I'm working on some sensitive web application, and I would like to disconnect users after 5mn of inactivity.
I'm stuck with the 1 day minimum refresh token timeout (set on cognito management console)...
How can I bypass this ? Or set the refresh token timeout < 1 day ?
I'm using the aws-amplify module
I've seen a lot of similar questions and it seems there is no way to do it properly...
Thanks in advance
Related
Last year I was building an application to create my own YT dashboard.
It was based only the code of a tutorial
They basically authenticate a user via OAuth and send requests to get channel data or playlists of the authenticated user.
I was trying out both the original tutorial app and my own (after a few dormant months) and they suddenly don't work anymore.
Meaning: I can authenticate on both, but on the original version I get a 403 error telling me: "The request is missing a valid API key." (on requesting channel data)
This is confusing because the API key is never used because only the OAuth client id was necessary.
And on my own fancy version, I get a 403 error telling me that I've exceeded my getting started quota. (on requesting the users playlists)
Looking at my quota page:
I can see, that queries per day (why is it there twice?) is somehow set to 0.
Perhaps creating a new OAuth 2.0 Client ID or a new API key would solve these errors, as was suggested in another post.
But since I'm planning to use the YT Data API in a real project soon and want to prevent this from ever happening I would like to understand what was going on. Why the daily quota limit is suddenly turned to 0 and how to go about it when that happens.
Or at least how to contact google about it.
Perhaps some of you have some insights.
UPDATE:
I've just found this post reporting, that after 90 inactive days, the quota is automatically set to 0.
Now I created a new OAuth Client Id and replaced the constant in my code. Nothing changed so far. Perhaps I have to wait 24h. Or perhaps I have to fill out this form which apparently can lead to months of back and forth email nonsense. I sure hope not.
It seemed the only viable option was to create a new project with new credentials.
(And one should not forget that the YT Data API has to be enabled again for the new project.)
We have an Alexa home skill developed and is under testing. For the Home devices control
ENVIRONMENT DETAILS:
Alexa Home skill
Lambda functions for the execution
Account linking has been enabled
Once I enable the skill, the skill is getting enabled successfully. Starting discovery of devices and finding the devices. Post that I was able to control the devices as well
But say after an hour. When I come back to the app or the echo devices. If I start controlling the device. it displays server is unresponsive and says something went wrong. Try disabling and enabling your skill. If I do that it works fine for an hour. Again it goes to unresponsiveness.
Did anyone experienced such behavior?
I had the exact same symptoms and the root cause was because we weren't properly providing a refresh token, and our access token had a 1 hour TTL.
From the Alexa Account Linking Debugging Tips page:
Problem: Account linking succeeds, but after some time the customer has to link accounts again
Solution: This usually indicates that Alexa was unable to use the provided refresh token to grab a new access/refresh token pair.
Ensure that the access token time to live (TTL) is more than 5 minutes.
Ensure that your authorization server can successfully refresh the access/refresh token pair when presented with a refresh token by
Alexa.
Ensure that you are not invalidating refresh tokens too early - Alexa may take some time after the access token has expired to refresh
the token, and if your authorization server has already invalidated
the refresh token, Alexa will not be able to refresh the
access/refresh token pair and your customer will have their account
linking disabled.
Does your skill implement EnpointHealth?
If not, it may affect the connectivity status in the app.
I'm using React Native and Expo. Also using aws-amplify to manage users with Cognito's user pool.
Every so often my users are getting kicked out of the system because of "Refresh Token has expired" error. Those users were in the system in the previous week so their refresh token should still be valid. Any ideas?
I'm using:
aws-amplify 2.2.0
aws-amplify-react-native 2.2.3
react-native 0.59
expo 35
I think this is a misunderstanding of the docs. I was under the impression that the refresh token is being re-issued on every session, thus users should never get to the expiration time while they are active.
Apparently this is not the case, as users are issued a refresh token upon login only and that token is being persistent on the client side storage. No matter if they are active or not, this token is expired after 30 days (or else configured) and then need to re-login again.
(of course I'm aware that this is not an Amplify implementation)
We are working with Google's Admin SDK API. We get a lot of 403 (Rate limit exceeded) errors when we execute more than 2 threads making batch requests to Google's servers.
We have changed the Rate Limit of Requests per second in the project admin panel but it seems to have no effect. As google recommends in https://developers.google.com/admin-sdk/directory/v1/limits we have tried with one user's credential per thread.
How many requests per second can we actually send?
Is there any way apart from contacting Google to increase that Rate limit?
Thanks in advance.
You can submit quota request to increase you query limit by going to API console (https://code.google.com/apis/console/
). Go to the quota pane and click "Request more" next to Admin SDK. A form should show up, and you can submit your request. Make sure you include your calculation and justification.
You're probably requesting new access tokens for every request. See my answer at https://stackoverflow.com/a/24211132/1135732
We're looking to replace an existing API manager with wso2 and one of the features of the other platform is that we can identify a 'user' of the API at run time and have the throttling work.
The 'user' is not OAuth identified, rather they authenticate via the API and a session id is returned (so they've never registered at a 'store'). This session id is then used to setup the throttling at the API Manager. Additionally the other tool has code to look for the user logging in and using that id in the throttling. so if a user tries to login too many times per hour the API manager blocks the request in addition to too many requests for a logged in user per hour. The combinations of login attempts, API calls etc. are summed into the throttle. (All this was implemented by their services team years ago)
The main reason we need this is we don't want to force our old clients to go to OAuth immediately but want much more visibility, reporting and throttling.
Thoughts on how to do this with wso2? I see where we can add our own Handlers to the API to figure out session ids, login ids etc. but I don't see where to create the logic to do the throttling.
Thanks,
Chris
Login to Carbon and edit the tiers.xml (/_system/governance/apimgt/applicationdata/tiers.xml)。You can found the section <throttle:ID throttle:type="ROLE">Unauthenticated</throttle:ID>