This might not be the right forum, but i have registered my application in the 'Application Registration Portal' : https://apps.dev.microsoft.com/#/appList
I have the client id/app id & the client secret, and previously this was working using the following account : admin#XXXXX.onmicrosoft.com, the 'Consent Request Pops-up' and i am able to give consent.
However, recently i am trying via another account, i.e. user3#XXXXX.onmicrosoft.com, this redirects to my registered URL without the 'Consent screen'.
Below is the error message returned,
error=access_denied&error_description=AADSTS65005%3a+Consent+validation+failed%3a%0d%0aTrace+ID%3a+be71ab23-b45c-47a9-8932-50a24ce86505%0d%0aCorrelation+ID%3a+a49121b9-5bc2-4bd3-934d-551eaa68261b%0d%0aTimestamp%3a+2015-10-26+08%3a28%3a02Z
Any hints would be great!
Related
I am trying to upload a message to a Google Group using this http call:
https://www.googleapis.com/upload/groups/v1/groups/mygroupname#domain.com/archive?ploadType=media&access_token=XYZ...
(Of course substituting the correct email address for the group, and the actual token). This produces the http error 401 (Authorization failed). The target account is Google Workspace. I am using a service account that has the Google Groups API enabled. I have added this scope to the service account and authorized it for my domain:
https://www.googleapis.com/auth/apps.groups.migration
As a test to make sure I have that scope authorized, I take the token that was generated and run it through this API:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=XYZ...
The json returned does have the apps.groups.migration scope (along with others for mail, calendar, etc.). I have no trouble accessing those other data types.
Any idea what I could be missing here?
TL;DR : I am getting a "12600: Authorisation Denied (12600)" error and can't find what that means in Netbanx/Paysafe's documentation.
Background:
I am using the Netbanx credit card services.
The request is built server-side to obtain a url, which is then embedded in an iframe on the application for clients to pay.
It works like a charm in test mode; the iframe displays Netbanx' form, the client enters their info, clicks "Pay", and the payment is authorized. So far so good.
Now, I've moved to live mode. Configurations (account numbers, API key and API secret) are all valid and used on other projects. The payment request is still correctly built, I obtain a url from Netbanx and it correctly displays the payment form. I enter valid credit card information, click pay, and then, boom: failure page, with error 12600: Authorization denied. I cannot find any info related to that error code. Has this occured to anyone? What does this code mean? Any details would be appreciated!
Thanks!
I believe the issue here relates to Paysafe test API credentials being used on the production environment. These credentials do not translate from test > production as a separate set would need to be used for security reasons.
If you believe that you are ready to go live, you can login to the BackOffice "https://login.test.netbanx.com/" and click the "Go Live" button to start the process!
I'm working on an iOS application and what I'd like to do is have the app ping one universal Gmail account to check for the most recent email.
I went through the guide from Google at https://developers.google.com/gmail/api/quickstart/ios?ver=swift, but the result did not work. After some googling, it appears that some functionality may have been changed, but they haven't updated their documentation yet.
Is there a way to send credentials via https to Gmail and get email messages back? I have an OAuth key via the Gmail API manager, but when I pass it as "access_token", the response says "Login Required".
AFAIK, an error response "Login Required" can be encountered if you try to list the buckets for a project that do not provide an authorization header.
If we check Users.messages: get, it's noted that it requires authorization.
For this, you may want to check Authorizing Your App with Gmail wherein you will find these basic authorization pattern:
During development, register the application in the Google API Console.
When the app launches, request that the user grant access to data in their Google account.
If the user consents, your application requests and receives credentials to access the Gmail API.
Refresh the credentials (if necessary).
Furthermore, if your application needs to access Google APIs on behalf of the user, you should use server-side flow. Please see Implementing Server-Side Authorization for more information.
Sometime back I was involved in writing a sample application to access email from gmail but using C++ on windows. The code is at https://github.com/Panchatcharam/simple_gmail_api. I was able to successfully get emails.
In my trial account, in US South, I created a Single Sign On service and bound it to an application and now am trying to go back into it and I got this page-
Forbidden
The resource you have requested is secured by Access Manager WebSEAL.
Explanation
There are two possible reasons why this message appeared:
You are not logged in to this secure domain.
You are logged in to this secure domain, but do not have the correct permissions to access the resource.
Solutions
You have an account for this secure domain but need to log in: You must first access this resource via HTTPS (SSL) and login to the secure domain. Re-access the page using HTTPS.
You do not have an account with this secure domain: Please contact your Account Administrator to obtain login and password information.
You are logged in but still denied access to the page: If you continue to get this message, you probably do not have the correct permissions to access the resource. Please contact your Security Administrator for assistance.
This happened yesterday afternoon too.
I was able to click on the Single Sign On service earlier today and update the Logout url and now I'm getting this message.
I tried stopping the app and then restarting and still can't get in.
Any help would be appreciated.
Thanks
This is an odd case. The error message indicates there is problem with your account. You were not authenticated successfully to the secure domain. I see another similar case in which the person's account does not have user's name in it. So you might want to check your account profile to see if any required
information like family name, given name, etc is missing.
I just tried now and am able to get into the Single Sign On service I have bound to my app, so not sure what was wrong the other day. I did not make any changes to my account either.
Thanks for the response though.
We have a multi-tenanted/multi-domain app and we're looking at publishing on IPP. Because of the multi-domain nature our configured endpoints in the App setup are generic and users are then redirected to their specific account once their identity is established.
The issue is with C2QB WF3.0.
The test steps are:
go here: https://appcenter.intuit.com/Home/MyApps/
on the "Launch My Apps" tab, click the app
Expected Result:
the Sign In screen for the app is displayed
The requirement is:
if not still signed into the app, sign in screen is displayed
if still signed into the app, take user into the app
The issue is that the even if the user is currently logged into our application, it still requests authorization as per this message:
"domain" is requesting some information from your Intuit account
By approving this request "domain" will be able to access your:
Name
Email Address
The workflow that it is actually following is to perform a callback to our connect url. The normal way to determine which account the callback is coming from is via the realmId, but this is not received from Intuit and therefore it needs to be requested. Once a user has completed this authorization, it will not ask again. It should be noted that we're not actually requesting a name or an email address as the screen suggests.
We've been informed by Intuit that it should not request authorization and it is not part of the workflow.
We're wondering if anyone else has encountered this problem and if there is a workaround for it.
We discussed with the Engineering teams and they confirmed what Pete has mentioned above. This is not a bug and please follow the steps as Pete has mentioned.
If you want to replicate the 'access your app with appcenter flow', you have be either logged in QBO online company file in same browser session or navigate to the app via blue dot menu from your application or run your application from localhost(.net) and then go to Appcenter and login there on same tab and then click on your app.
Since your desktop application is running, your code will be hit.
You will then get the second Auth screen only for authorizing your company file. After authorization your realm will be set in a cookie and in the code you can see its value. You can replicate this behavior via firebug and see the qbn.parentid cookie value has the realm after authorization is done.