Outlook Addin Error Code 13005 for auth.getAccessTokenAsync - single-sign-on

So I am trying to use single sign on in an outlook addin. I have registered my app at https://apps.dev.microsoft.com/.
In my Manifest I have
<WebApplicationInfo>
<Id>{myId}</Id>
<Resource>api://mydomain.com:3000/{myId}</Resource>
<Scopes>
<Scope>Mail.Read</Scope>
<Scope>profile</Scope>
</Scopes>
</WebApplicationInfo>
mydomain.com is actually a domain i map to my local IP.
Outlook accepts my manifest just fine. How ever when i call Office.context.auth.getAccessTokenAsync, I get the following response
{name: "Invalid application resource Url provided.", message: "Invalid resource Url specified in the manifest.", code: 13004}
How else should i write the resource url. Am i supposed to add this url somewhere else?
I followed https://learn.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2 and was able to get further. But now i Get {name: "Preauthorization missing.", message: "Missing grant for this add-in.", code: 13005}

I was able to solve Error 13005 by adding /taskpane.html to the end of my redirect URI in the authentication tab of my App Registration [Figure 1]. Originally I just had https://loacalhost:3000 as my redirect URI. Just make sure that whatever endpoint the user is being redirected to is the redirect URI. Seems simple but I spent a lot of time on this.
If you can't figure out what your redirect endpoint is, inspect the taskpane element and then look at the top of the tab. It should be something like DevTools - {localhost:3000/taskpane.html}?_... The text inside of the curly braces is the endpoint, make sure that the whole string is added to the Authentication tab in App registrations.
App Registration Page Example Picture
I hope this helps,
Lucius

Related

How to use the keyword "location" in the URL parameter in AWS Amplify

I am currently working on a 1 page HTML app that uses URL parameters to do an API call. the URL parameters are set and used in QR codes so its necessary that they are able to change dynamically. A example URL would be something like app.com/index.html/?environment=demo&location=Kiosk
I currently have this app deployed in AWS Amplify, but I cant get other keywords to chain together. I have the following redirects in place:
These redirects make sure that every URL parameter I pass in the link works EXCEPT some keywords like the "location" keyword, next to some others. Using this keyword as a URL param gives a 502 server error, or if the redirects are not used an access denied error.
does anyone know how to get the location keyword to work? Thanks in advance!
You should be able to use a single rule that will forward everything to index.html EXCEPT urls with a "file extension" from the list below. That lets all your links work, but assets like images, fonts, code will pass through.
Doc for: Using Redirects - Single Page Apps
</^[^.]+$|\.(?!(css|gif|ico|jpg|js|png|txt|svg|woff|woff2|ttf|map|json)$)([^.]+$)/>

Deezer ask for a valid redirect uri

When I'm trying to authenticate a user it tells me I need a valid redirect uri.
Where can I change, fix or add it?
I am using the Deezer javascript SDK.
Thanks.
You have to complete 2 steps:
Create an application on http://developers.deezer.com
Set the right domain for that application. For example, YOUR_APPLICATION_DOMAIN.com is right, http://www.YOUR_APPLICATION_DOMAIN.com is wrong.
Setting a wrong application domain in the Edit section of your application will make the user login fail with the following message: "You must enter a valid redirect uri".
I got the same error until I removed the http:// from the "application domain" parameter defined at developers.deezer.com.
ie. use: application domain: subdomain.example.com rather than http://subdomain.example.com

How to redirect from Yahoo to my IOS app after authentication?

I am working on an app where I have to use Yahoo account to login.
I had gone through this link and followed the procedure as it was there.But I am unable to get back to my app after authentication.After googling I found an answer here.Here he said that "Add an URL Scheme in your info.plist file with the YOUR_APP_ID_OR_BUNDLE_ID" I did the same,but unable to redirect from yahoo to my app.If any one worked on this please help me.Thanks in advance.
This is what I had done in my URL Schemes
where JCzOzd44 is my app ID.
In yahoo account while creating the app.what should I give in "Application Domain"
I didn't work with the Yahoo! API yet, but in oauth it works like that:
Create an url scheme in your app. You can do that in the Info section of your project settings (URL types). Name the scheme whatever you want, for example your app id.
When you authenticate your app, you can pass a parameter named oauth_callback. Here you have to pass the name of the just created url scheme.
This should be it - when the login is ok on the Yahoo side, it will try to open the app that is registered for the url scheme it got as callback parameter.
UPDATE:
From the Yahoo! API documentation - this is the call you do when requesting the oauth token somewhere in your code (I filled in your url scheme as the callback, this is how it should look like):
https://api.login.yahoo.com/oauth/v2/
get_request_token?oauth_nonce=ce2130523f788f313f76314ed3965ea6
&oauth_timestamp=1202956957
&oauth_consumer_key=123456891011121314151617181920
&oauth_signature_method=plaintext
&oauth_signature=abcdef
&oauth_version=1.0
&xoauth_lang_pref="en-us"
&oauth_callback="JCzOzd44://"
Of course the request should be signed.
I have found the solution though with a little overheads.
Steps are: 1> Create a PHP script in you own server (say named, YRedirect.php).
2> Paste the following code in it-
CODE
<?php
$query = $_SERVER['QUERY_STRING'];
header("Location: com-mycompany-myapp://oauth-response?" . $query);
>
Where "com-mycompany-myapp" is your bundle identifier
3> Add an URL Scheme in your info.plist file with the YOUR_APP_ID_OR_BUNDLE_ID. That's it and you are DONE with the authentication problem.
In your code
[self.session sendUserToAuthorizationWithCallbackUrl:#"http://yourdomain.com/YRedirect.php"];
Then, register a custom URL scheme for your iPhone application from your Info.plist file, and then setup your server side script to redirect Safari back to your application via the URL scheme you just set up.
Thanks for this valuable information. Following your instructions I got the auth & call back working and the php page loads the app.

Trying to get OAuth dialog to work

I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.

Google Data/OAuth/AppEngine/Python - Properly Registering a Web Application

I'm creating a webapp with this combination of tools. I'm authenticating with App Engine in the following manner:
class googleLogin(webapp.RequestHandler):
def get(self):
callbackURL = 'http://%s/googleLoginCallback' % getHost()
#Create a client service
gdClient = gdata.docs.service.DocsService()
gdata.alt.appengine.run_on_appengine(gdClient)
gdClient.SetOAuthInputParameters(gdata.auth.OAuthSignatureMethod.HMAC_SHA1,
_GoogleConsumerKey,
consumer_secret=_GoogleConsumerSecret)
#Get a Request Token
requestToken = gdClient.FetchOAuthRequestToken(scopes=_GoogleDataScope,
extra_parameters={'xoauth_displayname': APP_NAME})
#Persist token secret
self.session = Session()
self.session[TOKENSECRETKEY] = requestToken.secret
gdClient.auto_set_current_token = True
gdClient.SetOAuthToken(requestToken)
authUrl = gdClient.GenerateOAuthAuthorizationURL(callback_url=callbackURL)
self.redirect(authUrl)
I authenticated my domain with Google at https://www.google.com/accounts/ManageDomain, entering a target URL and am using the given Consumer Key/Secret. For instance, if my domain was 'juno.appspot.com', I am using http://juno.appspot.com as the target url path prefix.
The process is working; however, Google presents this message to the user in a yellow security box:
"The application that directed you
here claims to be 'xxxxxx'. We are
unable to verify this claim as the
application runs on your computer, as
opposed to a website. We recommend
that you deny access unless you trust
the application."
I don't think I should be getting this error, since my server is getting the request token and creating the authorization URL. Does anyone have any insight on how to get rid of this warning?
Google's domain registration has an option to upload a certificate, but I shouldn't need to do that because I'm using OAuth with the HMAC_SHA1 signature method.
Also, not that it should matter, but I'm doing all this through a UIWebView on the iPhone. I'm specifically trying to do all authentication server-side to avoid exposing my Consumer Key/Secret.
Thank you for any tips :)
Solved.
The culprit is this line from above:
extra_parameters={'xoauth_displayname': APP_NAME})
Setting this value for a registered application intentionally triggers a warning to users, as indicated by the Google documentation:
xoauth_displayname:
(optional) String identifying the
application. This string is displayed
to end users on Google's authorization
confirmation page. For registered
applications, the value of this
parameter overrides the name set
during registration and also triggers
a message to the user that the
identity can't be verified. For
unregistered applications, this
parameter enables them to specify an
application name, In the case of
unregistered applications, if this
parameter is not set, Google
identifies the application using the
URL value of oauth_callback; if
neither parameter is set, Google uses
the string "anonymous".
Removing this line no longer allows me to use a 'nice' name in place of the domain, but it gets rid of that annoying yellow box :)
I'm not sure exactly where the issue may be in your code, but I've got a one page oauth/appengine/gdata example which may at least set you in the right direction. Have you tried to navigate to the site directly from the iPhone/desktop browser to see what message is delivered?
Hope it helps.
Alternatively, is it possibly to do with the user agent the UIWebView sets?