This artile: https://anoopt.medium.com/accessing-sharepoint-data-using-postman-sharepoint-rest-api-76b70630bcbf
Explains how to generate a client ID, secret and set permissions so an application (java in our case) can add documents to sharepoint (not as a user, as a service)
It uses two hidden admin pages to a) create a new application credential set, b) to assign permissions.
https://yourtenantname.sharepoint.com/_layouts/15/appregnew.aspx
https://yourtenantname.sharepoint.com/_layouts/15/appinv.aspx
Our secret has now expired.
How can we generate a new secret? The only options sharepoint seem to provide is to create a new app, which gives a new client ID, which we don't have the ability to update on the fly in our app.
You are correct that .../AppRegNew.aspx is used to create new app/clientID/secret and is by default valid for 1 year.
To create a new client secret for an existing clientID with custom expiration date use the steps specified here:
https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in
Related
I have a custom Azure AD B2C Sign Up Invitation flow with a single policy key. The key is used to sign the token that's contained in the invitation link email and is then validated at sign up time. The cert is expiring soon and I'm trying to figure out how to not impact users who've not accepted an invitation.
The id token that we generate is good for 1 month.
I have a key container (B2C_1A_IdTokenHintCert) that has the current key. The key container is referenced in my custom policy. I'd like to add the renewed cert to the same key container so that there are 2 keys in the on container and then swap out the cert on the web server that generates the link with the signed token.
I'd like for both old links that are signed with the current cert and new links generated with the new cert be valid during signup.
Is this possible?
You can only have one value per policy key id. However, you can upload your new certificate as a new policy key, then add an additional technical profile into your user journey that validates your token hint against the new policy key. Example: Step 1 tries to validate the token hint against policy key 1, if it's not successful, then try to validate the token hint against policy key 2. That way old links and new links can both be validated.
You can have more than one certificate inside a key container. The system will use both to determine if the invitation token is valid up until the cert itself expires.
I'm using the Azure Data Factory integration with Quickbooks, the refresh token expires in 24 hours. Is there any way around this?
I attempted this first using parameterized linked service for Quickbooks. However it did not seem there was support for asking for those parameters when copying the data in flow. I was able to solve this instead by using Azure Key Vault to store the secret and refresh token for linked service. Then I created a pipeline with web activity to first get current secret from vault -> web activity to get new refresh token from Intuit -> web activity to set secret in key vault. That way the Quickbooks linked service will always find the latest from key vault.
My pipeline looks a follows:
ADF Pipeline
It seems like Each day(every 24 hours), QuickBooks Online will return a new Refresh Token for every Refresh Token API call. Which means if a new refresh token is returned, the previous one will be forced to expire. For more info please refer to below posts:
https://help.developer.intuit.com/s/question/0D50f000051WZUGCA4/refresh-token-is-expiring-each-day-instead-of-lasting-100-days
https://help.developer.intuit.com/s/article/Validity-of-Refresh-Token
If you would want to update the Refresh token for every ADF pipeline run, then you may have to have another process or a web activity to get the Updated/latest refresh token using QuickBooks/Intuit REST API's and parameterize the refresh token and access token fields in Quickbooks linked service. By parameterizing the Quickbook linked service, you can get the latest access and refresh token using web activity in ADD and pass those values to the subsequent activity where Quickbooks connector is being using.
To explore about parameterizing your linked service, please refer to this doc: https://learn.microsoft.com/en-us/azure/data-factory/parameterize-linked-services?tabs=data-factory
I have an API service that is currently secured using JWT. I'm going to replace JWT with Identity Server 4 and secure my API with Identity Server 4. I had a custom way of generating JWT tokens (JWE). How can I replace JWT with Identity Server 4 without the current signed-in users to the site need to re-login?
Specifically, I wanna use the Skoruba Identity Server 4 project template.
In IdentityServer, the access tokens are generated to authenticate users. The Access tokens have very small limited lifetime as per convention. There's a concept of refresh token which has longer lifetime and the same is used with basic auth to get new access token. This prevents the hassle to sign in again and again.
The refresh tokens are built using a hash and are persisted in a table (if configured).
JWE is a very different setup altogether. I had my users logged out even after a new deployment of IdentityServer4 (using of persistent grants is helping to solve this).
I don't think it's not technically possible to transfer sessions from one environment to another. Both use a encryption decryption strategies which are very different from each other.
You can give a try by writing a custom implementation of TokenCreationService
TL;DR: Is it possible to hit the Azure B2C auth server and have it return to a URL on the app (so a full round-trip) a JWT with altered claims? IE not part of signing in - that has already happened and we are using a JWT already.
I have successfully set up Azure B2C to use a custom policy that hits a REST API to get extra claims information.
However, I have a certain situation where I want the user to specify a "mode" and have their JWT altered by Azure B2C to set the current mode as a claim.
Basically, the REST API will return something like:
{
"available_modes":"1,2,3"
}
And then I want the user to be able to change this so that they can select a mode, eg "2". Is there a way to hit the auth server and have it hit say https://myapi.com?mode=2, passing through the username claim to that API endpoint. Then, the auth server would return the JWT that ultimately has been altered to set something like "current_mode" claim value to "2".
This is a somewhat contrived example but I hope it makes sense, would it be possible by a custom claim to have it go off to the auth server and back in one round trip, returning with a new JWT?
I am trying to create a dektop application to create new user account into particular user group using Provisioning API of google.
I am using some >Net libraries in my code , here is how my code looks like.
string token = GetNewAuthenticationToken("domain.name", "adminEmail", "adminPassword");
AppsService service = new AppsService("domain.name", token);
service.CreateUser("usernametest", "userfirstname", "userlastname","userpasswordtest12345");
But I am getting this error,
Execution of request failed: https://apps-apis.google.com/a/feeds/domain.name/user/2.0
I know it has something to do with token I am getting, can anybody have any idea on how to pass the token with service.createuser method?
And also what is use of that client id and client secret code which is generated while registering app on google.