Im trying to get the active users who were logged in past one week. but there only one API which gives currently active sessions(users). is there any way to get all the active user Id or user count who were logged-in in one week ?
I tried API /sessions api which gave me only currently active users
If you are using IS-6.0.0, this option can be used.
Enable the following event handler in deployment.toml file to update the last logon time of the users when they log into applications.
[identity_mgt.events.schemes.identityUserMetadataMgtHandler.properties]
enable=true
It will update the login timestamp in http://wso2.org/claims/identity/lastLogonTime claim.
Use SCIM API to filter out users who has last logon time between given two time stamps.
Sample CURL:
curl --location --request GET 'https://localhost:9443/scim2/Users?filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+ge+1674065031350+and+urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+le+1674065770177&count=10&startIndex=1' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='
NOTE: This filtering will work only when pagination parameters are given.
filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+ge+1674065031350+and+urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+le+1674065770177 -> means that filter the users who has last logon time greater than 1674065031350 and less than 1674065770177
Related
I'm currently trying to access, through my marketing app, all the insights of my ads/campaings/ads account (clicks,impressions,etc). The tokens I generate has permissions for ads_management,ads_read,read_insights and manage_pages.
Nevertheless, I always get this answer:
{"data":[],"paging":{"cursors":{"before":"MAZDZD","after":"LTEZD"}}}
(I get that response after I post something like
curl -G \
-d "fields=impressions" \
-d "access_token=my_access_token" \
"https://graph.facebook.com/v2.8/act_MyAccountNumber/insights"
And then make a get using the report id, when the report id is completed)
I added my account as admin of the app and also added it in the Authorized Ad Account IDs list.
My app has development level access.
What am I doing wrong?
Are you sure you had impressions recently?
Because I observe similar thing when try to access it with default date_preset that is 30 days:
> get "act_*****/insights", "impressions"
=> []
> get "act_*****/insights?date_preset=lifetime", "impressions"
=> ["11"]
I'm attempting to use Postman, the chrome extension api client Postman to access Dynamodb via http. This is actually an approach I read about in the Book Dynamodb Applied Design Patterns. It appears that I am doing something wrong because I am unable to sucessfully authenticate and gain access to the web service.
The url and headers I'm using in the Postman client with my most recent request parameters and error messages follow:
url: dynamodb.us-east-1.amazonaws.com
x-amz-date: 20150701T162011Z
x-amz-targe: DynamoDB_20120810.ListTables
authorizaton: AWS4-HMAC-SHA256 Credential=AMyAccessCode/20150701/us-east-1/dynamodb/aws4_request, SignedHeaders=host;x-amz-date;x-amz-target, Signature=8ngTnF8WH//njvBdY5bY5dSp5CAKi8qTXNFuv5Ws+30=
content-type: application/x-amz-json-1.0
The Body of my request is:
{
"ExclusiveStartTableName": "Owner",
"Limit": 3
}
I'm getting the following error message:
{"__type":"com.amazon.coral.service#InvalidSignatureException","message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/\n\nhost:dynamodb.us-east-1.amazonaws.com\nx-amz-date:20150701T162011Z\nx-amz-target:DynamoDB_20120810.ListTables\n\nhost;x-amz-date;x-amz-target\nb9e264461dcb0e94e69652f8b2d17c737a29506863d6f09c0f9fc98e9d560e5c'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20150701T162011Z\n20150701/us-east-1/dynamodb/aws4_request\n7a6da3d9e8ed6317e0cb9217e9ea1174d01e86871a159f339f5f6969283264d5'\n"}
Question/Oddity 1. When I issue a request I usually get response back indicating that my request has expired. The error message will include "valid" times that are four hours ahead of the actual time tha I used. When I use the time provided by the error message in the request, I no longer receive the exprired request error message.
Question 2. This message seems to indicate I have to calculate the hash of the canonical request. The documentation on amazon is a bit unclear on this. Do I need to calcuate the has of the canonical request and if so do I include that as a header" If so, what is the header name?
I have been able to calculate the signature and replicate the signature in the Amazon documentation.
Thanks for your input.
I was able to invoke using Postman 3.
CURL Exmaple:
curl -X POST \
https://dynamodb.eu-west-1.amazonaws.com/ \
-H 'authorization: AWS4-HMAC-SHA256 Credential=ABCDDEFSDFDDFDAG/20170725/eu-west-1/dynamodb/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=7402a0163c267385b7270f5c6ce49748518cac4f4d7e03addbd9ddedf9c9970' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H 'host: dynamodb.eu-west-1.amazonaws.com' \
-H 'postman-token: 0152b36c-2947-2a6f-91b9-87884b38fb50' \
-H 'x-amz-date: 20170725T181135Z' \
-H 'x-amz-target: DynamoDB_20120810.GetItem' \
-d '{
"TableName": "TableName",
"Key": {
"id": {"S": "KeyId"}
}
}'
Insert Body
Enter Credentials and Click on Update Request.You might need to click on Update Request more often to update x-amz-date
Update Content-Type Header to application/json
You're on the right path. As you imply, you're running into issues with the API authentication scheme that Amazon uses. See http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html.
The way this works is that Amazon wants you to take a few pieces of information including the service you're calling and current timestamp and compute a hash that uses this data along with your AWS Secret Access Key (actually, they derive a key from your Secret Access Key, but don't worry about that for now).
One of the key design principles going on here is that Amazon wants to prevent Replay Attacks, where someone just sends a request you already sent, even if they can't read it. Amazon expects you to report the current timestamp in the request header, you'll include that exact same timestamp in the hash, and when Amazon receives your request, they will try to re-compute your hash using all the info they've got.
If the hash matches AND the reported timestamp is within 15 minutes of the current time, you're accepted. I suspect the 15-minutes issue is one of your problems.
As far as how to simulate these calls. I think you'll find it's probably easier to just write a very basic RESTful API of your own that does these calls using an SDK published by Amazon. Then you don't have to deal with any of the crazy signature computation and you can call your APIs however you want.
Copy-paste from https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.html
Launch Postman.
Enter the endpoint URL of a request in the address bar and choose the appropriate HTTP method from the drop-down list to the left of the address bar.
3.If required, choose the Authorization tab. Choose AWS Signature for the authorization Type. Enter your AWS IAM user's access key ID in the AccessKey input field. Enter your IAM user secret key in SecretKey. Specify an appropriate AWS region that matches the region specified in the invocation URL. Enter execute-api in Service Name.
4.Choose the Headers tab. Optionally, delete any existing headers. This can clear any stale settings that may cause errors. Add any required custom headers. For example, if API keys are enabled, you can set the x-api-key:{api_key} name/value pair here.
5.Choose Send to submit the request and receive a response.
Is there any SCIM endpoints to add users with the groups? I already gone through the article, But i couldn't able to add user with group. Also i need to edit that user and update the group, Is there any SCIM endpoints for these two tasks ?
I tried with the following cURL command
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","password":"hasinitg","groups":[{"value":"a0612e1e-d8c7-47dd-b9ee-4218291945c8","display":"groupname"}]}" --header "Content-Type:application/json" https://example.com:9443/wso2/scim/Users
At the current implementation it is not supported to add an user to an existing group, and this requirement is captured for the Identity Server road map.
Currently you can update the group with the newly added user, but the operation is PUT operation. Therefore it will replace the existing group with new data. Therefore you need to provide all the users at each PUT request with the new user.
Patch operation is suitable for your requirement there you don't need to send entire user list in order to assign single user to a group. Patch operation will be supported with upcoming WSO2 IS releases very soon so keep in touch.
I'm just starting out with Facebook SSO and OpenGraph. I have SSO working with my iOS app and now I'm starting to see how to publish OpenGraph actions.
I've set up a new Action Type and I need to submit it. When I do, I get the error:
You must publish at least one action to your Timeline using this action type. Review the documentation.
Ok, so I click the helpful documentation link and it tells me I want to do this:
https://graph.facebook.com/me/recipebox:cook?recipe=http://www.example.com/pumpkinpie.html&access_token=YOUR_ACCESS_TOKEN
So I translate that into this:
https://graph.facebook.com/me/fotoferret:hug?ferret=http://www.example.com/pumpkinpie.html&access_token=MY_ACCESS_TOKEN
fotoferret is my namespace, hug is my action
where MY_ACCESS_TOKEN is the value returned by:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=MY_APP_ID&client_secret=MY_APP_SECRET
When I pasted my translated URL I get this error back:
{
"error": {
"message": "An active access token must be used to query information about the current user.",
"type": "OAuthException",
"code": 2500
}
}
an this point I'm confused. I've tried publishing an action to my timeline, but it tells me a I need an active access token, which I've provided. So how can I publish an action?
When using an app access token please use the ID of the user not /me. You are doing actions on behalf of the app not directly of the user.
User Access Token
https://graph.facebook.com/me/fotoferret:hug?ferret=http://www.example.com/pumpkinpie.html&access_token=MY_ACCESS_TOKEN
App Access Token
https://graph.facebook.com/ID/fotoferret:hug?ferret=http://www.example.com/pumpkinpie.html&access_token=MY_ACCESS_TOKEN
When using the Graph Explorer be sure to switch the option to POST and not get GET. GET is set by default so it will return the actions not create one.
Or using cURL
curl -F 'access_token=MY_ACCESS_TOKEN' \
-F 'ferret=http://www.example.com/pumpkinpie.html' \
https://graph.facebook.com/ID/fotoferret:hug
If you have "Requires App Token to Publish" enabled and get
{"error":{"message":"(#15) This method must be called with an app access_token.","type":"OAuthException","code":15}}
It means you are using
curl -F 'access_token=MY_ACCESS_USER_TOKEN' \
-F 'ferret=http://www.example.com/pumpkinpie.html' \
https://graph.facebook.com/me/fotoferret:hug
Use MY_APP_TOKEN. If you get,
{"error":{"message":"An active access token must be used to query information about the current user.","type":"OAuthException","code":2500}}
it means you are using
curl -F 'access_token=MY_APP_TOKEN' \
-F 'ferret=http://www.example.com/pumpkinpie.html' \
https://graph.facebook.com/me/fotoferret:hug
You should use the numeric id
curl -F 'access_token=MY_APP_TOKEN' \
-F 'ferret=http://www.example.com/pumpkinpie.html' \
https://graph.facebook.com/ID/fotoferret:hug
If you get
{"error":{"message":"(#200) Requires extended permission: publish_actions","type":"OAuthException","code":200}}
The user doesn't have publish_actions actions in their set for me/permissions, it should be there as "publish_actions": 1 if it is not, grant the permission by selecting "Get Access Token" and choosing (you must change to suit in your app code scope as well)
It might be easier if you use the graph API explorer to generate an access token for you app and use that. That would at least eliminate any chance of error from your fetching the access token.
I have an app and I want to post to the users feed.
All the users have allowed publish_stream permission but I have no idea how to post to their feeds which I should be able to do even if the user is offline.
I want to use curl and the graph like this:
curl -F 'access_token=...' \
-F 'message=Hello, Arjun. I like this new API.' \
https://graph.facebook.com/arjun/feed
Do I simply use the access code I got when the users initially allowed me access, or do I have to get a new access code each time I want to post to their feed, if so, how do I do that?
Any help, much appreciated.
After the user authorized your application you get an access-token from facebook. You can use this token to post to the users-wall until he changes his password or removes your application from his application list.
I think you need to include your api-key in the request. Otherwise please provide the error message your getting!