AAD B2C REST API call - display error on following step - aad-b2c

I've been looking for a way to not interrupt the user journey in a AAD B2C custom policy after receiving a HTTP 409 response from a REST API call which is invoked by a validation techcnical profile with ContinueOnError=true. I tried doing what is suggested here Error handling in Azure B2C Custom Policy REST Call (adding a dummy VTP which succeeds after the one that doesn't), but I keep getting a server error from AAD B2C and it doesn't seem like the second VTP get's called, despite ContinueOnError=true on the first one.
What I'm trying to achieve is: handle HTTP 409 responses from a REST API and customise the rest of the user journey on the basis of the error code received.
The way in which I'm trying to achieve it is: orchestration step x calls a technical profile which outputs a few claims that are obtained via a validation technical profile which calls a REST API. Orchestration step x+1 defines some custom behaviour on the basis of the error code received from the REST API. The API error response is formatted in the way in which it is expected by AAD B2C https://learn.microsoft.com/en-us/azure/active-directory-b2c/restful-technical-profile.
The only viable way I've found so far is to use an API proxy, which converts the HTTP 409 responses to HTTP 200. I would rather not do this if I can.
Any ideas would be appreciated.

Related

Suggestions to debug Google Play Integrity DecodeIntegrityToken API

Trying to figure out how to use Google's play-integrity api to verify nonces.
I've hit this roadblock and am unsure what other things I could try to debug and get more information out of this API. Below is a series of steps I've taken to get to the point I'm currently at.
What I've done:
Created a service account within the Google Cloud project with the grants:
Service Account User and Service Usage Consumer
Setup Google Auth Default Credentials
Set environment variable:GOOGLE_APPLICATION_CREDENTIALS by pulling down imported json from service account.
Where I'm at now:
Used google-api-client to build and call playintegrity, resulting in the response:
Code snippet:
response = service.v1().decodeIntegrityToken(
packageName='com.myapp.package',
body={
'integrityToken':'superLongString'
}
).execute()
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 400 when requesting
https://playintegrity.googleapis.com/v1/com.myapp.package:decodeIntegrityToken?alt=json
returned "Integrity token cannot be decoded due to invalid arguments.".
Details: "Integrity token cannot be decoded due to invalid arguments.">
What I'm trying to do:
I'm trying to better understand how to call decodeIntegrityToken with the right parameters or configurations to retrieve a 200. It is not immediately clear to me which of it is is and what the next steps to debug are.
Resources used:
https://developer.android.com/google/play/integrity/verdict#returned-payload-format
Decode integrity token using Google PlayIntegrity API
If you are receiving an INTEGRITY_INVALID_ARGUMENT check one of the following:
arguments in body_request are incorrect.
integrity_token, which is retrieved by google upon sending over a nonce. Note that this integrity_token needs to be correct or else it will still send the same error message above.

Getting 401 from Netsuite REST API

I'm following this tutorial here to attempt to authenticate using Token Based Authentication with Netsuite:
through postman using Netsuite's Postman environment, but I continue to receive "401 Invalid login attempt".
When I check the Login Audit Trail, I see that there is no role being assigned to my authentication attempts -- it's just blank. To me, this indicates that the token is not properly assigned to the User/Role, but I've walked through the directions several times and everything appears to be setup properly.
I've seen other similar posts about this, but those seem to boil down to the Netsuite Account ID formatting. However, my Netsuite Account ID is all numbers, so I don't think this is a factor.
This should work fine assuming you have created an integration and an access token. Configure Oauth 1.0 in postman with the following fields filled out correctly:
signature method (should be HMAC-256)
consumer key (from the integration you created in netsuite)
consumer secret (from the integration you created in netsuite)
access token (from the access token created in netsuite)
token secret (from the access token created in netsuite)
realm (your account id, if using a sandbox, make sure the realm looks like 1234567_SB1, with an _ and not a -)
You won't be able to complete TBA using postman because using netsuite TBA requires a callback URL that netsuite will redirect you to with the necessary credentials (access token and & token secret).
I'm having this exact same issue. I have custom code written in Salesforce APEX that is connecting to NetSuite just fine. We also have a Workato integration that is connecting to NetSuite just fine.
No matter what I do in Postman, I get a 401 Invalid Login response. I'm losing my mind...
I finally got this to work for me. Postman had a request header of "Connection"="keep-alive". Once I removed that it worked fine! Wow.. I've been trying to get this to work for weeks, looking at it every few days for an hour or two. What a frustrating error message "Invalid Login".

Using local API endpoint for message processor issue

I'm trying to create a retry mechanism which will be recall my API (using POST method) in case of error (for example HTTP 400)
For this reason, I've created an In Memory Message Store. If my REST call is failed, I send the message to the message store that I created.
Then I tried to create an endpoint which is the same API URL (Scheduled Message Forwarding Processor will be used that) in WSO2 Management Console UI:
, but I've got the following error when I click the Test button:
Interesting thing is I can access the API with Postman or through my application but, WSO2 itself cannot access the API which is available on it.
I realized that when I click the test button, WSO2 adds ?wsdl at the end of the endpoint that I try and only available GET APIs can be recalled by message processor with this method but my API using POST method, and I need to recall it.
I'm using WSO EI 6.4.0
Thanks for any idea!
Regards.
For connection to REST API, you should use HTTP Endpoint, not the Address Endpoint
.
But you may consider extracting the logic you want from your API into a sequence and using the Message Sampling Processor to push messages to that sequence rather than your own REST API. This could be a more efficient solution.

'Unauthorized' when using Cognito User Pool Authorizer

So I had an API (let's call it API number 1) and one user pool. The API was used for testing purposes. It called a lambda function to update an IOT shadow. Now I used cognito to create a user pool and added some users in it. Then, I created an authorizer for API number 1 with the same user pool and enabled authorization in POST method execution for it. I created a login form so that I could log into cognito user pool and would get an ID token from it. I used that id token in POSTMAN along with Authorization header and the post worked. When I did not provide the id token, I got message: unauthorized as a response. The IOT shadow was updated only when I provided the authorization header and id token which meant everything went smoothly.
Then for testing purpose I created another API (API number 2), I replicated API number 1 entirely, created an authorizer with the same pool, enabled Authorization, logged in, got the id token used it in POSTMAN with Authorization header (the same process) and it didn't work. I kept getting message: unauthorized.
Then I thought maybe the problem was with API number 2 and created API number 3. This time I also created an entirely new user pool. I used that user pool to create an authorizer. The rest, I replicated API number 1 entirely again. I enabled CORS, in POST method execution I added Authorization. I did everything. Still when I tried again with POSTMAN, it didn't work.
So, API number 1 still functions perfectly like it should. API 2 and API 3 do not work despite having the exact same configurations as API 1.
I really do not know where I am going wrong. I even tried creating separate lambda functions for each API. Even the lambda code is the same (except for the IOT certificates and the IOT shadow URL).
Please, Help!! At this point I think I have tried almost everything and still I don't know whats wrong. One seems to work with the same configuration that the other two have whereas the other two don't. Thanks alot in advance.

Getting binary response or method not allowed. When tried setting only http endpoint I never got response its just keeping processing for long time

I am using wso2 1.10.0 api manager for first time. I need to access the http backend with simple query parameter. I published the api and tried either by setting as queryparam or json object, it's not giving me the expected result. I will get binary response or method not allowed. When tried setting only http endpoint I never got response its just keeping processing for long time. Please suggest me how do I access simple http backend. Need to show demo in a week.
Please help to solve this.
You get 'method not allowed' when you try to access a resource which was not defined for that method (say backend has POST method supporting resource only and you try to do a GET request)
I guess the issue is with the way you have defined the resources for the api from the publisher application. (invalid HTTP methods for resources)
If you think you have defined them correctly, then the next step to identify the issue is wirelogs. wirelogs provide all the info in request passing through the api manager gateway (request headers, body etc)
Follow this article http://mytecheye.blogspot.com/2013/09/wso2-esb-all-about-wire-logs.html on how to enable and read them
You can then directly call the backend (say curl -v to the backend) and compare the request from the direct call vs the one going out from
gateway to the backend and check the difference. This would help you start finding the issue
Since you are new to API manager, I would recommend you to do following first
Try out a simple scenario similar to your one. You can google it. This is from official documentation. would recommend to try out a simple scenario first. say https://docs.wso2.com/display/AM1100/Convert+a+JSON+Message+to+SOAP+and+SOAP+to+JSON
Then use SOAP UI or similar app to directly call the backend web service (not the api manager) and get the SOAP request and SOAP response for the backend.
Then create the api in API manager. you need to do the same thing in the sample i provided. only difference is the soap payload. use the previously collected SOAP messages.
Enable wire logs. for that see the comments in the previous answer. In wirelogs you will see >> and << signs
To read the wire log, first we have to identify message direction.
DEBUG - wire >> - This represent the message coming into API manager from the wire (will notice two set of these. one coming in to the
gateway from the rest client and response coming in to the api manager from the backend. )
DEBUG - wire << - This represents the message going to the wire from API manager (again two sets. request going from api manager to the
backend service and the response sent to the rest client from the api manager.)
the soap message will be printed in this log. check for the request going from api manager to the backend and the response coming from the
backend to the api manager. you can compare that to the onces you collected in the step 2 and do modifications if needed to the sequnces.
the wirelogs will also print the http headers. so check that as well.
hope you could set up a working sample using these steps