AWS Lambda NodeJS - OAuth to Google API - amazon-web-services

I'm using my own gmail user to read a public calendar. Got program working locally, and displayed the credentials/token with console.log (value altered to protect my token):
Got Token
OAuth2Client {
transporter: DefaultTransporter {},
_certificateCache: null,
_certificateExpiry: null,
_clientId: 'xxxxxxxxxxxxxx',
_clientSecret: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
_redirectUri: 'urn:ietf:wg:oauth:2.0:oob',
_opts: {},
credentials:
{ access_token: 'xxxxxxx',
refresh_token: 'xxxxxxxxxxxxxxxxxx',
token_type: 'Bearer',
expiry_date: 1512151860704 } }
I also did what StackOverflow said: How to oAuth Google API from Lambda AWS? and it gave me the same access_token as displayed above.
So, if I understand, I need to take the access token and put it in my program or a file, and I'm not sure how to do that. My code came from the Google example here: https://developers.google.com/google-apps/calendar/quickstart/nodejs
Do I put this token somewhere in my client_secret.json file or what? I tried just passing it straight to the listEvents method as the value of TOKEN but got "400 Bad Request".
Update 1:
I tried storing the file to disk and then reading it as follows:
exports.getCalendarJSONEventsNew =
function getCalendarJSONEvents(callback) {
console.log("started getCalendarJSONEventsNew");
fs.readFile('OAuth2Client.json', 'utf8',
function processedFile(err, content) {
if (err) {
console.log('Error loading OAuth2Client.json: ' + err);
return;
}
console.log("content=");
console.log(content);
var tokenFromFile = JSON.parse(content);
listEvents(tokenFromFile, function(jsonResult) {
console.log("Json Callback Events=");
console.log(jsonResult);
callback(jsonResult);
});
});
}
Error: It doesn't seem to be exactly be JSON, so not how to deserialize it back into object:
OAuth2Client {
^
SyntaxError: Unexpected token O in JSON at position 0
Update 2: Then I had another idea, I saved the following as
credentials: {
access_token: 'xxxxx',
refresh_token: 'xxxxxx',
token_type: 'Bearer',
expiry_date: 1512151860704
}
as .credentials/calendar-nodejs-quickstart.json.
Then when I ran on the server, I got this response back:
Authorize this app by visiting this url: https://accounts.google.com/o/oauth2/auth?etc...

Here's how I got it to work so far.
1) Created a file called calendar-nodejs-quickstart.json in the root directory.
I kept getting errors when trying to read .credentials/calendar-nodejs-quickstart.json. I tried setting the environment variables, but ended up changing sample code as follows:
var TOKEN_DIR = '.credentials/';
var TOKEN_PATH = 'calendar-nodejs-quickstart.json';
2) Had to remove "credentials :" from the beginning of the file, and add the double quotes (and also changed single quotes to double quotes). This was to get past various JSON parsing errors.
{
"access_token": "xxxxx",
"refresh_token": "xxxx",
"token_type": "Bearer",
"expiry_date": 1512151860704
}
3) I also added the 'utf8' below, and added some debug code to see what was going on:
// Check if we have previously stored a token.
console.log("TOKEN_PATH=" + TOKEN_PATH);
fs.readFile(TOKEN_PATH, 'utf8', function(err, token) {
if (err) {
console.log("err=" + err);
getNewToken(oauth2Client, callback);
} else {
console.log("Use stored tokens from " + TOKEN_PATH);
console.log(token);
oauth2Client.credentials = JSON.parse(token);
callback(oauth2Client);
}
});
Seems critical to me to show the value of the "err" variable.

Related

How do I handle Request Body Error in Ktor

I am new to Ktor and I have a route with a request body which i am parsing with Kotlin Serialization.
I know that the request body is expected to conform to the request body data class but then, I tested by passing the wrong field in my test payload and it crashed the app.
I want to be able to handle such scenarios and respond to the client that such a field is not allowed. How do i go about that.
This is my sample data class:
#kotlinx.serialization.Serializable
data class UserLoginDetails(
var email: String = "",
var password: String = ""
)
This is the route:
post("/user/login") {
val userInfo = call.receive<UserLoginDetails>()
//my code here
}
The payload below works
{
"email": "test#email.com",
"password": "password"
}
But if use an alternative payload for instance:
{
"phone": "test#email.com",
"password": "password"
}
The app crashes with the crash message:
kotlinx.serialization.json.internal.JsonDecodingException: Unexpected
JSON token at offset 7: Encountered an unknown key 'emai'. Use
'ignoreUnknownKeys = true' in 'Json {}' builder to ignore unknown
keys.
You have two options in Ktor:
call.receive is the function which can throw an exception in this case, you can simply catch it:
try {
val userInfo = call.receive<UserLoginDetails>()
} catch (t: Throwable) {
// handle error
}
Catching exceptions globally using Status Pages:
install(StatusPages) {
exception<SerializationException> { cause ->
call.respond(/* */)
}
}
The error message says you can setup your Json with the config ignoreUnknownKeys = true where you are creating the Json object. Here's the doc link.
a tip: You might also want to check other configuration options so you can avoid setting empty string as default values.

Error 400: Invalid Account Linking Credentials When Enabling an Alexa Skill

I am trying to implement app-to-app account linking for alexa skills with my app.
I have followed the guide found here https://developer.amazon.com/en-US/docs/alexa/account-linking/app-to-app-account-linking-starting-from-your-app.html and have reached Step 6: Enable the skill and complete account linking. At this point, I am creating the final post request within an AWS lambda function using axios. The request is of the following form:
const header = {
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer " + event.amazonAccessToken
}
};
const body = {
"stage": event.skillStage,
"accountLinkRequest": {
"redirectUri": event.redirectURI,
"authCode": event.userAuthorizationCode,
"type": "AUTH_CODE"
}
};
and I am sending the post request to each of the possible regional endpoints and using the one call that succeeds, as shown in the guide's sample code.
endpoints.forEach((endpoint)=> {
alexaServicePromises.push(axios.post(endpoint, body, header).catch(function(error) {
if (error.response) {
console.log(error.response.data);
console.log(error.response.status);
console.log(error.response.headers);
}
}));
});
return new Promise((resolve, reject) => {
var failures = 0;
alexaServicePromises.forEach((promise) => {
promise.then((res)=> {
if (res.status == 201 || res.status == 200) {
resolve(res.data);
} else {
if (++failures == alexaServicePromises.length) {
reject(res.data);
}
}
}).catch((err)=> {
if (++failures == alexaServicePromises.length) {
reject(err.data);
}
})
})
});
However, the issue is that each of the three calls to each endpoint are returning error code 400 with message: 'Invalid account linking credentials'. I am completely unable to solve this problem. Each of the previous steps are running perfectly, I am sending the Amazon access token from step 5, skill stage is 'development' (skill is not published), redirectUri is the uri used in step 4 when I obtained an Amazon authorization code to redirect the user back into the app, the user authCode I am sending was returned from directing the user to sign into our authentification service (Cognito), and I am sending the skill id in the url used in the axios post request. The account I am testing with is my Amazon developer account with access to the skill (I did not create the skill though), and I am using the Alexa client ID and secret found in the account linking and permissions tab of the skill. Finally, each time I test, it is running the whole process, getting me a new authorization code, exchanging for a new token, signing in for a new user auth code, and then sending everything needed to this lambda function.
I have also seen the post here Alexa Account Linking - "Invalid account linking credentials", and from what I wrote above, I don't think I'm making any of the 4 mistakes.
How can I fix this?

Postman: Set a request header from the output of a program

I need to make requests to an API that accepts authentication tokens and I want to be able to use a dynamically generated token by running cmd.exe /c GenerateToken.bat instead of having to run my program and then manually paste the value in Postman every time.
I imagine something that looks like this:
How can I set the value of a HTTP header to contain the stdout output of a program or a batch file?
Short answer is, you can't. This is deliberate, both pre-request and test scripts (the only way, other than a collection runner, to make your environment dynamic) run in the postman sandbox, which has limited functionality.
More information of what is available is in the postman-sandbox Github repository page and in postman docs (scroll to the bottom to see what libraries you can import)
You do have a few options, as described in comments - postman allows sending requests and parsing the response in scripts, so you can automate this way. You do need a server to handle the requests and execute your script (simplest option is probably a small server suporting CGI - I won't detail it here as I feel it's too big of a scope for this answer. Other options are also available, such as a small PHP or Node server)
Once you do have a server, the pre-request script is very simple:
const requestOptions = {
url: `your_server_endpoint`,
method: 'GET'
}
pm.sendRequest(requestOptions, function (err, res) {
if (err) {
throw new Error(err);
} else if (res.code != 200) {
throw new Error(`Non-200 response when fetching token: ${res.code} ${res.status}`);
} else {
var token = res.text();
pm.environment.set("my_token", token);
}
});
You can then set the header as {{my_token}} in the "Headers" tab, and it will be updated once the script runs.
You can do something similar to this from Pre-request Scripts at the collection level.
This is available in postman for 9 different authorization and authentication methods.
this is a sample code taken from this article, that show how to do this in Pre-request Scripts for OAuth2
// Refresh the OAuth token if necessary
var tokenDate = new Date(2010,1,1);
var tokenTimestamp = pm.environment.get("OAuth_Timestamp");
if(tokenTimestamp){
tokenDate = Date.parse(tokenTimestamp);
}
var expiresInTime = pm.environment.get("ExpiresInTime");
if(!expiresInTime){
expiresInTime = 300000; // Set default expiration time to 5 minutes
}
if((new Date() - tokenDate) >= expiresInTime)
{
pm.sendRequest({
url: pm.variables.get("Auth_Url"),
method: 'POST',
header: {
'Accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': pm.variables.get("Basic_Auth")
}
}, function (err, res) {
pm.environment.set("OAuth_Token", res.json().access_token);
pm.environment.set("OAuth_Timestamp", new Date());
// Set the ExpiresInTime variable to the time given in the response if it exists
if(res.json().expires_in){
expiresInTime = res.json().expires_in * 1000;
}
pm.environment.set("ExpiresInTime", expiresInTime);
});
}

Error while accessing Lex Bot from react native

I have a Lex Bot setup and working fine with Android. But when I try to access the same from react native, I get the following error:
NotFoundException: There is no alias named test for the bot named test_bot_name. Choose another alias.
I am using the aws-sdk-react-native package. My call to Lex looks like this:
sendToLex(message) {
let params = {
botAlias: 'test',
botName: 'test_bot_name',
inputText: message,
userId: lexUserId,
}
lexRunTime.postText(params, (err, data) => {
if(err) {
// TODO SHOW ERROR ON MESSAGES
console.log("[ERROR] Error: " + err);
console.log("[ERROR] Data: " + data);
}
if (data) {
console.log("Data " + data);
this.showResponse(data)
}
})
}
The same botAlias and botName parameters work fine on Android. But does not work on react native. The AWS config credentials look fine as I am not getting errors relating to the identity pool and region.
If it does indeed work in Android as you say then I would suggest the following:-
Ensure that the credentials are for the correct account
Ensure that you're pointing to the correct region
Try creating another alias and testing that to discount any funnies in the system.

Authorize google service account using AWS Lambda/API Gateway

My express server has a credentials.json containing credentials for a google service account. These credentials are used to get a jwt from google, and that jwt is used by my server to update google sheets owned by the service account.
var jwt_client = null;
// load credentials form a local file
fs.readFile('./private/credentials.json', (err, content) => {
if (err) return console.log('Error loading client secret file:', err);
// Authorize a client with credentials, then call the Google Sheets API.
authorize(JSON.parse(content));
});
// get JWT
function authorize(credentials) {
const {client_email, private_key} = credentials;
jwt_client = new google.auth.JWT(client_email, null, private_key, SCOPES);
}
var sheets = google.sheets({version: 'v4', auth: jwt_client });
// at this point i can call google api and make authorized requests
The issue is that I'm trying to move from node/express to npm serverless/aws. I'm using the same code but getting 403 - forbidden.
errors:
[ { message: 'The request is missing a valid API key.',
domain: 'global',
reason: 'forbidden' } ] }
Research has pointed me to many things including: AWS Cognito, storing credentials in environment variables, custom authorizers in API gateway. All of these seem viable to me but I am new to AWS so any advice on which direction to take would be greatly appreciated.
it is late, but may help someone else. Here is my working code.
const {google} = require('googleapis');
const KEY = require('./keys');
const _ = require('lodash');
const sheets = google.sheets('v4');
const jwtClient = new google.auth.JWT(
KEY.client_email,
null,
KEY.private_key,
[
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/spreadsheets'
],
null
);
async function getGoogleSheetData() {
await jwtClient.authorize();
const request = {
// The ID of the spreadsheet to retrieve data from.
spreadsheetId: 'put your id here',
// The A1 notation of the values to retrieve.
range: 'put your range here', // TODO: Update placeholder value.
auth: jwtClient,
};
return await sheets.spreadsheets.values.get(request)
}
And then call it in the lambda handler. There is one thing I don't like is storing key.json as file in the project root. Will try to find some better place to save.