dose yodlee verify site credentials entered by user in call ItemManegement::addItemForContentService1 if startRefreshItemOnAddition = false?
we called ItemManegement::addItemForContentService1 with startRefreshItemOnAddition = false and provided wrong credentials for site. it returned itemid and does not seem to verify credentials entered.
are credentials verified only on refresh?
Yes.Yodlee validates the user credentials only through Refresh.
Related
We are trying FusionAuth & looking to have a single step flow for Sign up + Sign In.
After user signs up, we want to show/land him directly to our application's dashboard page (without showing him login page in between the flow). The authentication should happen but internally i.e we are expecting OAuth2 standard IdToken in response to "WebApplication" so that web application can use IdToken to allow user to application.
Please note that we don't want to use approaches where we need to pass Username/password to our web application, don't want to handle user credentials. Also that we dont want to use Authentication Tokens returned in Registration flow because AuthenticationTokens are not that secure, looking to use OAuth2 based IdToken instead.
I have came across this post "https://fusionauth.io/community/forum/topic/165/taking-a-user-directly-to-the-registration-page/3" and tried following request, but it is showing Login page instead of registration.
/oauth2/register?client_id=<Configured_client_id>&redirect_uri=<Configured_redirect_uri>&response_type=code
(I have not used CSRF parameter though)
Please can you suggest why its showing Login Page?
You should be able to have a user register and be sent directly to your application, as long as you set the correct redirect_uri and put that on the registration URL:
https://local.fusionauth.io/oauth2/register?client_id=c50329fa-93e5-4618-8d9f-73d0ab069a23&response_type=code&redirect_uri=https%3A%2F%2Fapp.example.com%2F
The application will then receive a code that can be exchanged for an access token. You can call the userinfo endpoint with that token and get user information like email address, etc.
What you won't get that it seems like you might want is an id token. For that you'll have to send the user through the login process with a scope of profile. However, you could mind your own 'id token'-lite using the values from the userinfo endpoint and the JWT vending: https://fusionauth.io/docs/v1/tech/apis/jwt/#vend-a-jwt
I use cognito as rest api, but when I create user in cognito, so I create an API for FE to send to BE, then BE will use Cognito and send to it
When I use signup function, it run ok but it send a code to email
When I use adminCreateUser, it return "MissingAuthenticationTokenException", msg "Missing Authentication Token", although I set "credentials" true and false, please help me
My expectation is sending an email code when user login and not send when admin create user, and send mail code could be turned on/off by code
I have set up a Cognito authorizer with an App client that is connected to Google Identity Provider.
"Callback URL" is http://localhost and "Sign out URL" is http://localhost/logout. I have enabled the "Authorization code grant" and the "Implicit grant" flows and the I want to implement the following flow :
User sends a GET request to the LOGIN endpoint (/login) which is the following:
https://mycognAuthorizer.auth.eu-west-1.amazoncognito.com/login?client_id=MYCLIENTID&redirect_uri=http://localhost&response_type=code
User sends a POST request to the TOKEN endpoint (/oauth2/token) with the following parameters
POST https://hocublen.auth.eu-west-1.amazoncognito.com/oauth2/token
Content-Type='application/x-www-form-urlencoded'
grant_type:authorization_code&
client_id:<MYCLIENTID>&
redirect_uri:http://localhost&
code:<CODE_FROM_LOGIN>
Where <CODE_FROM_LOGIN> is the code returned by /login endpoint on the first step.
My problem is that the first endpoint (/login) works fine and I get the code, but the second endpoint always returns a Bad Request response with an "invalid client" message.
Is there something that can be missing from the configuration?
Also, if I choose to ask for a token from the login endpoint instead of a code, is this token equivalent with that of the TOKEN endpoint?
It seems that when one creates an AppClient the "Generate client secret" is enabled by default, but in subsequent views of the AppClient, one has to press show details to see that the password is set and what the password is.
For the scope of my needs, I just removed the password.
Invalid client is occured when you're generating client_secret for your app clients. You should add your client_secret in your request.
I have an unconfirmed aws cognito user which did not verify his email during registration process. When he tries to login with following code:
Auth.signIn({
username:email,
password:password,
})
the API returns
'UserNotConfirmedException'
Now at this point the user is unauthenticated, there is no current session or current user. How will this user be able to verify himself and get himself logged in?
'verifyCurrentUserAttribute' and 'resendSignUp' APIs do not work for unauthenticated user.
Please help.
Late response but just saw this: The Auth.resendSignUp(<username>) does not need an authenticated user and is suited for this purpose. It accepts a username parameter as a string and when called will send a new code to the method configured in Cognito.
The right API endpoint for confirming a signup is confirmsignup
see : https://aws-amplify.github.io/amplify-js/api/classes/authclass.html#confirmsignup
This entpoint requires an email address and the code. The user can thereby confirm his signup later with the code he has received.
As per Google doc:
Handling authorization requests
When a user loads your application for the first time, they are presented with a dialog to grant permission for your application to access their Gmail account with the requested permission scopes. After this initial authorization, the user is only presented with the permission dialog if your app's client ID changes or the requested scopes have changed.
Authenticate the user
This initial sign-in returns an authorization result object that contains an authorization code if successful.
But could not get how handling authorization flow can occur? Is there an endpoint for it?
I got an answer,
request on:
https://accounts.google.com/o/oauth2/auth?client_id=*****.apps.googleusercontent.com&redirect_uri=https://www.msn.com&scope=https://mail.google.com/&response_type=code&access_type=offline&prompt=consent
Here, make sure you have specified scope in consent screen.
It will redirect user to give access of gmail scopes after that you will be redirected to msn url. url itself contains code which will be further used to get access token. code you get will be used one time only.