I'm using Keycloak 7.0.1 and I'm trying to use spi-event-listener sample available at address https://github.com/zonaut/keycloak-extensions/. In the file UserVerifiedTransaction.java, the code does a simple post to httpbin.org with is working perfectly, but in case of error (I tried to put non existing URI), Keycloak returns an empty white page for the user instead of a proper error like "We are sorry but we encountered an error".
I tried to look inside Keycloak code and my attempts failed. I try by example :
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, "My Super Message");
But same result.
What the correct code to draw a basic error page into Keycloak ?
Related
I am working on setting up OAuth 2.0 for aqueduct and want to start with a working example. The template db_and_auth is suppose to serve this purpose.
I have followed the readme instructions and connected my database and updated the migration. also I have registered OAuth 2.0 clients in the application database as the readme describes.
The template comes with a route in the channel.dart
router
.route("/auth/form")
.link(() => AuthRedirectController(authServer, delegate: this));
The AuthRedirectController is set up to render a html page (web/login.html) which is part of the template.
However every time I send a get request to this route it returns with a 400 error saying Error
unsupported_response_type in the browser. Additionally in the readme file it only shows testing auth end points using curl. Why would this template include a rendered login page without mention of it in the readme? Any help with this would be much appreciated.
The login form will only be rendered when you pass the correct response_type like so:
http://localhost:8888/auth/form?response_type=token
I already tried reading the documents as well try out the changing default behaviors https://flask-jwt-extended.readthedocs.io/en/latest/changing_default_behavior.html to handle the error (the link shows how to handle expired token) and search around in google everything in every keyword combination i could do but seems no one has example about this.
I tried using #jwt.revoked_token_loader to handle the RevokedTokenError but it seems it doesn't work as I applied it like this
#jwt.revoked_token_loader
def revoked_token_response(revoked_token):
jwtkn = revoked_token['jti']
return jsonsify({
'msg': 'token {} already been revoked!'.format(jwtkn)
)}, 401
actually, i don't know exactly how does the example on the link to handle expired tokens had parameter of 'expired_token', is that self-declaration like what I did above on the 'revoked_token'?? as far as I know, 'jti' is like a default value in the flask-jwt-extended package as I see error whenever I don't use this (in my db, it is different but there is no problem at all.
I tried following this tutorial and it works out fine on my side (as well his original code source) but I see that this one doesn't have a catch exception also on Revoke Tokens https://codeburst.io/jwt-authorization-in-flask-c63c1acf4eeb
I use postman and if based on the tutorial link, here's how i get this
i do login
i use the access token generated to access protected routes ('/secrets')
i do logout
i use again the access token generated to access protected routes
after the last one, i get this error on my server side (ide):
....flask_jwt_extended\utils.py", line 216, in verify_token_not_blacklisted
raise RevokedTokenError('Token has been revoked')
flask_jwt_extended.exceptions.RevokedTokenError: Token has been revoked
127.0.0.1 -- [02/Jul/2019 22:25:26] "GET /secrets HTTP/1.1" 500 -
in postman, this is what I get:
{
'message': 'Internal Server Error'
}
my target is to send out a custom json response instead of 'Internal Server Error'
edit:
I am no wiz on programming or such, a beginner that wanted to practice out python about secured web development. I don't yet quite understand still how decorator works out in terms of application, etc. so i don't know if others tweaks out the flask-jwt-extended package to work such things out.
Getting back a 500 error normally occurs because of a bug in other flask extensions and how that interact with native flask errorhandlers. You can find a bunch of discussions about it here (https://github.com/vimalloc/flask-jwt-extended/issues/86), but the tl;dr version is you might need to set app.config['PROPAGATE_EXCEPTIONS'] = True if using something like Flask-Restul, or use a hack like this if using flask-restplus:
jwt = JWTManager(app)
api = Api()
jwt._set_error_handler_callbacks(api)
If those don't help you, please take a look through that linked github issue, and if nothing in there helps make a reply in that issue detailing your setup.
Cheers.
On our server-side authentication with Facebook we get a random and weird issue. Facebook calls the call back URL two times with the same code. This is only happening for some users and not on every login.
This is the flow we have implemented on our side: https://developers.facebook.com/…/manually-build-a-login-fl… . We have been using it since the beginning of 2013 and we haven't noticed any issues so far.
And this is the error we get when we are exchanging the code for an access token the second time.
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100,"fbtrace_id":"traceID"}}
We tried to log this issue as a bug on https://developers.facebook.com/bugs but unfortunately it doesn't work.
It keeps showing unexpected error. Not to mention that i was unable to find the correct bug category.
Any idea on how we can fix this?
Thanks!
Could it be that users are clicking twice to process auth service? Try disabling the button before calling Facebook auth service
What language are you using?
I just had this problem in Ruby using Devise for Rails. I had created an omniauth.rb initializer file, and added a config line item in the devise.rb initializer file.
If you did this too, you can remove the omniauth.rb initializer file and you should be good to go!
I'm using scribe to get user id, however I get this error:
OAuthConnectionException: There was a problem while creating a connection to the remote service.
I follow this example enhanced with javax filters (to get the parameter code correctly)
https://github.com/fernandezpablo85/scribe-java/blob/master/src/test/java/org/scribe/examples/FacebookExample.java
I also tried doing things manually and i got the access token which looks somehow like this ( i changed it a bit ) CAAHZCFE7YllgBAAZAenKbvZBrMZAZBkDGgydU2vAekwsM1V0StpZAgHXukEYWIDSpc5ZCXc4LB6suFeaPagcpj2ju6ayvAgrxYttvCQg9i7ZAdcF2ZCvhMNqTddsDUkNq1c1cX47U9KwutS5t6xpbV0cRabaVpgZCZAo4ZCTEtgckFmMajsb3zYWTH9LEfKj3CgcJ39lD2x1yRoXyAds0lKARmHZC
and while asking for user id like this:
https://graph.facebook.com/me?access_token=CAAHZCFE7YllgBAAZAenKbvZBrMZAZBkDGgydU2vAekwsM1V0StpZAgHXukEYWIDSpc5ZCXc4LB6suFeaPagcsj2ju6aYvYgrxYttvCQg9i7ZAdcF2ZCvhMNqTddsDUkNq1c1cX47U9KwutS5t6xpbV0cRabaVpgZCZAo4ZCTEtgckFmMajsb3zYWTH7LEfKj3CycJ39lD2x1yRoXyAds0lWLRmHZC%20,%20458856e03b909f426ec5d3791f0af466?fields=id,name
I get Malformed access token.
Do you have any suggestions regarding what I am doing wrong?
The URLs are the same, dunno what my mistake is :/
I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.