I am attempting to import authorization from an existing backend for multiple frontends (in this case both an Android and iOS app; this error is starting from the Android side of things though) however when following the guides out there, I get stopped on this step due to the error:
% amplify import auth
Using service: Cognito, provided by: awscloudformation
✔ What type of auth resource do you want to import? · Cognito User Pool only
? Select the User Pool you want to import: …
❯ The selected Cognito User Pool does not have at least 1 Native app client configured. Native app clients are app clients with a client secret.
dev-user-pool (us-east-1_.........)
So I create an App client with an App client secret to continue, only after I get this exception after calling Amplify.Auth.signIn:
Sign in failed
com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException: Unable to verify secret hash for client .......................... (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: ........-....-....-....-............)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:742)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:420)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:229)
at com.amazonaws.services.cognitoidentityprovider.AmazonCognitoIdentityProviderClient.invoke(AmazonCognitoIdentityProviderClient.java:6329)
at com.amazonaws.services.cognitoidentityprovider.AmazonCognitoIdentityProviderClient.initiateAuth(AmazonCognitoIdentityProviderClient.java:4290)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser$24.run(CognitoUser.java:2949)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation.continueTask(AuthenticationContinuation.java:147)
at com.amazonaws.mobile.client.AWSMobileClient$6$1.getAuthenticationDetails(AWSMobileClient.java:1224)
at com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser.getSession(CognitoUser.java:1032)
at com.amazonaws.mobile.client.AWSMobileClient$6.run(AWSMobileClient.java:1174)
at com.amazonaws.mobile.client.internal.InternalCallback$1.run(InternalCallback.java:101)
at java.lang.Thread.run(Thread.java:764)
All the resources I've found around this exception seem to explain to do the opposite but I can't continue as stated if I do not create an App client secret?
Related
THIS IS WHAT I AM GETTING IN NetworkImageLoadException
════════ Exception caught by image resource service ════════════════════════
The following NetworkImageLoadException was thrown resolving an image codec:
HTTP request failed, statusCode: 403
The Google Maps Platform server rejected your request. Unable to authenticate the request. Provided 'signature' is not valid for the provided API key, or the provided 'key' is not valid.
AND THEN THE SECOND EXCEPTION WAS THROWN ----
The Google Maps Platform server rejected your request. This API key is not authorized to use this service or API.
I have created Google Map API from google Map Console and enabled the - Maps SDK for Android, Maps SDK for iOS & Maps static API, and still not working after that. Got any Ideas!!!
And yes also tell that I am not using the billing account for this. If you know any other way than this, You are absolutely free to tell me.
Running into issues with multiple instances of IdentityServer4 on Kubernetes exposed by the load balancer. I dont think there is a issue with credential login, my issues are around JWT Tokens. Works fine when there is only 1 instance.
Overview:
IdentityServer4
MongoDB Data Storage
PersistedGrantStore
Data Protection setup on Redis
Multiple .Net Core 3.1 Web API. Using AddIdnetityServerAuthentication in start up passing in the connection and the API Name. I am running multiple instance of the API. Reducing down to 1 I still get the same issue. Works fine if there is only 1 instance of the Identity Server but multiple instances I get the following error on the API:
"Bearer" was not authenticated. Failure message: "IDX10501: Signature validation failed. Unable to match key:
I am not getting any errors or failed authentications on the IdentityServer logs.
So the questions going on in my head is, JWT token so in I believe the request should be validated by the token, i.e. the API should not be requesting info form the Identity Server? Identity Server has DataProtection setup running on Redis as its store, I can see its dropped info in there. I have persisted grants store, but tokens are not added.
Do I need to switch to resource vs JWT? What is likely overhead for that?
Are the tokens not getting shared between the API instances via Data Protection?
Thanks for any advice / suggestions.
In case anyone else comes across this. It was down to mistakenly leaving developer signing in the config of Identity Server. Replaced with a certificate solved the issue.
builder.AddDeveloperSigningCredential();
to
builder.AddSigningCredential(rsaCertificate);
Recently,I needed to access HUAWEI AppGallery Connect API
and create a product through the PMS API (server API). However, when Postman
was used for basic service interconnection tests,
the error message "403 client token authorization fail" was displayed.
how can i fix it?
Based on the error code included in your screen captures, the error was caused by an authentication failure.
To solve the problem, you first need to confirm that the client ID used for applying for the token has sufficient permission.
HMS official document suggested that the project associated with the API client be selected as N/A. You need to create an API client and associate it with a project. E.g. An app ID in the project was 100xxx591. However, the app ID in the Postman service request was 101xxx531, which would cause the authentication failure.
Also, to fix the above, you need to create an API client and selected N/A (indicating that all projects are supported), and use the client to request a token. The process should work well after this.
In general, if Huawei's 403 authentication failure occurs, you can verify the permission first, and then check the associated projects.
For more details about the PMS API, please refer to this link.
I am trying to deploy an application to a hololens with the Windows device Portal Rest API.
For some reasons I don't want to use the Microsoft Device portal wrapper.
In C#, with RestSharp, I can get the list of installed packages but when I try to deploy a new app, I get the error Forbidden because of CSRF token invalid.
Then I tried to add cookies from the previous request but I still get this error.
I tried to do the same with Postman but I have a different error: 413 Payload too large. The msix file is 154 MB but I have no problem to deploy it with the web device portal.
Thank you for your help.
[EDIT] I tried a smaller app on Postman and I get 403 CSRF token invalid
After analyzing the web device portal with wireshark I found that it is using a parameter with the name "X-CSRF-Token" while adding a cookie add the parameter "CSRF-Token".
Manually adding this parameter with the right value did the trick.
I'm using Azure mobile services with .net backend. My API controller works OK on my pc but as soon as I deploy it to Azure, Upon pinging from Postman gives "Authorization has been denied for this request." message with HttpStatusCode 401
Note that... I'm using table storage for storage instead of SQL Server and in the process removed all of Entity Framework related code. Also, None of the endpoints do not require any authentication.
Thanks.
The default authentication for mobile services is anonymous (i.e., no authentication required) when running locally, and application (i.e., at least the application key needs to be supplied).
If you're using Postman, try adding a "x-zumo-application" header to the request, with the application key (which you can get in the Azure portal) as the value. The request should work then.