I'm at the step where you link the Google account where the NEST devices are authorized in these instructions, I build up the URL with the project ID from the device access console and my newly created OAuth 2.0 Client ID then visit the resulting URL (https://nestservices.google.com/partnerconnections/etc....).
It shows my two NEST devices, I slide them on, click next and consistently get:
You can’t sign in because sent an invalid request. You
can try again later, or contact the developer about this issue.
along with Error 400: redirect_uri_mismatch
The instructions do mention:
you may get a warning screen that states Google hasn't verified this app. If so, to continue, click the Advanced option and then click Go to Project Name (unsafe).
But there is no "Advanced option" on this screen.
I've verified that the Smart Device Management API is enabled and that the Smart Device management scopes have been added to the project,
Any ideas?
Related
My OAuth consent screen verification shows me this messsage
Comply with domain verification requirements
Ensure your application's domains have completed the Search Console verification process
But in my Authorized domains there domains like **.chromiumapp.org or *.extensions.allizom.org/
which ownership I cant verify.
Assume that you already verified your domain and still getting this error, try to do this:
Go to your "Google Console" > "OAuth Consent Screen" and under "Publishing status" click "Back to testing"
Now you are back in the test mode, click "publish" again
You may see some new demands to publish it, which were unknown before. You could follow these demands now.
After that, you will see "The Trust and Safety team has received your form." message.
If you can't make changes to the DNS of the domain you want to verify, you can try verifying the ownership of your domain by Verify file or html tag method. Take a look at this link for more information.
Go to your Google webmaster and make sure you can see your domain there,
If not follow the steps on the same page to verify the domain owner.
I have a web-app built with the AWS Amplify framework. I rely on Cognito Hosted UI w/ identity federation for registration and login. In reviewing the registrations for my app, I noticed that it got 70+ registrations, but of these only 12 went on to create user profiles. I tested creating an account and signing in through each identity provider (Amazon, Google, Facebook) as well as through standard signup with an email and password. I never had any issues.
I started testing more heavily on mobile and eventually I started to encounter the an error. I plugged my mobile device into my laptop, navigated to chrome//:inspect and checked the network tab and JS console. Only when my chosen identity provider required an OTP code, I noted that I was getting invalid_request and invalid_grant errors on after I input the code and continued with sign-in, even though registration seemed to work (I say registration seemed to work because I received AWS credentials in the initial response and amplify-signin-with-hostedUI was set to true in localStorage. Also, when I open the AWS Console and go to Cognito, I can see that I've been added as a user in my User_Pool).
If I refresh the browser at this point, it seems a new request is sent off to /token, but it comes back with a 400 error with the invalid_grant message.
I kept poking around and eventually found something interesting. There are three tabs involved in the login process, and I think this is somehow messing things up. On mobile, when I try to register or login with the Cognito Hosted UI, I am first met with the Federated Identity Provider buttons and email/password page.
First I got to my website (Tab One). Then I click sign-up and the Hosted UI page pops up (Tab Two). I select one of the login methods (Amazon, Google, Facebook, or Email/Password). If the selected method requires no OTP, I'm golden. I'm redirected to my web app and the app works fine. If my selected method requires an OTP, a new tab opens (Tab 3) which asks for the token. At this point, I can see in Chrome devtools that an error occurs on this tab (Tab 3).
After plugging in the OTP code and clicking sign-in, I'm redirected, as expected, back to the my web-app, but this redirect occurs in the original tab (Tab One), however with a query string added to the URL (/?code=). If I click the view tabs button, I see that the Hosted UI tab (Tab Two) is still open and still has the Cognito Hosted UI buttons/username+password page open. Not sure if that's important.
Now on Tab One with my web app, I don't immediately see any errors in Chrome devtools. But I can see that my app is unable to load. If I wait, it just loads and loads forever. If I refresh the page, then at this point I see a new request to /token fire off in the Network Tab of Chrome DevTools and it comes back with the 400 error invalid_grant response.
Has anyone else encountered this issue or found a resolution?
Thanks in advance!
I recently set up WSO2 Identity Server 5.7.0, and users have begun using it extensively. However, some are running into a problem where they accidentally hit the Back button in their browser after logging in, and they don't know how to get back to the application at that point. Refreshing the page does nothing, and trying to log in again takes them to an "Authentication Error" message on <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/retry.jsp, which does not provide any links to take them back to the service provider application.
I found this solution in the WSO2 documentation:
https://docs.wso2.com/m/mobile.action#page/85367898/header/CustomizingtheAuthenticationEndpoint-Handlingbrowserbackbuttonandbookmarkedloginpage
I have implemented the relyingPartyRedirectUrls resource under /_system/config/identity/config in the WSO2 Registry for each of the service provider applications defined in the environment, and it is working exactly as I had hoped in Firefox 68.3 ESR and Edge 44. However, it does not seem to work for Chrome 79 or Internet Explorer 11.
Problem script:
/logincontext?sessionDataKey=19283828-7f3a-49ff-a640-58b95d252b4d&relyingParty=my-sp-name&tenantDomain=carbon.super
In Firefox, this script contains the following code in the response:
{"status":"redirect","redirectUrl":"https://my.sp.com/"}
However, the same script in Chrome contains this code in the response:
{"status":"success"}
Do you have any recommendations for what tweaks I could make to the configuration in order to get this fix working in all (or most) browsers? If you have other recommendations for ways to mitigate the pain for users who don't think to click the "Forward" button in their browser, I would be very open to hearing them.
P.S. When a user tries to log in a second time after clicking the Back button, this is what shows up in wso2carbon.log:
TID: [-1234] [] [2020-01-13 18:52:20,400] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Context does not exist. Probably due to invalidated cache
TID: [-1234] [] [2020-01-13 18:52:20,400] WARN {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Authentication context is null, redirect parameter filtering will not be done for 19283828-7f3a-49ff-a640-58b95d252b4d
P.P.S. I discovered that when I load a bookmarked URL in Chrome 79, the fix works as expected. Also, if I use the Back button to get to the login page and then refresh the login page, that also causes the fix to take me into the app. It is only the initial load of the login page after clicking the Back button where the fix doesn't work (in Chrome 79, at least; the fix doesn't work under any of those circumstances in IE 11).
I tested the Chrome 79 with the dashboard app with the above configs and it worked fine. Can you check with the dashboard application?
If you want you can create a git issue in https://github.com/wso2/product-is/issues to report this behaviour directly to WSO2 IAM team.
Another suggestion, if you find the retry.jsp not intuitive enough, you can always modify/replace that with your custom implementation. For example if you have one main application, then you can add the link to your homepage in the retry.jsp. Then users can always go back to your application using that link.
I'm trying to use bigrquery from an interactive R session for the first time. I've installed the R bigrquery package and successfully established a connection. I've authenticated following a redirect from the interactive RStudio session to the web browser for login, so oauth seems to be working correctly. However, when I try to run a query, such as DBI::dbReadTable(con, "A549_raw_merged_TADs")[1:6, ], I get the error Error: The project variant-annotation has not enabled BigQuery. [invalid].
I am sure I need to enable something else in the project on the Google side, but I'm not sure what I need to enable, or how to do that from the web console interface.
Is this documented anywhere, or can anyone here give me instructions?
Note: I have confirmed that the BigQuery API has Activation status of Enabled via the console at https://console.cloud.google.com/apis/api/bigquery-json.googleapis.com/overview, so although my question is the same as Error processing job: Project has not enabled BigQuery, the issue appears to be different.
Additional information: when I check the BigQuery API status via the console link above, there's a notification that "To use this API, you may need credentials. Click 'Create credentials' to get started."
So it may be that my assumption that oauth seems to be working is not correct.
You can enable the BigQuery API with this command gcloud services enable bigquery.googleapis.com, but, since you mention it is already enabled, you may be pointing to a different project.
Feel free to ping me on a new thread if you require assistance on the new issue.
Iam using cybersource for credit card payment.
Created username token for security data with the test account created
When Executing
self.response = self.client.service.runTransaction(**options)
Gets error
Server raised fault: '
Security Data : UsernameToken authentication failed.
'
Thanks in Advance
I got it.......
Just Generate transaction security key and give the generated key as password.
Able to connect successfully.
Steps to create key
Using a web browser, navigate to the CyberSource Enterprise Business Center (EBC) Test Environment login page
Log in using a username with Administrator credentials
Click Account Management from the menu bar on the left side of the screen
Click Transaction Security Keys In the expanded sub-menu,
Click the link, Security Keys for the Simple Order API on the Transaction Security Keys page
Click Generate Key
At this point you may see a pop-up dialog box asking if you want to block dynamic content on the page. Select No if this dialog box appears.
Click Generate Certificate Request when it appears (it may take a few seconds to load)
When the key generation script is done, a dialog box will appear which asks you to select a location on your computer where the new security key will be saved.
Save the key (the naming convention is <your merchant id>.p12)
Deploy the key to your system