We Keep Coding

HashiCorp Vault + node-vault + write = 404

I'm trying a simple operation using node-vault but it is not working. Here is my attempt:
Configuration
var options = {
apiVersion: 'v2', // default
endpoint: 'http://127.0.0.1:8200', // default
};
// get new instance of the client
var vault = require("node-vault")(options);
vault.token = "<<MY TOKEN>>";
Usage
vault.write('secret/data/new', {"data": {"foo": "bar"}}).then(
function (value: any) {
console.log(value);
})
.catch((err: any) => {
console.log(err);
});
Response
{ statusCode: 404, body: { errors: [] } }
But, if I run vault kv put secret/data/new foo=bar it does work and value is there.
What is going on?
Thank you all and I wish a happy new year!

Ok, here is what I did.
Reinstall Vault, something happened to storage because I did a lot of attempts and commands in it.
Enable secrets engine in specific path vault secrets enable -path=testPath kv
Write to this path
Configure:
export const VAULT_OPTIONS = {
apiVersion: 'v1',
endpoint: 'http://127.0.0.1:8200',
token: '<<YOUR TOKEN>>'
};
vault = require("node-vault")(VAULT_OPTIONS);
Write:
this.vault.write('test/data/mykey', {"data": {"tests": {"test1": "test1-value", "test2": "test2-value"}}}).then(
(result: any) => {
console.log(res.data);
}, (error: any) => {
console.log(error);
});
Please note that path must contain data and data must be surounded by data ({ data: {key:value}) as well.

Logout of Google IDP with Passport saml

I am using passport-saml to authenticate users via Google IDP(SAML APP)
My SAML Strategy is configured as below
const samlStrategy = new SamlStrategy({
protocol: PROTOCOL,
entryPoint: SSO_URL, // SSO URL (Step 2)
issuer: SP_ENTITY_ID, // Entity ID (Step 4)
path: CALLBACK_PATH, // ACS URL path (Step 4)
cert: IDP_CERT,
logoutUrl: 'https://accounts.google.com/logout',
logoutCallbackUrl: '/signout'
}, function (profile, done) {
done(null, JSON.parse(JSON.stringify(profile)))
})
passport.use(samlStrategy)
Using the Passport SAML Strategy, I am able to login successfully
On Logout, I am logging out of SAML Strategy as below
server.get('/logout', function (req, res) {
try {
req.user.nameID = req.user.nameID;
req.user.nameIDFormat = req.user.nameIDFormat;
samlStrategy.logout(req, function(err, requestUrl){
if(err){
return res.send({ success: false, error: err });
}
req.logout()
req.session=null
req.user=null
return res.redirect(requestUrl);
});
} catch(error) {
return res.send({ success: false, error });
}
})
This is logging me out of all Google accounts that are logged into the browser.
QUESTIONS:
Is there a way to just logout only from the specific Google account that I have used for SAML Strategy?
Logout callback url is also not called

Unable to set Finger Print Options in Ionic 4 - Fingerprint AIO

I am trying to using FingerPrint AIO native feature in Ionic 4. I have got it setup and running by following the guide (https://ionicframework.com/docs/native/fingerprint-aio) but without FingerPrintOptions.
If I keep the "show" object empty like this: show({}) it works fine but if I try to add option such as: clientId, clientSecret,... I get error.
I have below code:
Code
this.faio.show({
clientId: 'Fingerprint-Demo',
clientSecret: 'o7aoOMYUbyxaD23oFAnJ'
disableBackup:true,
localizedFallbackTitle: 'Use Pin',
localizedReason: 'Please authenticate'
})
.then((result: any) => console.log(result))
.catch((error: any) => console.log(error));
Error
ERROR in src/app/pages/login/login.page.ts(211,7): error TS2322: Type '{ clientId: string; clientSecret: string; disableBackup: true; localizedFallbackTitle: string; localizedReason: string; }' is not assignable to type 'FingerprintOptions'.
Object literal may only specify known properties, and 'clientId' does not exist in type 'FingerprintOptions'.
Currently, working using below code:
this.faio.show({})
.then((result: any) => console.log(result))
.catch((error: any) => console.log(error));
What am I doing wrong? Why I am unable to add FingerPrintOptions?
The code without fingerPrintOptions is working and tested on Iphone 8 (FingerPrint, Passcode) and Iphone X (Face ID).

I checked in node modules those options are not available in FingerprintOptions
instead this is the structure
this.faio.show({
title: 'Biometric Authentication', // (Android Only) | optional | Default: "<APP_NAME> Biometric Sign On"
subtitle: 'Coolest Plugin ever' // (Android Only) | optional | Default: null
description: 'Please authenticate' // optional | Default: null
fallbackButtonTitle: 'Use Backup', // optional | When disableBackup is false defaults to "Use Pin".
// When disableBackup is true defaults to "Cancel"
disableBackup:true, // optional | default: false
})
.then((result: any) => console.log(result))
.catch((error: any) => console.log(error));

Firebase Facebook authentication : Malformed or expired auth credential

I'm working on a react native ios app using facebook authentication and firebase.
I created my facebook app, copied the secret keys to my firebase facebook auth mode, but when i'm trying to sign in with facebook credential using firebase I'm getting this error : The supplied auth credential is malformed or has expired.
I had a look at this issue : FB login - Firebase.Auth() Error: The supplied auth credential is malformed or has expired which is the quite similar to mine, but the answer didn't help me because my keys are the same in my facebook app configuration than in my firebase facebook auth mode.
Here is the code i'm using when the facebook auth button is pressed :
facebookLogin = () => {
LoginManager.logInWithPermissions(['public_profile', 'email'])
.then(
(result) => {
if (result.isCancelled) {
Alert.alert('Whoops!', 'You cancelled the sign in.');
} else {
AccessToken.getCurrentAccessToken()
.then((data) => {
const credential = firebase.auth.FacebookAuthProvider.credential(data.accessToken);
console.log(credential);
firebase.auth().signInWithCredential(credential)
.then(() => this.props.navigation.replace('Home'))
.catch((error) => {
console.log(error.message);
this.setState({ errorMessage: error.message })
});
});
}
},
(error) => {
Alert.alert('Sign in error', error);
},
);
};
I hope you guys can help me, maybe I mistook when I configured my facebook app.
Thank you in advance.

turns out Facebook Graph API is not supported by firebase yet check this out
the reason why Graph API is not supported

Silhouette and mobile application

I've used as example play-silhouette-angular-seed.
Authorization via Satellizer works fine.
When I try to authorize via iOs app I got next error:
com.mohiva.play.silhouette.impl.exceptions.UnexpectedResponseException:
[Silhouette][facebook] Cannot build OAuth2Info because of invalid response format:
List((/access_token,List(ValidationError(List(error.path.missing),WrappedArray()))))
I got an error 400 in this function from OAuth2Provider.scala :
protected def getAccessToken(code: String)(implicit request: RequestHeader): Future[OAuth2Info] = {
httpLayer.url(settings.accessTokenURL).withHeaders(headers: _*).post(Map(
ClientID -> Seq(settings.clientID),
ClientSecret -> Seq(settings.clientSecret),
GrantType -> Seq(AuthorizationCode),
Code -> Seq(code),
RedirectURI -> Seq(resolveCallbackURL(settings.redirectURL))) ++ settings.accessTokenParams.mapValues(Seq(_))).flatMap { response =>
logger.debug("[Silhouette][%s] Access token response: [%s]".format(id, response.body))
Future.from(buildInfo(response))
}
}

This error has been risen because Satellizer for authentication via Facebook send to server an 'authentication code' and Silhouette server use this code to get Facebook 'access token' and create user.
Facebook iOs SDK, instead, obtained 'Access token' and I've tried to send it to server in Json in field 'code' like 'Satellizer.
To resolve this issue I send an 'access token' in Json field named 'access_token' and use next code to authenticate mobile application:
class MobileSocialAuthController #Inject() (
val messagesApi: MessagesApi,
userService: UserService,
authInfoRepository: AuthInfoRepository,
socialProviderRegistry: SocialProviderRegistry,
val env: Environment[User, JWTAuthenticator])
extends Silhouette[User, JWTAuthenticator]
{
def authenticate(provider: String) = UserAwareAction.async(parse.json) {
implicit request =>
provider match {
case "facebook" =>
request.body.asOpt[OAuth2Info] match {
case Some(authInfo) =>
(socialProviderRegistry.get[FacebookProvider](provider) match {
case Some(p: FacebookProvider) =>
for {
profile <-p.retrieveProfile(authInfo)
user <- userService.save(profile)
authInfo <- authInfoRepository.save(profile.loginInfo, authInfo)
authenticator <- env.authenticatorService.create(profile.loginInfo)
token <- env.authenticatorService.init(authenticator)
} yield {
env.eventBus.publish(LoginEvent(user, request, request2Messages))
Ok(Json.obj("token" -> token))
}
case _ => Future.failed(new ProviderException(s"Cannot authenticate with unexpected social provider $provider"))
}).recover {
case e: ProviderException =>
logger.error("Unexpected provider error", e)
Unauthorized(Json.obj("message" -> Messages("could.not.authenticate")))
}
case _ =>
Future(BadRequest(Json.obj(
"message" -> "Bad OAuth2 json.")))
}
case _ =>
Future(BadRequest(Json.obj(
"message" -> "You can use only Facebook account for authentication.")))
}
}
}
As a result, I have a token which I use in ios application to obtain resources.

This happens when the OAuth2Provider gets a response it can't parse, which is, any non-success response. So there can be many reasons for this error, for instance the authorization code is invalid or expired, or you haven't configured the redirect_uri properly (check your Facebook app configuration on the Facebook dev site to set the redirect_uri).
Silhouette does log the response it gets from Facebook which should help you debug what the actual issue is, the log line to look for is in the snippet you provided:
logger.debug("[Silhouette][%s] Access token response:...
So check your logs, there you should see the response from Facebook, likely with an error indicating why they couldn't give you an access_token.