AWS PHP SDK Cognito User Auth - amazon-web-services

How can I verify if a user is logged in on my services with AWS PHP SDK?
I am logging them with :
$result = $this->awsCognitoClient->adminInitiateAuth([
'AuthFlow' => 'ADMIN_NO_SRP_AUTH',
'ClientId' => $this->appClientID,
'UserPoolId' => $this->userPoolID,
'AuthParameters' => [
'USERNAME' => $userName,
'PASSWORD' => $password,
],
]);
That provides a session token. I want to send that token to another of my services and in that other service I want to check if the token is valid or not. How should I proceed?
Is this the best way or is there a better method to authenticate my user?

To solve this issue i created a singleton instance of an AWSAutWrapper and i share the accesstoken with other services.

Related

Creating Oauth callback function in python. I there is a webserver should sends me Token and I want to react to the token if it's correct by call back

I want to make the same function but in Python Django how can I do that
because I
want to make authentication for login using Oauth 2.0
public function callback(Request $request){
$response = Http::post('https://oauth.zid.sa' . '/oauth/token', [
'grant_type' =>'authorization_code',
'client_id' => 48,
'client_secret' => 'LsswUNyWTjyKT9AsXnpsv3FnG4glSNZQ5SM3YRnD',
'redirect_uri' => 'http://client.test/oauth/callback',
'code' => $request->code // grant code]);}

Unable to by pass amazon cognito authentication using cypress

I am trying to get login, but login functionality takes place in 'AWS Cognito Authetication', which is making my life little mess.
What happens, when user enters base url on browser, app navigates to 'AWS Cognito' message, where I enter my credentials, after adding credentials, app is showing me an alert message i.e.
An error was encountered with the requested page.
Screenshot is attached. I have checked network logs, but it is showing me that:
{"error":{"name":"UnauthorizedError","message":"No authorization token was found"}}
I need to know , where to start the procedure, I have gone through AWS Cognito Credentials section, but nothing happened yet.
Can someone help me there, how to start and how to work with it?
Cypress documentation has advice on how to authenticate with Cognito.
It could be more complete though, this blog post by Nick Van Hoof offers a more complete solution.
First install aws-amplify and cypress-localstorage-commands libs.
Add a Cypress command like:
import { Amplify, Auth } from 'aws-amplify';
import 'cypress-localstorage-commands';
Amplify.configure({
Auth: {
region: 'your aws region',
userPoolId 'your cognito userPoolId',
userPoolWebClientId: 'your cognito userPoolWebClientId',
},
});
Cypress.Commands.add("signIn", () => {
cy.then(() => Auth.signIn(username, password)).then((cognitoUser) => {
const idToken = cognitoUser.signInUserSession.idToken.jwtToken;
const accessToken = cognitoUser.signInUserSession.accessToken.jwtToken;
const makeKey = (name) => `CognitoIdentityServiceProvider.${cognitoUser.pool.clientId}.${cognitoUser.username}.${name}`;
cy.setLocalStorage(makeKey("accessToken"), accessToken);
cy.setLocalStorage(makeKey("idToken"), idToken);
cy.setLocalStorage(
`CognitoIdentityServiceProvider.${cognitoUser.pool.clientId}.LastAuthUser`,
cognitoUser.username
);
});
cy.saveLocalStorage();
});
Then your test:
describe("Example test", () => {
before(() => {
cy.signIn();
});
after(() => {
cy.clearLocalStorageSnapshot();
cy.clearLocalStorage();
});
beforeEach(() => {
cy.restoreLocalStorage();
});
afterEach(() => {
cy.saveLocalStorage();
});
it("should be logged in", () => {
cy.visit("/");
// ...
});
});

Auto login in Power BI with REST API with cron task

I want auto login in Azure portal for access_token so that I can send data to Power BI dataset . From cron task in Rails App currently I am using
OAuth2::Client
and
OAuth2::AccessToken for generating token.
I add username, password , grant_type => 'password' and scope => 'openid' to OAuth2::Client but it is not working something is missing
I got this. Now I am using rest_client instead of Oauth2
request = RestClient.post( url,
{
:grant_type => 'password',
:scope => 'openid',
:resource => 'https://analysis.windows.net/powerbi/api',
:client_id => 'CLIENT_ID',
:client_secret => 'CLIENT_SECRET',
:username => 'USERNAME',
:password => 'PASSWORD'
})

How to create CSRF token for Cakephp 3 PHPunit testing?

I am trying to get my unit tests working again after enabling CSRF tokens and SSL in my CakePHP 3 app.
How do I create or generate a token for a test like the following? Or do I just disable it for testing purposes?
public function testLogin() {
$this->get('/login');
$this->assertResponseOk();
$data = [
'email' => 'info#example.com',
'password' => 'secret'
];
$this->post('/login', $data);
$this->assertResponseSuccess();
$this->assertRedirect(['controller' => 'Users', 'action' => 'dashboard']);
}
The official documentation has good approach since version 3.1.2.
You only have to call $this->enableCsrfToken(); and/or $this->enableSecurityToken(); before your post to be able to perform the request successfully with token.
As the official example shows:
public function testAdd()
{
$this->enableCsrfToken();
$this->enableSecurityToken();
$this->post('/posts/add', ['title' => 'Exciting news!']);
}

OTRS generic interface rest authentication

I'm trying to consume the OTRS generic interface. The rest service is created by the import functionallity. I found the files needed for import here Consuming OTRS TicketConnector from .NET apps
My problem is when I try to consume the interface for example with a curl command
curl http://<user>:<password>#<server-ip>:<port>/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnectorREST/Ticket/<Ticket-id> -X GET
The result of the command is
{"Error":{"ErrorCode":"TicketGet.AuthFail","ErrorMessage":"TicketGet: Authorization failing!"}}
I tried every user/password combination that makes sense to me. I tried the otrs admin account, agent account, customer account, root account of the server, EVERYTHING! I can't find a information in the docs that states wich account type is needed.
Here are some information that are printed out by the webservice debugger
Communication sequence started
$VAR1 = {
'DOCUMENT_ROOT' => '/srv/www/htdocs',
'GATEWAY_INTERFACE' => 'CGI/1.1',
'HTTP_ACCEPT' => '*/*',
'HTTP_HOST' => '<server-name>',
'HTTP_USER_AGENT' => 'curl/7.39.0',
'MOD_PERL' => 'mod_perl/2.0.4',
'MOD_PERL_API_VERSION' => '2',
'PATH' => '/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib/mit/bin:/usr/lib/mit/sbin',
'PATH_INFO' => '/Webservice/GenericTicketConnectorREST/Ticket/<ticket-id>',
'PATH_TRANSLATED' => '/srv/www/htdocs/Webservice/GenericTicketConnectorREST/Ticket/<ticket-id>',
'QUERY_STRING' => '',
'REMOTE_ADDR' => '<server-ip>',
'REMOTE_PORT' => '56065',
'REQUEST_METHOD' => 'GET',
'REQUEST_URI' => '/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnectorREST/Ticket/<ticket-id>',
'SCRIPT_FILENAME' => '/opt/otrs/bin/cgi-bin/nph-genericinterface.pl',
'SCRIPT_NAME' => '/otrs/nph-genericinterface.pl',
'SERVER_ADDR' => '<server-ip>',
'SERVER_ADMIN' => '<admin-account>',
'SERVER_NAME' => '<server-name>',
'SERVER_PORT' => '80',
'SERVER_PROTOCOL' => 'HTTP/1.1',
'SERVER_SIGNATURE' => '<address>Apache/2.2.12 (Linux/SUSE) Server at <server-name> Port 80</address>
',
'SERVER_SOFTWARE' => 'Apache/2.2.12 (Linux/SUSE)'
};
Deteced operation TicketGet
No data provided
Incoming data before mapping
$VAR1 = {
'RequestMethod' => 'GET',
'TicketID' => '<ticket-id>'
};
TicketGet.AuthFail
TicketGet: Authorization failing!
Outgoing data before mapping
$VAR1 = {
'Error' => {
'ErrorCode' => 'TicketGet.AuthFail',
'ErrorMessage' => 'TicketGet: Authorization failing!'
}
};
Long story short: what type of authentication or user type otrs expects to access the generic interface?
In found my mistake. The way I passed the login credentials to the service was wrong.
In my case the user is a agent user.
Here is a working curl command for my service:
curl http://<server-ip>:<port>/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnectorREST/Ticket/<ticket-id>?UserLogin=<username>\&Password=<password> -X GET