I'm having an issue converting my application from IBM Bluemix's SSO service to their AppID service. I performed all of the steps at https://www.ibm.com/blogs/bluemix/2018/04/converting-applications-ibm-single-sign-service-ibm-cloud-app-id/ but when I try to log in I get this message instead of a login screen: Cannot GET /oauth/v3/c38ad436-9807-4747-bebe-fc2fe5b1ae82. Anyone know what could be causing this?
Looks like a misconfiguration. The URL you pasted should have /authorization at the end, like /oauth/v3/c38ad436-9807-4747-bebe-fc2fe5b1ae82/authorization.
If you can paste your code/config it would be easier to tell you where the issue is.
You can also watch App ID video tutorials that explain how to instrument different types of applications - https://www.youtube.com/playlist?list=PLbAYXkuqwrX2WLQqR0LUtjT77d4hisvfK
Related
We are working on SaaS application development on SAP BTP ,facing very strange issue ,with new subaccounts ,after publishing our application through SaaS registry service and implementation of all call backs and including dependency call back ,when we are creating a new Tenant Subaccount and doing a subscription facing issue in login steps below ---
subscription is working fine and able to generate tenant specific url.
When user login to application unbale to call any backend service api via logged in User as XSUAA is unable to authenticate as JWT signature is not valid -
"<error_description>Cannot verify signature of access
token</error_description> invalid_token"
Same workflow works fine with old subaccounts created some time back for testing purposes.
Facing issue with newly created Subaccounts for tenant.
Please help.
Thanks,
Siddharth
The SAP Business Technology Platform has changed the way of Tenant's JWT validation in the first half of 2020. Instehttps://sap.github.io/cloud-sdk/docs/java/release-notes-sap-cloud-sdk-for-java#3161ad of using well-known and only one URL to get the validation key, it's now relying on the jku field and issuer to make sure every Tenant has a URL to fetch a key for the JWT validation.
The SAP Cloud SDK version 3.16.1 and above should fully support this validation mechanism. This means that the SDK version you use should be perfectly fine.
There could be edge cases where the application logic might require an update. That's why I suggest you create an issue here and provide the following information:
Since when the issue started affecting you? Was it working a week before and broke just now? Or you haven't added new Tenants in a while and now it's breaking?
Dependency tree of you App
Please, provide detailed exception stack trace or logs to identify the root cause.
Send us the code snippet where you believe things fail.
When we can make it reproducible, solving this should be rather straightforward.
We are happy to update this thread when a solution is found so that community can benefit.
Looking forward to the detailed issue and reproduction steps.
This is the error Unity is spitting out in the logs, over and over:
Status(StatusCode=Unauthenticated, Detail="Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.")
More context is:
I use cloud speech for work and it's working fine everywhere except for one customer's computer. The app is built with Unity and uses the gRPC plugin to do the streaming variant of cloud speech. The customer is in another country but my first guess is that wouldn't matter, as we have other customers in the same country that don't have this issue.
I tried looking through the documentation Google provides for error codes and this one isn't in there. I looked through the troubleshooting section and saw something about authentication. I supply the credentials at runtime from a JSON file stored in the app. The code when using the credentials looks something like this:
googleCredential = GoogleCredential.FromJson(Utils.DecodeBase64(encodedCredentials));
var channel = new Grpc.Core.Channel(SpeechClient.DefaultEndpoint.Host, googleCredential.ToChannelCredentials());
var speech = SpeechClient.Create(channel);
I'm trying to gather more information here so we can narrow down our troubleshooting to help the customer get the app running. Like does this point towards a specific router/firewall setting kind of thing, etc?
Thank you.
I am facing the challenge to request the Bing Ads API to get a couple of metrics from it.
I am using Apache Airflow DAGs hosted on a remote Kubernetes cluster to do so. It is a nice way to automate and schedule tasks.
Now, the documentation is rather light on the point of gaining access to the API.
I have followed this https://learn.microsoft.com/en-us/advertising/guides/authentication-oauth-identity-platform?view=bingads-13#registerapplication
and the official SDK docs https://github.com/BingAds/BingAds-Python-SDK/.
I am failing at authenticating when querying, since I am lacking a couple of pieces of information.
When authenticating using the "refresh token" and "redirect URI", I do not have either. (Class OAuthWebAuthCodeGrant here: https://github.com/BingAds/BingAds-Python-SDK/blob/294d01eea57d80ba381a42cde8d006fc318af056/bingads/authorization.py#L566)
When using a different method (Class OAuthDesktopMobileAuthCodeGrant here: https://github.com/BingAds/BingAds-Python-SDK/blob/294d01eea57d80ba381a42cde8d006fc318af056/bingads/authorization.py#L532), I fail w/
AADSTS700016: Application with identifier '<someidentifier>' was not found in the directory '<somethingelse>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
Thank you very much in advance! If you need more details, let me know!
Also great documentation in general, if I can make it more "newb"-friendly, let me know!
Edit1:
Sadly, while there has been some traffic to this question, nobody seems to be able to answer.
I will specify the set up a bit further.
We use Airflow DAGs to request daily updates from the API. For this, we need to authenticate. The authentication comes from a "new device" every time, since the code runs on a k8s cluster which allocates the jobs dynamically to it's pods.
For authentication, we ventured into different solutions, but all require some form of human interaction to get the refresh token into the DAG.
Is there any solution which allows for a hands-free deamon like many-server-to-server communication?
This link sheds some light on what we are looking for: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration#api-permissions---app-permissions-and-admin-consent
Sadly, the Bing Ads API does not show up there.
What key piece of information are we missing?
Bing Ads, like Google Ads, uses OAuth for its API.
If you reference the Getting Started page, it mentions that you need a developer token, complete with links.
You can follow these steps to get a developer token for production.
Sign in with Super Admin credentials at the Microsoft Advertising Developer Portal account tab.
Choose the user that you want associated with the developer token. Typically an application only needs one universal token regardless how many users will be supported.
Click on the Request Token button.
Regarding your specific scenario--an application running in the cloud without an interface--you should know that OAuth requires you to interact with it to set things up. So run your app locally ONCE, or at least the getting_started code from your language's walkthrough: https://learn.microsoft.com/en-us/advertising/guides/walkthrough-desktop-application-python?view=bingads-13
Running it locally will go through the authentication process with your browser and generate a refresh token (in the file refresh.txt by default). Store this file with your code. It will have to be on the server that's making the request, and since it's in Kubernetes, you'll have to keep it with your container file.
I'm trying to implement account linking against our OAuth service.
I tried logging in using gala-demo.appspot.com and that seems to work.
Calling askForSignIn() seem to fail when invoked, i don't get any calls back to my web service so the error seems to be upstream.
The response i see in the debug info when using the assistant simulator is:
expected_inputs[0].possible_intents[0]: intent 'actions.intent.SIGN_IN' is only supported for version 2 and above.
Any ideas?
On another note; If i set signInRequired on the action configuration for the welcome intent, it seems to get further but gives a bad sign in redirect link in simulator and on a device it opens a dialog that just disappears (looks like a successful login) but no response back to the web service.
That happens because you're probably using the old v1 API. I suggest you to check the migration guide:
https://developers.google.com/actions/reference/v1/migration
Cheers!
Sign in intent doesn't work at the moment as clearly explained in the docs, it's just something you can use for test in the emulator, but it's not available in production
I am having a strange problem while making an application in iPhone. The problem is in making a POST request to the server API in ColdFusion. We have two servers: one is for Testing and other for Production. The app works perfectly on the Testing server, but when we do a POST request in Production server the API couldn't read the request variable and gives error as Element xxxxx is undefined in ATTRIBUTES, but actually it is there. One reason could be different User-Agents, but after trying many combinations it does not work.
Any help would be very appreciated.
I don't understand why you're talking about different user-agent? It's iPhone to test server or iPhone to production server, no? Is the configuration exactly the same including the Application.cfc (or Application.cfm)?
Web app or native app calling cfc's?
I don't think user-agents make any difference. Try to submit request directly through browser to make sure it is really working. Best way to do that NSLog url request and paste it in browser.
I figured out the problem. It was the "LINK" I was using. The API worked with adding "www" to the link, where as I was using the link without "www". Hope it helps someone.
Thanks.