I've configured a webservice in a production website, but when I do a call to core_user_get_users_by_field function this returns a blank array except for the webservice user/role.
What permissions or things I must configure to get the right information for all users?
Best regards.
To allow the webservice user to see profiles other than it's own you need to grant it
moodle/site:viewuseridentity
To allow the webservice user to see the user's full profile you need to grant it
moodle/user:viewalldetails
Related
I want to have multiple logged accounts (with different auth providers Google,Apple, phone, email) in my app, so that the user can switch between accounts. To do that, I want to store the idToken and then use it to login without the need for the user to log in manually. I tried using this function:
FirebaseAuth.instance.signInWithCustomToken(token);
But it returns this message:
[firebase_auth/invalid-custom-token] The custom token format is incorrect. Please check the documentation.
PS. I'm getting the idToken wih this function
FirebaseAuth.instance.currentUser.getIdToken();
Image with the desired functionality
Thanks in advance!
I have tried storing the auth credentials but these have a short life time.
I expect to have tokens for different account, so I can switch this accounts.
I believe you may want to do something else rather than use the idTokens. What I would suggest is to check the providerId when a user logs in and originally links the accounts. Store this providerId locally and then in your database for profiles, have a collection by the userId with documents segmented by the providerId and just retrieve it the profile by the chosen providerId. Another option would be to allow one users to generate multiple profiles freely but limit it to maybe 5 different accounts, this would simplify the ux since they won't need to generate multiple accounts for the same functionality.
I have been experimenting with the REST API using my logged in user account's token to then make PUT requests on my user record to update some custom attributes.
In order to get to this work I had to grant my user account the manage-users role in Keycloak, prior to this I was getting forbidden responses back.
I can now make the PUT request successfully, and after logging out and logging back in I can see the updated attributes I set in my PUT request.
But I have now allowed my user to be able to manage all users in my realm, which I dont want to allow.
Instead I only want to be able to update my own account details.
I know the user can view their own profile and make changes on the Keycloak provided screens. But for certain custom attributes I want to be able to do this from the client side application they are logged in to, so using the REST API but not granting them a role that could allow them to update other users details.
Is this possible?
According to the User section Keycloak's Admin REST API, this is not possible.
One solution would be for your client app to send the update request to a backend. The backend will verify that the update request is legit (aka the JWT is verified and the update does apply to the user requesting the change).
Another solution would be to theme the User Account Service's screens to add input fields for your custom attributes, as the documentation says that:
This screen can be extended to allow the user to manage additional attributes. See the Server Developer Guide for more details.
The second option seems the more secure. I hope that helps.
This seems to be possible with the Account Management API.
Unfortunately, I didn't find any official documentation about that. However, there's an example in Keycloak that demonstrates how to do it.
Currently we have a user guide sitting in Confluence. We want to give access to this page to all users of the product. What is the best way to do this?
Do I put the user guide into its one space and make it public. Then would I need to make a group defining all my users on our product?
It would be ideal if the users did not have to log into confluence in order to view the user guide. The most important piece is we do not want to give access to the user guide to everyone to view.
If you want to grant access to the users of that product, you need to create a group, and then, give access to only that group. If users don't need to log into Confluence, then, anyone could access.
Another approach is to use Comala Share It (disclaimer, I work in Comalatech). This add-on allows you to create a unique URL, which could be shared with the users of your product, so only them could access. Of course, if the URL is shared with anyone outside the group, that person could access too. Guess the public URL is not possible, since it uses a secure token.
Regards,
Gorka
Using Shiro with JDBCRealm
My use case requires a user to submit a form to next user. The next user can only be someone with specific permission. This is to be known in order to show only valid Next user list for selection.
How can I get list of all the users that have a specific permission?
If not, Is there a workaround of getting the User permission strings from database and then at least reuse Shiro's logic to check if the user has specific permission?
Shiro is related to only security, authority, etc of current user not to the whole user base. You can use your standard sql queries to retrieve users with same permissions of the current logged in subject.
Why not use simple SQL query that matches current user permissions to other users permission and give a list. This way you will save memory and resource by not computing permissions logic in java again.
I'm building a Multi-Tenant application and I'm struggling incorporating a Facebook Login into the web application.
The tenants are using a sub-domain for example
http://tenant-1.domain.com/
http://tenant-2.domain.com/
http://tenant-3.domain.com/
So, I have created an application and when it comes to add the Website, how can I make it to be available in all tenants? Something like:
But of course, that does not work, and if I add just http://domain.com/ it does not work either on http://tenant-1.domain.com/ as soon I click in the <fb:button-login> I get:
How do I do this, without creating a specific FB App for each tenant?
I'm using this to help persons to subscribe their account, I just want the login to get name and email, or they need to fell that up in the name and email boxes...
This is not possible, but there are options to workaround. I think probably the best would be to use a single domain to perform the authentication, specified as the redirect_uri. On this redirect_uri you can append some query parameters, for example your redirect_uri could be:
http://auth.domain.com/auth.php?tenant=tenant-1
Then in the code for auth.php you would grab this tenant parameter from the query string, authenticate the user, store their access token and then immediately redirect them back to tenant-1.domain.com
I'm not sure if this solution will be something you prefer, but it is currently not possible to specify subdomains for authentication, so this or a similar workaround is necessary.