We Keep Coding

Invalid JWT token for New subaccount in SaaS

We are working on SaaS application development on SAP BTP ,facing very strange issue ,with new subaccounts ,after publishing our application through SaaS registry service and implementation of all call backs and including dependency call back ,when we are creating a new Tenant Subaccount and doing a subscription facing issue in login steps below ---
subscription is working fine and able to generate tenant specific url.
When user login to application unbale to call any backend service api via logged in User as XSUAA is unable to authenticate as JWT signature is not valid -
"<error_description>Cannot verify signature of access
token</error_description> invalid_token"
Same workflow works fine with old subaccounts created some time back for testing purposes.
Facing issue with newly created Subaccounts for tenant.
Please help.
Thanks,
Siddharth

The SAP Business Technology Platform has changed the way of Tenant's JWT validation in the first half of 2020. Instehttps://sap.github.io/cloud-sdk/docs/java/release-notes-sap-cloud-sdk-for-java#3161ad of using well-known and only one URL to get the validation key, it's now relying on the jku field and issuer to make sure every Tenant has a URL to fetch a key for the JWT validation.
The SAP Cloud SDK version 3.16.1 and above should fully support this validation mechanism. This means that the SDK version you use should be perfectly fine.
There could be edge cases where the application logic might require an update. That's why I suggest you create an issue here and provide the following information:
Since when the issue started affecting you? Was it working a week before and broke just now? Or you haven't added new Tenants in a while and now it's breaking?
Dependency tree of you App
Please, provide detailed exception stack trace or logs to identify the root cause.
Send us the code snippet where you believe things fail.
When we can make it reproducible, solving this should be rather straightforward.
We are happy to update this thread when a solution is found so that community can benefit.
Looking forward to the detailed issue and reproduction steps.

Action on Google - consume in Transactions forbidden

I follow the tutorial: https://developers.google.com/assistant/transactions/digital/dev-guide-digital-consumables
Everything works great up to a point when it's time to consume the product.
When calling https://actions.googleapis.com/v3/conversations/{sessionId}/entitlement:consume
it returns:
{"error":{"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"}}
I tried with the same JWT as I used to make a purchase as well as with a newly generated one. I'm also sure that entitlement.purchaseToken is successfully retrieved.
Any ideas?

I figured it out!
My app is using Service Account key from another project to generate JWT - due to a common app in Google Play Console, which enables me to share purchase entitlements across all my Actions.
As it turned out, this key can not be used in calling consume endpoint: https://actions.googleapis.com/v3/conversations/${convId}/entitlement:consume
To call it successfully, I have to use Service Account key from the project that the Action belongs to, generate new JWT and the voila! Everything's working as it should.

How to use AppStore connect API with my mac, announced in WWDC18?

I have seen the demo in WWDC18 related video here:
https://developer.apple.com/videos/play/wwdc2018/303/
but it is not from the scratch. I don't see that which tool they have used and where we need to start it. Can anyone help with it?

I watched that video too today and I wanted to use these API features, as for now 19-6-2018 this is still marked as coming soon... based on the App Store Connect website https://developer.apple.com/app-store-connect/
In addition, the new API Keys tab under the main App Store Connect is not available yet.This is the starting point to issue / create the API keys.
I am on look out and waiting...

The App Store Connect API is now available. You can find out more here:
https://developer.apple.com/app-store-connect/api/
The general steps are:
Request access to the API.
Your Team Agent (with the Legal role) will need to do this part.
Create and download an API key.
Anyone with Admin access can do this. Each key you create can only be downloaded once, and should be kept safe.
Use the information on the Keys tab + your private key to generate a token.
You can find libraries for many languages to make this easy here.
Supply the JWT as a bearer token in the HTTP Authorization header when making requests.
For example:
GET https://api.appstoreconnect.apple.com/v1/apps
Authorization: Bearer XYZ123
Where XYZ123 is your JWT. (Your real JWT will be much longer.)
Available API endpoints are documented here:
https://developer.apple.com/documentation/appstoreconnectapi

App Store Connect API available here now.

Get access token via Log in with google in unity

I would like to be able to login with my google account in my unity game.
I've tried using Play Game Services, which imo would be the best solution, and I can log in and get name and ID and stuff, but I can't get the access token used, so I can verify who the user is on my server.
I have a server with a lot of player-data, that I can't put in Game Services, so I need to verify it's the correct user, and the ID is not safe enough.
How can I log in with google and get an access token in unity?
cheers

You can use this code to get token :
PlayGamesPlatform.Instance.Authenticate(success =>
{
if (success)
{
Debug.Log("Token :");
Debug.LogFormat("{0}", PlayGamesPlatform.Instance.GetAccessToken());
Debug.Log("End Of Token");
}
});
But you have to add a client id to your Google play services unity plugin.

Have you tried writing a custom Android plugin for your game?
You could get anything in your Unity game that you would be able to on a native Android app, and then pass that data to reference against your server.
They have pretty straightforward documentation for it:
http://docs.unity3d.com/Manual/PluginsForAndroid.html
I hope that helps!
Edit: Elaborated statement.

The PlayGamesPlatform.Instance.GetToken() will give you a string token, but can take a while to download, even several seconds. If the app setup is correct, it should populate after a while. Keep polling it whether it's null or empty, and it should eventually yield a valid token. The token is only good for 1 hour.

In order to access Google APIs on a backend web server on behalf of the current player, you need to get an authentication code from the client application and pass this to your web server application. This code can then be exchanged for an access token to make calls to the various APIs. For more details on this flow see: https://developers.google.com/identity/sign-in/web/server-side-flow
To get the Auth code: 1. Configure the web client Id of the web application linked to your game in the Play Game Console. 2. Call PlayGamesPlatform.GetServerAuthCode() to get the code. 3. Pass this code to your server application.
I am able to get the AuthCode and this code is given to the server and they generate the access token and authenticate my account.

Getting error when connecting to an app using Intuit

I have just created an app in Customer Account Data section in
https://developer.intuit.com after signup.
Then I created a .NET application to get authorization after providing the details, I received just after app was successfully created like consumerKey and consumerSecret.
I am able to get the page that authenticate with my username but there is also an error like :
Oops! An error has occurred.
Please close this window and try again.
Error Code: invalid_database
Message: AppId cannot be <= 0, appId=-1
My main aim is to get back to the page which shows a successful authentication. I again checked my app in
https://developer.intuit.com/Application/List
and I see Status: Pending Review for that app.
I just want to test the authentication for a sample application.
How can I understand this review system? Do we have something like sandbox in PayPal for testing, and if so, how to get started with it?

Are you 100% positive that you have your OAuth key, secret, and your app token correctly entered in the config for your app?
You should not need to go through any sort of review process - you probably just have something entered/configured incorrectly.

I think you are confused between apps for Customer Account Data and Quickbooks.
If you created an app for CAD, then you need to upload a certificate too.
If you go to GITHUB sample app for CAD-
https://github.com/IntuitDeveloperRelations/IPP_Sample_Code->customer account data
You will see that it does not require the oauth callback url or any of the values, you have mentioned. All these values are required when you create a quickbooks sample application.
The above link has both the code samples for CAD as well as Quickbooks.
Please verify what you are looking for.

Most probably you were using wrong public-private key pair.
While setting up AggCat intergration, you had used one public key, but while doing SAML assertion you are not using the corresponding .key/.p12 file. Please verify that.
You can easily test this use case using APIExplorer tool.
https://developer.intuit.com/apiexplorer?apiname=CustomerAccountData
You can refer the following steps to get new tokens and test API calls.
Key generation using openssl - https://developer.intuit.com/docs/0020_customeraccountdata/007_firstrequest
After generating these keys, you can create a sample app with the public key. https://developer.intuit.com/docs/0020_customeraccountdata/009_using_customeraccountdata/0010_gettingstarted/0015_create_an_cad_integration
then use the .p12 file with pwd for SAML assertion in apiexplorer Link - https://developer.intuit.com/apiexplorer
Thanks