I'm beginner to blockchain development, and I have a question in the polygon documentation in order to make a deployment using hradhat, you need to pass account: process.env.PRIVATE_KEY, but how do I get the user's private key when logging in to the metamask on the site?
require('dotenv').config();
require("#nomiclabs/hardhat-ethers");
require("#nomiclabs/hardhat-etherscan");
module.exports = {
defaultNetwork: "matic",
networks: {
hardhat: {
},
matic: {
url: "https://rpc-mumbai.maticvigil.com",
accounts: [process.env.PRIVATE_KEY]
}
},
etherscan: {
apiKey: process.env.POLYGONSCAN_API_KEY
},
solidity: {
version: "0.7.0",
settings: {
optimizer: {
enabled: true,
runs: 200
}
}
},
}
In MetaMask's "Account details" there is an "export private key" option
Yes, you can get the MetaMask Private key through Google Chrome Extension.
Go to Account Details
Export Private Key
Enter your Password
Private Key Reveal to you
Make sure you do not share this with anyone this address have a all your assets stored.
Related
I was implementing a role based authentication using next-auth v4 using CognitoProvider which I modified to add a role but the role attribute is not passed in the final session json
import NextAuth from "next-auth/next";
function CognitoProvider(options) {
return {
id: "cognito",
name: "Cognito",
type: "oauth",
wellKnown: `${options.issuer}/.well-known/openid-configuration`,
idToken: true,
profile(profile) {
console.log(profile);
return {
id: profile.sub,
name: profile.name,
email: profile.email,
image: profile.picture,
role: profile["cognito:groups"],
};
},
options,
};
}
export default NextAuth({
providers: [
CognitoProvider({
clientId: process.env.COGNITO_CLIENT_ID,
clientSecret: process.env.COGNITO_CLIENT_SECRET,
issuer: process.env.COGNITO_DOAMIN,
}),
],
callbacks: {
session: (props) => {
console.log(props);
return props.session;
},
},
});
Below is the console log of profile object
role: profile["cognito:groups"]
Actual Object
I have added a user to admin group and wanted him to access a specific route in my NextJS app.
Any help would be appreciated.
You need to configure the jwt and session callbacks to include more data in the session.
From Next-Auth docs:
If you want to make something available you added to the token [...] via the jwt() callback, you have to explicitly forward it here [the session() callback] to make it available to the client.
To add the user's role:
export default NextAuth({
// ...
callbacks: {
jwt({ token, account, profile }) {
if (account) {
// modify token
token.role = profile.role;
}
return token;
},
session({ session, token }) {
// Send properties to the client
if (session.user) {
// modify session
session.user.roles = token.role;
}
return session;
},
},
});
Then in your route, you would get the user's role from the session session.user.role
I am building an app using Ionic, Capacitor and AWS Amplify. I am having some issues
I have set up federated sign-in for my app using the capacitor plugin https://github.com/capacitor-community/facebook-login and call Auth.federatedSignIn() as per the below. This logs my user in with a federated identity. This is great, but it means I cannot use #auth(rules: [{ allow: owner }]) in my graphql schema. Is there any way to create a user in the userpool when calling Auth.federatedSignIn()? I know that calling Auth.federatedSignIn({ provider: "Facebook" }) and using the hosted UI works like this, but I do not want to redirect my user to a browser/chrome tab to sign in. I would like the authentication to be provided by the native functionality provided by the above capacitor plugin.
Using the federated identity allows me to restrict access to my graphql schema using IAM: #auth(rules: [{ allow: private, provider: iam }]) but this is limited to private and public rules. I want to limit the graphql api so that users can see only their own entries with functionality like #auth(rules: [{ allow: owner }]).
Maybe I am going about this the wrong way? I'm stumped. Any help is appreciated. Thanks.
const FBLogIn = async () => {
const result = await FacebookLogin.login({ permissions: FACEBOOK_PERMISSIONS });
const { email } = await FacebookLogin.getProfile({ fields: ['email'] });
try {
const userDetails = await Auth.federatedSignIn("facebook", { token: result.accessToken.token, expires_at: result.accessToken.expires }, { name: result.accessToken.userId, email: email })
} catch (error) {
console.log(error)
}
}
I'm using AWS CDK to create an APIGateway. I want to attach a custom domain to my api so I can use api.findtechjobs.io. In the console, I can see I have a custom domain attached, however I always get a 403 response when using my custom domain.
Below is the following AWS CDK Stack I am using to create my API Gateway attached with a single lambda function.
AWS CDK deploys well, however, when I attempt to make a POST request to https://api.findtechjobs.io/search AWS returns a 403 Forbidden response. I don't have a VPC, WAF, or an API key for this endpoint.
I am very uncertain why my custom domain is returning a 403 response. I have been reading a lot of documentation, and used answers from other questions and I still can't figure out what I am doing wrong.
How can I associate api.findtechjobs.io to my API Gateway well using AWS CDK?
export class HostingStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: cdk.StackProps) {
super(scope, id, props)
const zonefindtechjobsio = route53.HostedZone.fromLookup(this, 'findtechjobs.io', {
domainName: 'findtechjobs.io'
});
const certificate = new acm.Certificate(this, 'APICertificate', {
domainName: 'findtechjobs.io',
subjectAlternativeNames: ['api.findtechjobs.io'],
validation: acm.CertificateValidation.fromDns(zonefindtechjobsio),
});
const api = this.buildAPI(certificate)
new route53.ARecord( this, "AliasRecord api.findtechjobs.io", {
zone: zonefindtechjobsio,
recordName: `api`,
target: route53.RecordTarget.fromAlias(new route53targets.ApiGateway(api)),
});
}
private buildAPI(certificate: acm.Certificate) {
// API
const api = new apigateway.RestApi(this, "techjobapi", {
domainName: {
domainName: 'findtechjobs.io',
certificate: certificate
},
defaultCorsPreflightOptions: {
allowOrigins: apigateway.Cors.ALL_ORIGINS, // TODO limit this when you go to prod
},
deploy: true,
deployOptions: {
stageName: 'dev',
},
endpointTypes: [apigateway.EndpointType.REGIONAL]
});
const searchResource = api.root.addResource("search", {
defaultMethodOptions: {
operationName: "Search",
},
});
searchResource.addMethod(
"POST",
new apigateway.LambdaIntegration(new lambda.Function(this, "SearchLambda", {
runtime: lambda.Runtime.GO_1_X,
handler: "main",
code: lambda.Code.fromAsset(path.resolve("..", "search", "main.zip")),
environment: {
DB_NAME: "...",
DB_CONNECTION:"...",
},
})),
{
operationName: "search",
}
);
return api;
}
}
Same problem. After some struggle. I found out that the problem may lay in the DNS. Cause my domain was transferred from another registrar. The name server is not changed. After I change them to AWS dns it worked. But I can't 100% sure.
And I found out that the default API gateway domain(d-lb4byzxxx.execute-api.ap-east-1.amazonaws.com ) is always in 403 forbidden state.
I'm currently trying to create an Amazon Cognito User Pool with OAuth flow "Authorization Code" via the AWS CDK as described in the documentation aws-cognito module.
Here is the typescript code of my stack:
import * as cdk from '#aws-cdk/core';
import { UserPool, VerificationEmailStyle, OAuthScope } from '#aws-cdk/aws-cognito';
import { Duration } from '#aws-cdk/core';
export class UserPoolStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const userPool = new UserPool(this, 'stackoverflow-userpool', {
userPoolName: 'stackoverflow-userpool',
selfSignUpEnabled: true,
signInCaseSensitive: false,
userVerification: {
emailSubject: 'Verify your email!',
emailBody: 'Hello, Thanks for signing up! {##Verify Email##}',
emailStyle: VerificationEmailStyle.LINK
},
signInAliases: {
username: true,
email: true
},
requiredAttributes: {
email: true
},
passwordPolicy: {
minLength: 12,
requireLowercase: true,
requireUppercase: true,
requireDigits: true,
requireSymbols: true,
tempPasswordValidity: Duration.days(7)
}
});
const client = userPool.addClient('stackoverflow-userpool-localhost-client', {
userPoolClientName: 'stackoverflow-localhost-client',
oAuth: {
flows: { authorizationCodeGrant: true },
scopes: [OAuthScope.OPENID],
callbackUrls: ['http://localhost:4200/callback']
}
});
userPool.addDomain('stackoverflow-userpool-domain-prefix', {
cognitoDomain: {
domainPrefix: 'stackoverflow'
}
});
}
}
For whatever reason my "Cognito User Pool" is not enabled as an "Identity Provider" in my "App client". (see screenshot)
Is my configuration wrong? I can't find any property that would enable this.
Is it a bug or because the module is still experimental? What confuses me is why would they describe how to set up the "Authorization Code" flow in the documentation if it doesn't work...
at the present date, looks good and worked for me. Maybe an old version of aws-cdk? In any case, you can explicitly enable Cognito User Pool on the client
const client = userPool.addClient('stackoverflow-userpool-localhost-client', {
userPoolClientName: 'stackoverflow-localhost-client',
oAuth: {
flows: { authorizationCodeGrant: true },
scopes: [OAuthScope.OPENID],
callbackUrls: ['http://localhost:4200/callback']
},
supportedIdentityProviders: [
UserPoolClientIdentityProvider.AMAZON,
UserPoolClientIdentityProvider.COGNITO,
]
});
I'm trying to figure out how to generate Service Specific Credentials for an IAM User with the AWS CDK.
I can see how to achieve this from:
Admin Console: IAM > Users > Security credentials:
HTTPS Git credentials for AWS CodeCommit, and
Credentials for Amazon Managed Apache Cassandra Service (MCS)
API: CreateServiceSpecificCredential
CLI: create-service-specific-credential
However I can't see how to achieve this with the AWS CDK (or from Cloud Formation for that matter).
If this is not currently supported from the CDK then what would be the recommended approach?
Building on what #JeffreyGoines replied above, a Construct calling CreateServiceSpecificCredential:
export class CodeCommitGitCredentialsProps {
userName: string
}
export class CodeCommitGitCredentials extends Construct {
readonly serviceSpecificCredentialId: string;
readonly serviceName: string;
readonly serviceUserName: string;
readonly servicePassword: string;
readonly status: string;
constructor(scope: Construct, id: string, props: CodeCommitGitCredentialsProps) {
super(scope, id);
// Create the Git Credentials required
const gitCredResp = new AwsCustomResource(this, "gitCredentials", {
// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/IAM.html#createServiceSpecificCredential-property
onCreate: {
service: "IAM",
action: "createServiceSpecificCredential",
parameters: {
ServiceName: "codecommit.amazonaws.com",
UserName: props.userName
},
physicalResourceId: PhysicalResourceId.fromResponse("ServiceSpecificCredential.ServiceSpecificCredentialId")
},
// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/IAM.html#deleteServiceSpecificCredential-property
onDelete: {
service: "IAM",
action: "deleteServiceSpecificCredential",
parameters: {
ServiceSpecificCredentialId: new PhysicalResourceIdReference(),
UserName: props.userName
}
},
policy: AwsCustomResourcePolicy.fromSdkCalls({
resources: AwsCustomResourcePolicy.ANY_RESOURCE,
}),
});
this.serviceSpecificCredentialId = gitCredResp.getResponseField("ServiceSpecificCredential.ServiceSpecificCredentialId");
this.serviceName = gitCredResp.getResponseField("ServiceSpecificCredential.ServiceName");
this.serviceUserName = gitCredResp.getResponseField("ServiceSpecificCredential.ServiceUserName");
this.servicePassword = gitCredResp.getResponseField("ServiceSpecificCredential.ServicePassword");
this.status = gitCredResp.getResponseField("ServiceSpecificCredential.Status");
}
}
And a usage example:
// User created for Git Push/Pull
this.user = new User(this, `codeCommitGitMirrorUser`, {
userName: `${props.repository.repositoryName}-GitMirrorUser`
});
props.repository.grantPullPush(this.user);
this.gitCredentials = new CodeCommitGitCredentials(this, "codeCommitGitCredentials", {
userName: this.user.userName
});