I want to execute some code when metro app is uninstalled .
Basically I want to remove the credentials saved with password vault before the app is uninstalled . I just want to eecute 2-3 lines of code before the app is uninstalled .
Any suggestions ?
PasswordVault will remove credentials when app is uninstalled. No need to do that manually.
Maybe you have to remove it by yourself. Check out the below given MSDN threads.
How to remove credentials in password vault when user uninstall the app?
Password Vault security
Related
I received email from Shopify like :
This is Shopify’s Partner Governance team. We are reaching out as our security team discovered that secret API credentials for the Public/Draft app S**y have been exposed in the following public repository:
We require that you eliminate this vulnerability by a) closing the above exposure, and b) address the vulnerable app by re-creating a new version of the app with new credentials and deleting the exposed app
So, Do I have to delete the Shopify app or is it fine if I only delete that repo?
As I don't want to remove old app because getting an access of some points in Shopify app but it will take too much time.
You should follow what they are saying. You don't need to delete the app.
Yuo remove the credentials from the repository (keep in mind that is not sufficient to just remove the file and push because it will still be in the git history - check here How to remove file from Git history?)
You go into the app settings on shopify.dev and recreate your API secrets.
Is there any way I can authenticate on GitHub from my Windows 10 VM so that I can push the changes?
Right now the Edge is just sits there with the disabled button "Authenticate".
I know in Linux I can set the user id in some configuration file, but it looks like its not happening on Windows.
Is there any other way?
You should see a Sign In button when visiting https://github.com/login: that would allow you to authenticate on the remote side.
From your VM, using the latest Git for Windows, you will also authenticate when pushing for the first time to a GitHub repository: the credential helper will use the Windows credential manager to cache your GitHub credentials.
I'm setting up two BC applications and here's a scenario when I need to remove one of them from users store. Is there a way for app owner to initiate uninstall process?
In docs I saw only user-initiated uninstall
There isn't really a method for an app to be "force uninstalled" from the app creator's end apart from invalidating the token by essentially deleting the app. We can definitely take that as a feature request, though. If you're able to share any additional details about your scenario for needing to uninstall an app from your end, that would be helpful context for our team.
I am working for a public app all thing working fine. Issue came when I uninstall the app and re-install the Shopify app then api call seems not working.
When I go through what the issue with Api then it gives error token unauthorized; this is same token that I got when I install the app first time but after re-install the app that token seems not working.
How can I get token when I am re-installing the app and what would be condition n? I am using CakePHP library for Shopify app.
I thought might be issue with session and cookie so I register the app/uninstall web hook and removed session cookie but some time web hook not called immediately.
About Token
I feel like you need to update your token when user install your application every time.
while re-installing it may possible that shopify return same token as early install.
I personally store token to database not to session.
so try that out also.
About webhook
And You can trust uninstall webhook in shopify i used in 45+ applications and it is work super fine for me.
About Error
Post your following code
1. app installation code where you are retrieving token and saving it to database/session.
2. uninstall webhook where you are removing token from database/session.
We have a Add hoc distribution for enterprice apps by a secure website. Since version 5 we have a problem with authentication in combination with IIS7. The user logs in with a windows username and password and clicks download. Then a "itms-services://?action=download-manifest&url=domain" action is been started.
Before IOS 5:
The user goes to url, types the username and password. The user press download and again the user need to type the username and password. The application is been installed.
After installing IOS 5:
The user goes to url, types the username and password. The user press download and get a domain "...." not found. There is no popup again, with the credentials, like before version of IOS 5..
This solution was working for a half year, but since IOS5 it doesnt work anymore...
IIS Log
When going to the website and clicking on the action=download that contains the Plist file the IIS shows 401 errors (not authenticated). But when I access the .plist or ipa file directly by url in safari I do get a POPUP to authenticate.
It look like there is a bug in IOS 5 "itms-services://?action=download-manifest&url=domain" actions does not support to authenticate....
Check your plist file if it points to an existing ipa file. If you're using .htaccess to authenticate with a ldap directory you'll need to authenticate once for the plist access and once for the ipa access.
This sounds like a variation of the double-hop problem in which the originally supplied credentials are not being appropriately passed to the second step in your download routine (or web service call, etc.). http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx
The fact that you previously had to enter the user name and password twice would seem to support this suggestion. The error that you're receiving that domain '...' does not exist could indicate that the credential being passed to step two is a local machine account that IIS is running under.
If you can get some logging on this process I would want to determine what the authentication/credentials are that get passed at each step. It's possible that something in IOS 5 changed the way that impersonation is handled but I think that's likely just a symptom of how either IIS is set up or the final request is being passed.