for?
Thanks!

It turns out that this particular behavior happens when using an older version of the MobileServiceClient JS library. Replacing the 1.2.7 version with the 2.0.0beta version fixed this. To get the whole OAuth flow working, I also needed to add the appropriate addresses to the allowedExternalRedirectUrls node of the config/authsettings node through the Azure Resource Explorer. If there is a nicer way to do it than through the resource explorer, I don't know what it is.

Related

Google ClientID works for Google Sign-in platform library but not new GIS library

I'm trying to migrate my application from the older Google Sign-In platform library to the newer Google Identity Services library.
I have a client ID that works for the old method, but when I load the "Google Sign-in" button using GIS, I get 403 errors and an error log that GSI_Logger says my origin is not allowed for the client ID. I'm on localhost, but when I use the old method, there are no issues with localhost.
The only thing I can think of being different is that I load my Google client ID as a constant and rendered the button in the mounted() section of my Vue app's Login.vue, while previously I loaded it in main.js.
"Google One Tap can only be displayed in HTTPS domains".
So, it doesn't work because localhost is HTTP. I deployed to my testing environment which is HTTPS and got no such 403 errors.
Source: https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid

Planting an Iframe as Aura component to show an external system that receives information from Salesforce API using oAuth web server flow

I have built a web app for our sales team.
The web app is currently using oAuth web server flow in order to authenticate with Salesforce.
Everything is working fine when running it on a separate tab.
We recently wanted to add some functionality from within Salesforce specific objects and display information from our web app.
So I've built an aura component displaying an Iframe with the URL from our web app.
Unfortunately, it crashes with a console error
Refused to frame 'https://***.my.salesforce.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
So I went to Salesforce's login page and indeed, there is a policy header that prevents it from being loaded from within an Iframe.
What is the correct way to authenticate the user with Salesforce in this situation?
Thank you very much
If you are calling a web app inside of an Iframe(Aura component) it would require the Salesforce domain calling it to be whitelisted in the web app.

MobileFirst Adapters - Why am I getting a "401 Unauthorized" error when making request on Swagger Docs page in the MobileFirst Operations Console

I am using MobileFirst CLI 8.0.0-2016070716, Java 1.8.0_91 (on Mac OS X 10.11.6 if it matters). I have been working through this tutorial on creating Java adapters using MobileFirst CLI.
After following the steps on creating, building, and deploying the adapter, I open the operations console and select the adapter I just deployed --> Resources --> "View Swagger Docs". When I press "Try it out" on any of the operations, I receive a "401 - Unauthorized" response code.
Any idea what problem might be?
"To add a Test Token to the request, so that the security framework skips any security challenges protecting your resource, click the on/off switch button on the right corner of an endpoint's operation.
You will be asked to select which scopes you want to grant to the Swagger UI (for testing purposes, you can select all). If you are using the Swagger UI for the first time, you might be required to log in with a Confidential Client ID and Secret. For this, you will need to create a new confidential client with * as its Allowed Scope."
Documentation regarding this is located here in our getting started tutorials.
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/adapters/testing-and-debugging-adapters/#using-swagger

PayPal - switching from Sandbox to Live account using REST API

We tested our web application successfully using a sandbox REST API account (and test credentials).
When we wanted to put the application into production (using REST API live credentials visible on the same PayPal web site where the sandbox/text credentials were shown), we received an error from the production PayPal server on a live credit-card transaciton:
Error code : 401 with response : Server returned HTTP response code: 401 for URL: https://api.paypal.com/v1/payments/payment
We have a Business Account that is not yet 100% verified (75% verified at the moment), so we are not sure if this is caused by some technical issue or the fact that the account is not yet 100% verified.
PayPal web site is quite confusing and the process of moving the app from test to production is not clearly explained. It seems that they are migrating from some old web sites to new ones and the user is prompted to login multiple times, redirected to different URL-s... E.g. we can see our application test and live credentials on the developer.paypal.com, but not on apps.paypal.com where no apps are listed, even though the same user is logged in (owner of the business account)???
For future readers, you have to use Live Credentials, on https://developer.paypal.com go to My apps and in App details there is a link at a bottom of the page :
Click on that link and you will see live credentials.
You now click on your sandbox application and then click live at the top of the screen to get your live credentials.
For the PayPal REST api use the credentials provided on developer.paypal.com (new version of PayPal dev experience). Live calls require the account to be vetted which includes fully verified.

DotNetOpenAuth redirection URL results to page not found

I have deployed a service using DotNetOpenAuth library.
The service authenticates against 4 providers (Google, Yahoo, Windows and Facebook)
I am having a problem with Windows and Facebook (Oauth protocol)
My services works fine when accessed through any browser. It redirects to the correct provider after selection, authenticates and replies back with the email address.
But the service does not work when accessed through a Mobile device. Using mobile, when I select Windows/Facebook, it redirects me to the login page. After providing my credentials, the service returns but the redirection of the url leads to page not found.
The url that is redirected seems like: http://mydomain.com/facebook.aspx?code=a_very_long_string
I get a message that page not found on the browser of the Android phone. The same code works fine when accessed through the browser of a desktop/laptop (Windows 7).
Please let me know if I am missing anything to make the service work for the mobile phone
I am able to resolve this issue. It turns out I cannot use server.Urlencode() .Net function before doing a custom redirection.
If I use it, the app breaks in the mobile platform. Removing it, fixed the issue and the url is successfully redirected.
I was doing a custom redirection after the authentication is successful and encoding the url. But seems that it breaks the application.
Not sure if it is a limitation in DotNetOpenAuth library or it is a limitation of the mobile browser.