I'm using FOSOAuthServerBundle in a Symfony2.1 project (using Doctrine) and I'd like to implement to use Resource Owner Password Credentials Grant flow.
I read the good article written by Burak Seydioglu "Securing Syfmony2 REST services with FOSOAuthServerBundle" but he explains only "Authorization Code Grant" and "Implicit Grant" flows.
I read a comment that tried to explain it, but unsuccessfully.
I tried to create an URI with the requested parameter but I got some errors..
Thank you.
Related
I am new to AWS cognito. I have a requirements to manage users though AWS cognito.
Users can sign themselves up
I am using hosted UI to achieve this.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html
Only admin can confirm user from AWS console.
User is getting created with Unconfirmed status (expected).
Everything works as expected, but at the time of sign up, hosted UI responds with "An error was encountered with the requested page".
I don't want user to be auto approved and hence not invoking pre sign up lambda.
Please find attached image error.
Is there any way I can display custom message like "User is created, please contact admin for user confirmation" ??
Thank you .
The issue is occuring probably because you chose Allow users to sign themselves up and did not chose any verification type - No verification.
Choose Only allow administrators to create users or any verification type to avoid this issue.
I want to implement a blog API - for fun and learning - which allows a user to manage and write/view their own blog posts. So far I have an API with paths like
/ - GET all posts,
/blog/{id} - GET a specific post or PUT to update a post
/blog/ - POST for a new blog
Using a cognito user pool, a user can sign up, and login and the API Gateway uses an authorizer to allow or deny access (I'm mucking about with Blazor at the same time - there isn't really an interface yet just a bit of cobbled together C# that uses the identity provide API}.
However, any user can see all posts. I really want something like this:
/{user}/ - GET all posts by user
/{user}/blog/{id} - GET or PUT specific blog post
and so on.
Behind the API gateway are four really simply lambda functions. So far, with the user pool authorizer I can see the Authorization header but nothing else (the request context and context have no Identity elements that are not null).
I was wondering whether I could use Identity Pool to do the specific user permissions using IAM Roles, but I cant think of what the roles might look like, or whether this seems possible. I know there are parameters you can embed in roles - you do that for S3 Roles - why not API paths?
Does this sound plausible or would I need to go down the Lambda function to do authorization? Anyone any examples? I googled and look through stack overflow, but couldn't see anything specific around this.
Another problem I guess would be getting a nice ID substitution for user here - I collect email and nickname so far - need a nice username rather than a cognito user id, which looks like they're wouldn't play well with a URL?
Thanks.
The answer to my query appears to be in this you tube video, put up by the AWS team late last night (uk time, anyway.) So far, using C#, I can authenticate myself against the user pool, and get AWS Credentials, but when I attempt to access my API I get "message": "unauthorized", and that's it!
Anyway, onwards and upwards.
You tube video about fine grained access control using cognito identity pools.
I want to create application Which will share post in company page.
I have Permissions in linkedin :
Using documentation im trying to get Token. but i have error :
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow?context=linkedin/context
*** Real credentials was Replaced by xxxxx
Use this Postman Collection for the LinkedIn Oauth 2.0 API. And follow these steps in this article
All the permissions you have are 3-legged permission and you are trying to get token using 2-legged process.
Please follow below workflow to create access/bearer token using 3-legged flow:
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context
If your application needs access to information from a member's LinkedIn profile, use the Authorization Code Flow to request permission from the member.
PS: Company page post also requires Authorization Code Flow.
You can use Postman Collections here to view some examples and use cases.
An update documentation for Postman Oauth 3 is here
Follow these steps in this article
https://www.linkedin.com/oauth/v2/authorization?
client_id=yyyyy
&redirect_uri=xxxx
&scope=r_liteprofile%20r_emailaddress%20w_member_social
&response_type=zzzzz
I am using AWS Cognito API, I trying to login using the code provided on this URL https://github.com/pmill/aws-cognito/blob/master/examples/login.php, and getting exception "Auth flow not enabled for this client" "InvalidParameterException", please let me know if I am missing something or doing something wrong, user was signed up and confirmed successfully but not able to login? If help would be appreciated.
Thanks
Sounds like there is some issue with your Userpool settings. In Cognito Userpool console, select your Userpool. Go to App Integration --> App client Settings . Select your App Client. Under OAuth2 --> Allowed OAuth flows, select the first 2 options (Authorization code grant & Implicit grant. Also, under Allowed scopes select the ones you want to allow. You can select all of them for testing. Save the changes. This should fix the error (atleast the first one - "Auth flow not enabled for this client). See if you get any errors.
If you still get the error, then may be ADMIN_NO_SRP_AUTH is not enabled for your client. In your Userpool settings, go to App Clients (and not App Client Settings). Click on Show Details for your app client. Select the ADMIN_NO_SRP_AUTH option i.e. Enable sign-in API for server-based authentication and save. See if this fixes your issue.
I published one article on fixing this error on Linkedin. Here's the link: https://www.linkedin.com/pulse/amazon-cognito-how-fix-error-auth-flow-enabled-client-malik/
My brief answer is: please check "Enable sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH)" as shown in below picture.
I'm writing an Amazon Skill that I want hooked up with a google account via oauth2. In my edit skill page, I configured it with my client id, an authorization url and token url from the oauth playground, and made it an authoritative grant with my secret and authentication scheme of "http basic", which is recommended.
I tested my client id/secret in the oauth playground and it works as I expect it to, but when I go to sign in on the Alexa App, I get a "missing redirect_uri" error. Looking at the link in the popup, it looks like the following:
https://accounts.google.com/o/oauth2/auth?client_id=custom_client_id&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email
Why is it missing the redirect_uri parameter? I can't change it on the skills page, it's set, and I added it to my valid redirect_uri lists on the google console. Anyone else seen this issue before?
An easier version of what jking31cs is saying is to include ?redirect_uri= ...
In your base URL. So if you provide them Oath.com/auth as your authorization URL, instead try Oath.com/auth?redirect_uri=
The redirect URI is constant, so this is a good fix until amazon bothers fixing this. It's only an issue on custom skills.
They've fixed the issue with an update to the Alexa App :D