I am displaying an Embedded Signing view in an iFrame. I am able to get the embedded signing view to display correctly using templates. I am calling an internal service (server-side) from the client (browser) and the internal service calls the Post Recipient View endpoint in the Docusign API.
In order to redirect the user to the correct view in my web app after the Signing view redirects to the returnUrl, I need to have query string parameters on the returnUrl. Here is an example of the returnUrl:
{
...
"returnUrl": "http://localhost:5000/#/my/path/redirect?sname=MY_VALUE&debug=foo,baz"
}
I am using the sname query parameter to hold the value for a string I will use to route to a view once the user is redirected from the Docusign Signing view.
The Problem:
When the iframe is redirected to the returnUrl after the Signing view is complete, the query string in the returnUrl is cutoff and the url of the iframe is:
http://localhost:5000/#/my/path/redirect?sname
when it should be
http://localhost:5000/#/my/path/redirect?sname=MY_VALUE&debug=foo,baz
I also read in the api documentation that an event parameter should also be present in the query string when redirecting, but that is not there either.
Is there a step that I am missing or is this a bug in the api?
I've tried a few tests using Postman and the resulting returnUrl is working for me. I even tried using yours directly (even though I obviously won't be able to connect to it) and it came up correctly as
http://localhost:5000/#/my/path/redirect?sname=MY_VALUE&debug=foo,baz&event=signing_complete
I even tried using an iframe for the signing session like you, still seems to be using the right URL when it redirects. So I've not been able to replicate your problem.
Are you attempting this in the demo environment?
Related
I've looked just about everywhere and tried everything I can find but cannot for the life of me figure this out.
I'm using the default Visual Studio Blazor Server template and using Facebook Authentication.
I need to filter out my controller using the [Authorize] tag and use the UserId for filtering of Data.
Using a normal Blazor Control a call to the Controller returns HTML telling me to log in, although the user is already logged in. Removing the [Authorize] tag allows the application to run as expected.
Calls directly to the Controller through the URI after logged in work as well.
I can see the Authorization Request header is not sent from the Client.
I tried to set the Tokens in the _Host.cshtml but await HttpContext.GetTokenAsync("access_token"), returns null
I'd configure a oAuth connection with the official documentation. All works except getting the profile picture from facebook.
The front redirects the valid user to a custom user-bundle register (need more data)
The weird part: When I try to use "infos_url" param, it redirects the autenticated user to the original register form, not the custom one. Either use the custom FOSUserProvider that gets the data.
any ideas?
I am trying to connect to Paypal to get a users consent to access their paypal payment history. The end goal would be to download payments received at the end of the day and take the info and dump it into a local database.
https://developer.paypal.com/webapps/developer/docs/api/#obtain-users-consent
<Cfset returnlink="http://www.xxxxxx.com/paypal/paypalreturn.cfm">
<cfset paypalLink="https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize">
<Cfset paypallink="#paypallink#?client_id=#settingsLive.clientid#">
<Cfset paypallink="#paypallink#&redirect_uri=#urlencodedformat(returnlink)#">
<Cfset paypallink="#paypallink#&response_type=code">
<Cfset paypallink="#paypallink#&scope=profile+email+address+phone+https%3A%2F%2Furi.paypal.com%2Fservices%2Fpaypalattributes">
<cfset paypalLink="#paypallink#&nonce=#createUUID()#">
<cfset paypalLink="#paypallink#&state=create">
Login with paypal
Clicking on the link below returns:
Relying Party Validation error: redirect_uri provided in the request
does not match with the registered redirect_uri. Please check the
request.
I have logged into the Rest API, modified my app and made sure the redirect uri's for the test and live return link match that listed above. I have also made sure that the accept logins options are checked.
I have also tried the same code against their sandbox URL:
https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize
and instead of receiving the validation error, I get a page cannot be displayed.
I've tried every combination of things that I could think of
1) removing 1 cfset statement at a time to isolate a bad variable
2) making sure the return uri was a https vs http
3) switching to sandbox mode url and back
I've connected to other oauth2 api's in the past, but can't figure this one out.
This has changed a bit, and will presumably change again soon... but here's how you do this now.
Log into developer.paypal.com
Click on Dashboard (https://developer.paypal.com/developer/applications)
Click your app name under "Rest API Apps"
Scroll to the box at the bottom of the screen labeled "Sandbox (or Live) App Settings
Set the Return URL (Where users will be redirected after test transactions)
Click save
NOTE
This Return URL must exactly match the redirect_uri that you pass in via querystring (so it's confusing as to why you'd need to pass it in in the first place)
GOTCHA
At this point in time, the Return URL can seemingly never be updated. In my recent experience, if you don't type it correctly the first time you save it, you will have to create a new app.
The only time I have seen this error is when your redirect_uri does not match the one set in your applications profile.
You need to set this value inside of your app on the developer website.
Log into developer.paypal.com
Click Applications
Under My Rest Apps click your App name
Click Edit next to App redirect URLs
Set the return URLs for live or test
Save
I am also unable to get sandbox to work for my Log In with PayPal tests so it is not just you.
As of now (October 2015), the Dashboard Return URL should correspond to the redirect_uri. You can obtain the redirect_uri parameter in Firefox, by downloading the HTTPFox browser plugin. Then you start HTTPFox, point your browser to the OmniAuth login link, and view the scParams in the query string in the bottom-most link in the HTTPFox history to obtain the redirect_uri.
You have to literally make sure the Return URL is the exact same sequence of characters as the input redirect_uri. For example, if one points to "localhost" and the other to "127.0.0.1", it won't recognize the redirect_uri value as the same. It also won't recognize redirect_uri if only one of the redirect_uri values has a final slash.
Yes, the return URL was able to be updated in my experience.
Well there seems to be quite a bit of confusion on this topic and I am struggling to get a clear answer, so here is my question...
I am using the serverside flow to obtain access tokens for my web app, I previously used offline_access which is now being depreciated so I need a way to refresh the token in the following situations:
1) User changes FB password
2) Token expires naturally
My app posts results to users FB walls so the refresh needs to be done automatically by our server (no cookies or OAuth dialogs)
I thought I could try to use the new endpoint described here
http://developers.facebook.com/roadmap/offline-access-removal/
, with the following piece of code (Java):
public static String refreshFBAccessToken(String existingAccessToken)
throws Exception{
//Currently not working
String refreshUrl = "https://graph.facebook.com/oauth/access_token?
client_id="+FacebookApp.appId+"
&client_secret="+FacebookApp.appSecret+"
&grant_type=fb_exchange_token
&fb_exchange_token="+existingAccessToken;
URL url = new URL(refreshUrl);
URI uri = new URI(url.getProtocol(), url.getHost(), url.getPath(),
url.getQuery(), null);
String result = readURL(uri.toURL());
String[] resultSplited = result.split("&");
return resultSplited[0].split("=")[1];
}
But this doesnt seem to work (I get a response 400), and when I re-read the documentation it seems this endpoint is used for tokens obtained using the client-side flow only...
So what about the serverside flow....?
Can someone tell me if the approach above is correct or there is another way?
Many thanks
From what I understand there is no server side flow for refreshing tokens.
The refresh token call needs to include the response of the user authentication process which is a short lived token.
You will need to include the refresh token process as part of the user login flow or if this doesn't work for your setup you will need to email the user asking them to come back!
I dont know java but syntax is very much like C#, so I can say,you are doing everything right.
But I doubt what does this function readURL do ?
If it works like get_file_contents() of php (i.e. if it does an HTTP get) , I guess thats not a right way to do .
Based on my experience on google's refresh token method, I think you should do an HTTP POST instead of HTTP GET to given url.
This is with reference to using Google Contacts Data API.
It requires that the application gets authentication view a WebBrowser/WebView (in the case of android).
Therefore the RequestTokenUrl is passed to the webview which will show a Google Sign-in page and then ask the user if it allows the application to access their account.
Once authorized, there needs to be some kind of callback to the activity.
The activity will then use the WebViews cookie (which should contain the AccessToken) with an HTTP client to request data from Google Data API. This could be anything, in our case it is the Google Contacts.
Any ideas on how this can be done?
EDIT: Found another way around the problem by using OAuth 2.0.
This still required getting the AuthorizationCode from the WebView but that is accessed through the pagetitle instead of a cookie.
The selected answer still addresses the original question correctly.
The following code which uses the reflection library will print a line with the cookies:
Sub WebView1_PageFinished (Url As String)
Dim r As Reflector
r.Target = r.RunStaticMethod("android.webkit.CookieManager", "getInstance", Null, Null)
Log(r.RunMethod2("getCookie", Url, "java.lang.String"))
End Sub