add nickname to google group using api - google-groups

I've been trying to use the directory API to add an alias to a group, and it doesn't seems to work, is this feature operational already?
Thank you!

Yes, it works properly. Here's an example of GAM 2.995 creating a domain alias for your reference. I'd need to see code to determine where you're having issues.
$ touch gam/debug.gam
$ gam create alias test-alias#jay.powerposters.org group testme#jay.powerposters.org
Creating alias test-alias#jay.powerposters.org for group testme#jay.powerposters.org
connect: (www.googleapis.com, 443)
send: 'POST /admin/directory/v1/groups/testme#jay.powerposters.org/aliases?alt=json HTTP/1.1
Host: www.googleapis.com
content-length: 44
accept-encoding: gzip, deflate
accept: application/json
user-agent: Google Apps Manager 2.995 / jay#ditoweb.com (Jay Lee)
/ Python 2.7.4 final
/ Linux-3.8.0-26-generic-x86_64-with-Ubuntu-13.04-raring x86_64
/ google-api-python-client/1.1
content-type: application/json
authorization: Bearer ya29.XXX
{"alias": "test-alias#jay.powerposters.org"}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
header: Pragma: no-cache
header: Expires: Fri, 01 Jan 1990 00:00:00 GMT
header: Date: Wed, 10 Jul 2013 17:34:38 GMT
header: ETag: "2rnFeCLM59Q4Hv06VzEjKQtYAxk/uYyLVNg9ntD0jUUkkana74HyFfQ"
header: Content-Type: application/json; charset=UTF-8
header: Content-Encoding: gzip
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Content-Length: 112
header: Server: GSE

Related

Active-Active minio cluster sync data

https://docs.min.io/minio/baremetal/replication/enable-server-side-two-way-bucket-replication.html#required-permissions
I follow this guide, when I do "mc admin policy add". I got an err:
mc: <ERROR> Unable to add new policy: conditions are not supported for action s3:GetBucketVersioning.
Then I add '--debug':
mc: <DEBUG> PUT /minio/admin/v3/add-canned-policy?name=ReplicationRemoteUserPolicy.json HTTP/1.1
Host: xxxxx:xxx
User-Agent: MinIO (linux; amd64) madmin-go/0.0.1 mc/RELEASE.2022-07-06T14-54-36Z
Content-Length: 1328
Accept-Encoding: gzip
Authorization: AWS4-HMAC-SHA256 Credential=admin/20220707//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: 26a5f72146edcd356b967fb84a6b1407418205af1904f9408fd2e85b196c98d1
X-Amz-Date: 20220707T094030Z
mc: <DEBUG> HTTP/1.1 400 Bad Request
Content-Length: 237
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
Content-Type: application/json
Date: Thu, 07 Jul 2022 09:40:19 GMT
Server: MinIO
Vary: Origin
X-Amz-Request-Id: 16FF82A1BB2425B5
X-Xss-Protection: 1; mode=block
{"Code":"XMinioMalformedIAMPolicy","Message":"conditions are not supported for action s3:GetBucketVersioning","Resource":"/minio/admin/v3/add-canned-policy","RequestId":"16FF82A1BB2425B5","HostId":"3473e3d7-6fef-4358-83e7-f7e333eb8675"}
mc: <DEBUG> Response Time: 3.844982ms
---------START-HTTP---------
PUT /minio/admin/v3/add-canned-policy?name=ReplicationRemoteUserPolicy.json HTTP/1.1
Host: xxxxx:xxxx
User-Agent: MinIO (linux; amd64) madmin-go/0.0.1 mc/RELEASE.2022-07-06T14-54-36Z
Content-Length: 1328
Accept-Encoding: gzip
Authorization: AWS4-HMAC-SHA256 Credential=admin/20220707//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: 26a5f72146edcd356b967fb84a6b1407418205af1904f9408fd2e85b196c98d1
X-Amz-Date: 20220707T094030Z
HTTP/1.1 400 Bad Request
Content-Length: 237
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
Content-Type: application/json
Date: Thu, 07 Jul 2022 09:40:19 GMT
Server: MinIO
Vary: Origin
X-Amz-Request-Id: 16FF82A1BB2425B5
X-Xss-Protection: 1; mode=block
{"Code":"XMinioMalformedIAMPolicy","Message":"conditions are not supported for action s3:GetBucketVersioning","Resource":"/minio/admin/v3/add-canned-policy","RequestId":"16FF82A1BB2425B5","HostId":"3473e3d7-6fef-4358-83e7-f7e333eb8675"}
---------END-HTTP---------
mc: <ERROR> Unable to add new policy: conditions are not supported for action s3:GetBucketVersioning
(1) admin-policy-add.go:140 cmd.mainAdminPolicyAdd(..) Tags: [cluster202, ReplicationRemoteUserPolicy.json, /dev/stdin]
(0) admin-policy-add.go:140 cmd.mainAdminPolicyAdd(..)
Commit:81c4a5ad6ee4 | Release-Tag:RELEASE.2022-07-06T14-54-36Z | Host:clone-instance-testv3 | OS:linux | Arch:amd64 | Lang:go1.18.3 | Mem:3.3 MB/17 MB | Heap:3.3 MB/7.7 MB.
How can I fix this?
I used helm chart install minio cluster, the tag of docker images is :RELEASE.2021-02-14T04-01-33Z

401 error after successful login using browser

Using my browser I point to a URL and I am prompted with a username/password dialog. I enter my username/password and I get my webpage.
I get a 401 error, however, when using curl:
curl --anyauth --user "$USERNAME:$PASSWORD" $URL
wget:
wget --http-user=$USERNAME --http-password=$PASSWORD $URL
Python:
response = requests.get(url, auth=requests.auth.HTTPBasicAuth(username, password))
response = requests.get(url, auth=requests.auth.HTTPDigestAuth(username, password))
The verbose (sanitized) output is below for curl:
* About to connect() to application.intranet.net port 443 (#0)
* Trying 10.10.10.139...
* Connected to application.intranet.net (10.10.10.139) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=application.intranet.net,OU=COMPANY - Web Hosting,O=Com Pany Inc.,STREET=address,L=city,ST=state,postalCode=12345,C=US
* start date: Apr 06 00:00:00 2020 GMT
* expire date: Apr 06 23:59:59 2022 GMT
* common name: application.intranet.net
* issuer: CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> GET /appname/Reporting/ReportListStart.aspx HTTP/1.1
> User-Agent: curl/7.29.0
> Host: application.intranet.net
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Cache-Control: private
< Content-Type: text/html
< Server: application Server
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Date: Wed, 23 Dec 2020 16:17:22 GMT
< Content-Length: 1293
<
* Ignoring the response-body
* Connection #0 to host application.intranet.net left intact
* Issue another request to this URL: 'https://application.intranet.net/appname/Reporting/ReportListStart.aspx'
* Found bundle for host application.intranet.net: 0x1f4b050
* Re-using existing connection! (#0) with host application.intranet.net
* Connected to application.intranet.net (10.10.10.139) port 443 (#0)
> GET /appname/Reporting/ReportListStart.aspx HTTP/1.1
> User-Agent: curl/7.29.0
> Host: application.intranet.net
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Cache-Control: private
< Content-Type: text/html
< Server: application Server
* gss_init_sec_context() failed: : No Kerberos credentials available (default cache: KEYRING:persistent:9013)
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Date: Wed, 23 Dec 2020 16:17:22 GMT
< Content-Length: 1293
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
* Connection #0 to host application.intranet.net left intact
wget:
--2020-12-23 11:18:14-- https://application.intranet.net/appname/Reporting/ReportListStart.aspx
Resolving application.intranet.net (application.intranet.net)... 10.10.10.139, 10.10.10.10
Connecting to application.intranet.net (application.intranet.net)|10.10.10.139|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to application.intranet.net:443.
HTTP request sent, awaiting response... 401 Unauthorized
Reusing existing connection to application.intranet.net:443.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
Python:
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): application.intranet.net:443
send: b'GET /appname/Reporting/ReportListStart.aspx HTTP/1.1\r\nHost: application.intranet.net\r\nUser-Agent: python-requests/2.25.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nAuthorization: Basic U19KaXJhX0ludGVybmFsQXVkaXQ6R2l4X0lLdzFqTEYtMld0cw==\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Cache-Control: private
header: Content-Type: text/html
header: Server: application Server
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: NTLM
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: Date: Wed, 23 Dec 2020 17:01:10 GMT
header: Content-Length: 1293
DEBUG:urllib3.connectionpool:https://application.intranet.net:443 "GET /appname/Reporting/ReportListStart.aspx HTTP/1.1" 401 1293
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): application.intranet.net:443
send: b'GET /appname/Reporting/ReportListStart.aspx HTTP/1.1\r\nHost: application.intranet.net\r\nUser-Agent: python-requests/2.25.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Cache-Control: private
header: Content-Type: text/html
header: Server: application Server
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: NTLM
header: X-Frame-Options: SAMEORIGIN
header: X-Content-Type-Options: nosniff
header: Date: Wed, 23 Dec 2020 17:01:10 GMT
header: Content-Length: 1293
DEBUG:urllib3.connectionpool:https://application.intranet.net:443 "GET /appname/Reporting/ReportListStart.aspx HTTP/1.1" 401 1293
From my browser there is the initial request that returns a 302:
Request URL: https://application.wuintranet.net/appname/Reporting/ReportListStart.aspx
Request Method: GET
Status Code: 302 Found
Remote Address: 10.10.10.123:443
Referrer Policy: strict-origin-when-cross-origin
Cache-Control: private
Content-Length: 160
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Dec 2020 17:14:54 GMT
Location: /appname/Reporting/ReportListStart.aspx
Persistent-Auth: true
Server: application Server
Set-Cookie: ASP.NET_SessionId=dy2rr35onasw5ctumhuqb4af; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: appname_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=False&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; path=/; secure; HttpOnly
Set-Cookie: .application_SSO_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=True&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; path=/; secure; HttpOnly
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Host: application.wuintranet.net
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
and then the browser-generated followup that returns 200:
Request URL: https://application.wuintranet.net/appname/Reporting/ReportListStart.aspx
Request Method: GET
Status Code: 200 OK
Remote Address: 10.10.10.123:443
Referrer Policy: strict-origin-when-cross-origin
Cache-Control: private
Content-Encoding: gzip
Content-Length: 32914
Content-Type: text/html; charset=utf-8
Date: Wed, 23 Dec 2020 17:14:54 GMT
Persistent-Auth: true
Server: application Server
Set-Cookie: appname_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=False&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; path=/; secure; HttpOnly
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Cookie: ASP.NET_SessionId=dy2rr35onasw5ctumhuqb4af; appname_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=False&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==; .application_SSO_Cookie=ConnectionTitle=DELwLGx+KbrtS0gKvmretg==&IsConnectionTitleSet=True&IsLogOff=True&CurrentOrganization=ELx658BVmiesDFQg7w5RtA==&IsOrganizationRequired=YBfC/taoB3Ll19UPqF9IEA==
Host: application.wuintranet.net
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
replace
curl --anyauth
with
curl --ntlm

spring cloud zuul: How can return service httpstatus(or handle zuul status return)?

If use zuul routes for eureka service id,service return some httpStatus like 503
curl 10.1.0.21:5701/usr/users/xxx/a -H "Api-Version: v10" -i
Returns:
HTTP/1.1 503 Service Unavailable
Set-Cookie: Session-Token=9e66fb56-21e2-457a-a00f-f788c5ce820b; path=/; domain=.0.21:5701; HttpOnly; Max-Age=2592000; Expires=Sat, 29-Oct-2016 09:23:41 GMT
Date: Thu, 29 Sep 2016 09:23:41 GMT
Session-Token-Expires: 2592000
Connection: keep-alive
ETag:
Session-Token: 9e66fb56-21e2-457a-a00f-f788c5ce820b
Transfer-Encoding: chunked
Content-Type: application/json;charset=UTF-8
X-Application-Context: user-api-provider:5701
Content-Language: en-
Access-Control-Max-Age: 1728000
[{"key":"serviceUnavailable","message":"无效的接口"}]
But zuul reuturns ok/200, why? How can I change how Zuul handles statuses?
curl 10.1.0.19:8090/usr/users/xxx/a -H "Api-Version: v10" -i
Returns:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 0
X-Application-Context: zuul-server:8090
Date: Thu, 29 Sep 2016 09:24:10 GMT
Works for me with latest spring-cloud-netflix (1.2.0):
#SpringBootApplication
#EnableZuulProxy
public class SimpleApplication {
public static void main(String[] args) {
SpringApplication.run(SimpleApplication.class, args);
}
}
with application.properties:
zuul.routes.test.url=http://httpstat.us/503
zuul.routes.test.path=/test/**
and:
$ curl localhost:8080/test/
> GET /test/ HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 503
< X-Application-Context: application
< Cache-Control: private
< X-AspNetMvc-Version: 5.1
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Access-Control-Allow-Origin: *
< Date: Thu, 29 Sep 2016 10:24:16 GMT
< Content-Type: text/plain;charset=utf-8
< Transfer-Encoding: chunked
< Connection: close
<
* Closing connection 0
503 Service Unavailable$

When not logged to Deezer, my application is redirected to wrong url

I'm having a problem with my redirect url, but only when I'm not connected to deezer already.
When I'm connected, my OAuth flow works perfectly, and I'm redirected to the right url: 'http://10.0.0.68:3000/callback/'.
But when I don't have a deezer session on, and I am redirected to the Deezer login page, it Doesn't work. Whenever I log in to Deezer, either with facebook or not, I am redirected to the following address: 'http://10.0.0.68:3000/callback/https://connect.deezer.com/oauth/auth.php?perms=basic_access%2Cemail%2Coffline_access&format=window&app_id=175451&redirect_uri=http%3A%2F%2F10.0.0.68%3A3000%2Fcallback%2F#='.
I have no idea how could this be a problem with my app, since it happens outside of my scope, but here is my code:
settings.py
DEEZER_REDIRECT_URI = reverse_lazy('front:callback')
DEEZER_API_URL = 'https://api.deezer.com/'
DEEZER_CONNECT_URL = 'https://connect.deezer.com/'
DEEZER_APP_ID = "xxxxxx"
DEEZER_SECRET_KEY = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
views.py
class LoginView(View):
"""Logs user with Deezer"""
def get(self, request):
url = settings.DEEZER_CONNECT_URL + 'oauth/auth.php?' + \
urlencode({
'app_id': settings.DEEZER_APP_ID,
'perms': 'basic_access,email,offline_access',
'redirect_uri': settings.BASE_URL + str(settings.DEEZER_REDIRECT_URI)[1:]
})
redirect = HttpResponseRedirect(url)
return redirect
urls.py
app_name = 'front'
urlpatterns = [
url(r'^$', views.IndexView.as_view(), name='index'),
url(r'^login/$', views.LoginView.as_view(), name='login'),
url(r'^callback/$', views.CallbackView.as_view(), name='callback'),
]
Hope someone can help me.
UPDATE 2016-03-31
Seems that Deezer resolved the issue so it should work in your case, too.
Previous answer:
At least I can tell that it's not your fault. Today I realized that the previously working OAuth-workflow for our application www.mooval.de now behaves exactly the same as you describe here.
Deeezer seems to have deployed something recently which fails to create a correct redirect URL:
https://connect.deezer.com/login.php?app_id=155151&redirect_type=refresh&redirect_link=http%3A%2F%2Fwww.mooval.de%2FdeezerAuthCallbackhttps%3A%2F%2Fconnect.deezer.com%2Foauth%2Fauth.php%3Fstate%3Deb05c0fe-48ef-4cce-85c3-ed1d037d7111%26perms%3Doffline_access%252Cmanage_library%252Cdelete_library%26format%3Dwindow%26app_id%3D155151%26redirect_uri%3Dhttp%253A%252F%252Fwww.mooval.de%252FdeezerAuthCallback
GET /oauth/auth.php?app_id=xxxxxx&redirect_uri=http%3A%2F%2Fwww.mooval.de%2FdeezerAuthCallback&perms=manage_library%2Cdelete_library%2Coffline_access&state=eb05c0fe-48ef-4cce-85c3-ed1d037d7111
HTTP/1.1 Host: connect.deezer.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
DNT: 1
Referer: http://mooval.de/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: xxx
HTTP/1.1 302 Found
Date: Wed, 30 Mar 2016 12:37:23 GMT
Server: Apache
Set-Cookie: sid=fr7ae7be4cd40c37855e22e876961fce0c3ec235; path=/; domain=.deezer.com; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml" CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Location: https://connect.deezer.com/login.php?app_id=155151&redirect_type=refresh&redirect_link=http%3A%2F%2Fwww.mooval.de%2FdeezerAuthCallbackhttps%3A%2F%2Fconnect.deezer.com%2Foauth%2Fauth.php%3Fstate%3Deb05c0fe-48ef-4cce-85c3-ed1d037d7111%26perms%3Doffline_access%252Cmanage_library%252Cdelete_library%26format%3Dwindow%26app_id%3Dxxxxx%26redirect_uri%3Dhttp%253A%252F%252Fwww.mooval.de%252FdeezerAuthCallback
X-Host: blm-web-49
Content-Length: 0
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

WebAuthenticationBroker returns a UserCancel WebAuthenticationResult on a successful Facebook authentication

Using the WebAuthenticationBroker for Single Sign On in a Windows Phone Store app (WinRT / WP8.1), i use the following code to engage the Facebook login process :
string redirectUri2 = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri().AbsoluteUri;
FacebookClient fb = new FacebookClient();
Uri loginUri = fb.GetLoginUrl(new {
client_id = FacebookAppID,
redirect_uri = redirectUri2,
response_type = "token",
scope = FacebookScope,
display = "popup"
});
WebAuthenticationBroker.AuthenticateAndContinue(loginUri, new Uri(redirectUri));
In the ContinueWebAuthentication(WebAuthenticationBrokerContinuationEventArgs args) callback, the WebAuthenticationResult.ResponseStatus I get is UserCancel, even on a successful sign in.
Trace of the last response from Facebook :
HTTP/1.1 200 OK
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-XSS-Protection: 0
X-Frame-Options: DENY
Facebook-API-Version: v2.0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=-1413367561; path=/; domain=.facebook.com; httponly
X-FB-Debug: {edited out}
Date: Wed, 15 Oct 2014 10:06:02 GMT
Connection: keep-alive
Content-Length: 411
<script type="text/javascript">window.location.href="ms-app:\/\/s-1-15-2-908865707-3825634006-813379085-3082126904-2549935584-1522363559-xxxxxxxxxx\/#access_token={edited out}&expires_in=5113018";</script>
What is going on with the WebAuthenticationBroker ?
Additional information on the issue : the date/time/timezone on the phone are correct.