I'm implementing the X-FACEBOOK-PLATFORM XMPP authentication in Objective C (but using mostly C++ code) and I am getting always a failure:
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
I have the the app registered and the Id and Secret are as follows:
FacebookId #"136973476410894"
FacebookSecret #"f6e269fe158b4a04d00ce8b311453ccd"
I retrieve the session Token with FBConnect asking for the privileges:
#"publish_stream" ,#"xmpp_login" , #"offline_access"
The Session token is called token in the code (see below)
And then the program asks for the authentication mechanism:
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="X-FACEBOOK-PLATFORM"/>
Receiving the challenge: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9OTAzMTM5MjY2ODk3N0Q0ODMyNDQ2MDY1REMzMTE5RTc=</challenge>
Then the Facebook Auth body extracted from the challenge: version=1&method=auth.xmpp_login&nonce=9031392668977D4832446065DC3119E7.
key: version, value: 1.
key: method, value: auth.xmpp_login.
key: nonce, value: 9031392668977D4832446065DC3119E7.
token: "BAAB8k59ntg4BANNuTHAkjTZBk3pW8pZBD7jWIpZBt8cf65oAT4eDm9euloGCX9NzfF9HwKQxUdEQ15YfeFtkdZAHVpkjL0j4CF0lZCQeuNTBXrvkbtUXC"
APIkey: "136973476410894"
APISecret: "f6e269fe158b4a04d00ce8b311453ccd"
Using the code from below a response is built:
token = Session token from FB connect: (BAAB8k59ntg4BANNuTHAkjTZBk3pW8pZBD7jWIpZBt8cf65oAT4eDm9euloGCX9NzfF9HwKQxUdEQ15YfeFtkdZAHVpkjL0j4CF0lZCQeuNTBXrvkbtUXC)
APIkey = FacebookId (136973476410894);
APISecret = FacebookSecret (f6e269fe158b4a04d00ce8b311453ccd);
string call_id=[[NSString stringWithFormat:#"%0.0f", [[NSDate date] timeIntervalSince1970]] UTF8String];
string signature1 = "api_key=" + APIkey
+ "call_id=" + call_id
+ "method=auth.xmpp_login"
+ "nonce=" + nonce
+ "session_key=" + token
+ "v=1.0"
+ APISecret;
string md = MD5(signature1);
//std::transform(md.begin(), md.end(),md.begin(), ::tolower);
string response2 = "method=auth.xmpp_login&api_key=" + APIkey + "&session_key=" +token + "&call_id=" + call_id + "&sig=" + md + "&v=1.0&" + "nonce=" + nonce;
printf("++base64EncodedResponse response2: %s.\n", response2.c_str());
string response2Base64 = Base64::Encode(response2);
Built response: method=auth.xmpp_login&api_key=136973476410894&session_key=BAAB8k59ntg4BANNuTHAkjTZBk3pW8pZBD7jWIpZBt8cf65oAT4eDm9euloGCX9NzfF9HwKQxUdEQ15YfeFtkdZAHVpkjL0j4CF0lZCQeuNTBXrvkbtUXC&call_id=1321457495&sig=5f376192b2dd1f5f928f651a996ce757&v=1.0&nonce=9031392668977D4832446065DC3119E7
Stanza sent(response): <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">bWV0aG9kPWF1dGgueG1wcF9sb2dpbiZhcGlfa2V5PTEzNjk3MzQ3NjQxMDg5NCZzZXNzaW9uX2tleT1CQUFCOGs1OW50ZzRCQU5OdVRIQWtqVFpCazNwVzhwWkJEN2pXSXBaQnQ4Y2Y2NW9BVDRlRG05ZXVsb0dDWDlOemZGOUh3S1F4VWRFUTE1WWZlRnRrZFpBSFZwa2pMMGo0Q0YwbFpDUWV1TlRCWHJ2a2J0VVhDJmNhbGxfaWQ9MTMyMTQ1NzQ5NSZzaWc9NWYzNzYxOTJiMmRkMWY1ZjkyOGY2NTFhOTk2Y2U3NTcmdj0xLjAmbm9uY2U9OTAzMTM5MjY2ODk3N0Q0ODMyNDQ2MDY1REMzMTE5RTc=</response>
And the server returns:
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
I don't know where the problem is, it looks right to me, but there is no way to authenticate. Does anybody knows if there is any way to debug with the server the reason for the failure? May it be that the App is not yet in the App Store?
If someone can help it would be very welcome!
Since no one responded and someone else can get tricked by this same error due to the fact that this code appears on some examples about Facebook Authentication- I will post the response myself.
Everything is almost ok, it only requires the tag session_key to be changed for access_token in the signature1 string and in the response2 string.
Related
I am trying to query my cosmos db for documents and I am having trouble generating the correct authorization header, the example in the official documentation does not show querying.
I am trying it in Postman using Javascript by POST to this URI:
POST https://MyDatabase.documents.azure.com:443/dbs/MyContainer/colls/MyDocuments/docs
With these headers:
The authorization is generated like this:
var now = new Date().toUTCString();
pm.request.headers.upsert({key: "x-ms-date", value: now })
var verb = 'POST';
var resourceType = "docs";
var resourceLink = 'dbs/MyContainer/colls/MyCollection/docs';
var text = (verb || "").toLowerCase() + "\n" +
(resourceType || "").toLowerCase() + "\n" +
(resourceLink || "") + "\n" +
now.toLowerCase() + "\n" +
"" + "\n";
//Hash and Encode by using the masterkey.
var key = CryptoJS.enc.Base64.parse("MyMasterKey");
var signature = CryptoJS.HmacSHA256(text, key).toString(CryptoJS.enc.Base64);
var authToken = encodeURIComponent("type=master&ver=1.0&sig=" + signature);
pm.request.headers.upsert({key: "Authorization", value: authToken })
Here is the error I am getting:
{
"code": "Unauthorized",
"message": "The input authorization token can't serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: 'post\ndocs\ndbs/MyContainer/colls/MyCollection\nwed, 27 may 2020 19:34:41 gmt\n\n'\r\nActivityId: 724657c7-0532-4c5d-a7ff-c95900ef13cf, Microsoft.Azure.Documents.Common/2.11.0"
}
I am guessing my signature is created wrong, what is the correct format?
Our docs on our Authorization Header should have what you're looking for.
hope this is helpful.
A required fix for your scenario is that you have to remove "/docs" at the end of the resourceLink value -keep it in the request URL- and also if your containter was created using a partitionKey you have to add the following header:
'x-ms-documentdb-query-enablecrosspartition': true
I am a newcomer, not a professional coder (so be gentle), trying to build a Flutter app that must connect to a web/server API in HTTP.
According to the doc, to make a connection a header must be used, this header uses the Basic Ath method, with login and password + a content type.
Till that point I think I have found how to do (see code snippet hereunder) but I have to send a user id and a user password to the API in order to receive back user data. And I must humbly confess that I am stuck there...
I thank you in advance for your help!
Bernard
My code (after importing dart:convert et package:http/http.dart + installed the required dependencies) :
void brol() async {
String username = 'user';
String password = 'pass';
String userpass = '$username:$password';
String basicAuth =
'Basic ' + userpass;
print(basicAuth);
Response r = await get('https://www.adresse/login.php',
headers: {'authorization': basicAuth});
}
Many Thanks in advance for your answer,
Bernard
Your credentials should be in base64. You can visit the SO post in the comment.
Your code should be look like this:
main() async {
String username = 'user';
String password = 'pass';
String basicAuth =
'Basic ' + base64Encode(utf8.encode('$username:$password'));
print(basicAuth);
Response r = await get('https://www.adresse/login.php',
headers: <String, String>{'authorization': basicAuth});
print(r.statusCode);
print(r.body);
}
See also this blog post.
I know there has been a bunch of "a bytes-like object is required, not 'str'" question around. but i've tried and tried and no one fixes my issues.
it'll be very nice if you can help me out in my particular case.
i'm using this official example from Auth0 for django
https://github.com/auth0-samples/auth0-django-web-app/tree/master/01-Login
I'm trying to connect django 1.11 with Auth0 and got that error on this code
def get_user_details(self, response):
# Obtain JWT and the keys to validate the signature
idToken = response.get('id_token')
jwks = request.urlopen("https://" + self.setting('DOMAIN') + "/.well-known/jwks.json")
issuer = "https://" + self.setting('DOMAIN') + "/"
audience = self.setting('KEY') #CLIENT_ID
payload = jwt.decode(idToken, jwks.read(), algorithms=['RS256'], audience=audience, issuer=issuer).decode('UTF-8')
i have tried to use .encode('utf-8') or the b"str" or the "rb" / "wb" but still no luck.
Thanks in advance for your help
---- edit ----
using
payload = jwt.decode(idToken, jwks.read().encode('utf-8'), algorithms=['RS256'], audience=audience, issuer=issuer).decode('UTF-8')
bring me to other error
'bytes' object has no attribute 'encode'
jwks.read() type is 'bytes' but in jws.py the line:
if 'keys' in key
expect list of str so to solve this convert it to list of str:
def get_user_details(self, response):
# Obtain JWT and the keys to validate the signature
idToken = response.get('id_token')
jwks = request.urlopen("https://" + self.setting('DOMAIN') + "/.well-known/jwks.json")
issuer = "https://" + self.setting('DOMAIN') + "/"
audience = self.setting('KEY') #CLIENT_ID
# convert to list str
jws_read = bytearray(jwks.read()).decode('ascii')
payload = jwt.decode(idToken, jws_read, algorithms=['RS256'], audience=audience, issuer=issuer)
This is a python 3 vs python 2 issue (the Auth0 samples seem to be written for python2.7x).
I had a similar error using the Flask example project from Auth0. To fix it, I modified the python-jose library. In line 222 of jws.py I changed
key = json.loads(key) to
key = json.loads(key.decode('utf-8')). That has worked for me, I hope it works for you.
Hope this helps.
I've forked the jose package but haven't got around to putting a PR in.
I getting back into Python and wanted to use the pyfoursquare package to access the Foursquare API. I'm trying to get information about venues using the venues method in the API class. I'm primarily trying to find out whether a venue page is verified with Foursquare or not. When I provide my client id, client secret, and venue id I keep getting back an error that states "Authentication required", which doesn't makes sense because I'm providing that information. Any help would be great. Thank you.
import pyfoursquare as foursquare
client_id = ""
client_secret = ""
callback = ""
auth = foursquare.OAuthHandler(client_id, client_secret, callback)
api = foursquare.API(auth)
result = api.venues("4e011a3e62843b639cfa9449")
print result[0].name
Let me know if you would like to see the error message. Thanks again.
I believe you are skipping the step of grabbing your OAuth2 access token, so you're not technically authenticated.
Have a look at the following instructions, under "How to Use It":
https://github.com/marcelcaraciolo/foursquare
The lines that might be useful to you are:
#First Redirect the user who wish to authenticate to.
#It will be create the authorization url for your app
auth_url = auth.get_authorization_url()
print 'Please authorize: ' + auth_url
#If the user accepts, it will be redirected back
#to your registered REDIRECT_URI.
#It will give you a code as
#https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE
code = raw_input('The code: ').strip()
#Now your server will make a request for
#the access token. You can save this
#for future access for your app for this user
access_token = auth.get_access_token(code)
print 'Your access token is ' + access_token
I'm using HTTPWebRequest/HTTPWebResponse to interact with the site (www.lockerz.com). So, I authenticate on the site:
HttpWebRequest webRequest = (HttpWebRequest) HttpWebRequest.Create("http://www.lockerz.com/auth/login");
byte[] bytes = Encoding.ASCII.GetBytes("handle=" + textBoxEmail.Text + "&password=" + textBoxPassword.Text);
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.Method = "POST";
webRequest.ContentLength = bytes.Length;
Stream os = webRequest.GetRequestStream();
os.Write(bytes, 0, bytes.Length);
Then I get the response:
HttpWebResponse webResponse = (HttpWebResponse)webRequest.GetResponse();
I'm watching the requests\responses using Charles and it says that in the response there must be cookies, but when I try to make a list of the cookies I get it says that there are no cookies!
foreach(Cookie c in webResponse.Cookies) {
writeToLog("Cookie Name: " + c.Name + " Value: " + c.Value);
cc.Add(c);
}
I've tried adding a CookieContainer but it doesn't work anyway.
This may apply here, I have had this problem with sessions, so I will assume the same for cookies.
You are making a call to: http://www.lockerz.com/auth/login. But if a person goes to a page without the "www." part of the url, then their cookies won't survive being sent to the "www." site, because they are different sites (as far as the cookies are concerned).
I would just make the request to "/auth/login", that way, it won't matter what the user has as the url in their browser.
Hope this works.