I have a site and secret key that I created in 2020. I am attempting to access the reCAPTCHA admin console to change some settings on the existing keys. Whenever I go to the following URL: https://www.google.com/recaptcha/admin, I am immediatly redirected to: https://www.google.com/recaptcha/admin/create. How do I access an existing reCAPTCHA configuration?
Related
I am trying to access the Github repo which sits behind an enterprise firewall (Open VPN). I am trying to access with my username and password but getting the below Exception. Any suggestions on how to access the repo with Spring Cloud.
application.properties:
spring.cloud.config.server.git.uri=https://github.com/company-repo/abc.git
spring.cloud.config.server.git.username=tarun
spring.cloud.config.server.git.password=xxxxx
spring.cloud.config.server.git.ignore-local-ssh-settings=true
Exception:
Error occured cloning to base directory. org.eclipse.jgit.api.errors.TransportException:
https://github.com/company-repo/abc.git: not authorized
Do not Use Your GitHub password in your app.prop file...You will get a Not Authorized exception. Instead Generate an access token.
Creating a personal access token
You should create a personal access token to use in place of a password with the command line or with the API.
Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line.
If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see "About authentication with SAML single sign-on" and "Authorizing a personal access token for use with SAML single sign-on."
As a security precaution, GitHub automatically removes personal access tokens that haven't been used in a year.
Creating a token
Verify your email address, if it hasn't been verified yet.
In the upper-right corner of any page, click your profile photo, then click Settings.
Settings icon in the user bar
In the left sidebar, click Developer settings.
In the left sidebar, click Personal access tokens.
Click Generate new token.
Give your token a descriptive name.
Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select repo.
Click Generate token.
Click to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.
Warning: Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.
To use your token to authenticate to an organization that uses SAML SSO, authorize the token for use with a SAML single-sign-on organization.
Using a token on the command line
Once you have a token, you can enter it instead of your password when performing Git operations over HTTPS.
For example, on the command line you would enter the following:
$ git clone https://github.com/username/repo.git
Username: your_username
Password: your_token
Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to switch the remote from SSH to HTTPS.
If you are not prompted for your username and password, your credentials may be cached on your computer. You can update your credentials in the Keychain to replace your old password with the token.
The way i made it work is :
Generate the Access Token on Github repo and provide read and admin rights to it
Use the Token as password
Credentials can be saved in Kubernetes as Secrets or inside Vault. Hope this helps.
I'm trying to create a Spring Cloud Config Server to retrieve configuration files from a private GitHub repository. My GitHub account has 2 Factor Authentication activated so I wasn't expecting the below configuration to work, which it didn't but I can't find any documentation to suggest what I need to do in order to make it work.
What configuration do I need to set that will allow the connection to work?
spring.cloud.config.server.git.uri=https://github.com/DanBonehill/photo-app-config
spring.cloud.config.server.git.username=USERNAME
spring.cloud.config.server.git.password=PASSWORD
Error
org.eclipse.jgit.api.errors.TransportException: https://github.com/DanBonehill/photo-app-config: not authorized
What you could try and do (have not tested this), is create a personal access token from the Github console.
Then configure
spring.cloud.config.server.git.username=<yourusername>
spring.cloud.config.server.git.password=<yourtoken>
Instead of using username and password you should use an ssh key, the official documentation can guide you through it!
Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.
you solve this in 2 minutes, this problem is because at August 13, 2021 the github update the login form, to solve this.
1) login in your gitHub folow this path: Settings > Developer settings > Personal access tokens > Generate new token
2) Now set a long time to expiration token, check the "repo" to allow access repository with this token, and Generate token.
3) Now skill your github password because this token created is your new password, replace this at all application, server, terminal that need to access github.
4) Now configure your spring configuration server, this is a content of file "application.properties" of spring configuration server at path /src/main/resources/application.properties.
spring.cloud.config.server.git.uri= https://github.com/"username"/"repository" //your githur repository
spring.cloud.config.server.git.search-paths= myFilesFolder /if your files is into some folder
spring.cloud.config.server.git.username= testUsername // your username
spring.cloud.config.server.git.password= gti_FdsweecSoUSHPsdfw //Here is your new token created
I'm having some problems with the Alexa account linking authorization.
These are the steps I followed:
I got the credentials (client id, client secret...) from the Google Cloud Console
Setup on the Alexa Developer Console, using 'Auth Code Grant' as authorization grant type
Activated the skill on my Alexa application and successfully logged in with my Google account
Now I got the access token in the request, in handler_input.request_envelope.context.system.user.access_token
The problem is that the access token expires after one hour and Alexa does not manage the refreshment of the token.
What should I do to avoid having to ask my users to login every time after one hour? Should I use Implicit grant as authorization type? Should I get a refresh token somehow?
Additional info: it's a custom skill that connects to an AWS Lambda using Python3
While #pinoyyid's answer was correct, it didn't provide a solution so I'm posting one for future reference.
The problem was indeed that Amazon servers did not receive a refresh token from Google, thus making it impossible to refresh the access token after its expiration time of one hour.
Following this link and other Amazon forum posts, I got to a working solution.
Amazon Alexa developer console 'Account Linking' configuration:
Authorization grant type: Auth Code Grant
Authorization URI: https://accounts.google.com/o/oauth2/v2/auth?access_type=offline (even though the one from the google credentials was not v2, it shouldn't make a difference)
The access type is very important because, as documentation goes:
Set the [access_type] value to offline if your application needs to refresh access tokens when the user is not present at the browser. [...] This value instructs the Google authorization server to return a refresh token and an access token the first time that your application exchanges an authorization code for tokens.
Access Token URI: https://accounts.google.com/o/oauth2/token
Client ID & Secret: downloaded on Google Cloud Platform
Client Authentication Scheme: HTTP Basic
Domain List: google.com and googleapis.com
Default access Token Expiration Time: left empty
Now, after doing this and saving the configuration, be aware that you might not notice the change, as, from here:
When Alexa uses the refresh token to retrieve a new access token for an existing user, Alexa uses the access token URI that was configured at the time the user linked their account. Therefore, if you change the access token URI later, users who linked their accounts before continue to use the old URI for retrieving updated tokens. The users must unlink and re-link accounts to switch to the new access token URI.
So, in order to complete the procedure:
Deactivate your skill
Go to the Google third party applications that have access to your data and remove your Google Project associated
Reactivate your skill and login again (if done correctly it should ask you the permissions for the scope you specified in the Alexa developer console again
Done! after one hour you should re-try and it should have a renewed access token
Additional Info
I found that many suggested to retrieve the refresh token, I don't believe this is possible because, even if Google sends it, it's Amazon that stores it and uses it to refresh the access token.
EDIT:
This works fine for developing and testing but I discovered here that for publication purposes you must own the landing page that you redirect your users to. For me it was just necessary to create a simple HTML page hosted in a public S3 bucket that would redirect the request to the Authorization URI I wrote before, while the Access Token URI must remain the Google one.
Have you read https://developer.amazon.com/docs/account-linking/configure-authorization-code-grant.html ?
My guess is that the Refresh Token is missing because you have already auithorised the app. The RT is only issued once. Try going into https://myaccount.google.com/permissions?utm_source=google-account&utm_medium=web to revoke the permission and try again.
I'm trying to integrate facebook login into an app just for learning purposes but it seems that facebook made some changes recently that allows only https.
Here's the error when I try to log in with facebook:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
Some people suggested to go to Facebook Login -> Settings and disable 'Enforce HTTPS for Web OAuth Login'. However, it seems that the recent update on facebook disabled this option.
Anyone found a work around this problem?
Enforce HTTPS
This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt.
I have installed the Google Drive Realtime API sample files on my web server, following these instructions, including generating a client_id in the Cloud Console and inserting it into the index.html file.
When I visit that page and click the button to authorize the app, it pops up with a new window and shows:
Error: invalid_client
no registered origin
The Request Details are:
openid_connect_request=true
cookie_policy_enforce=false
scope=https://www.googleapis.com/auth/drive.install https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/plus.me
response_type=token
access_type=online
redirect_uri=postmessage
proxy=oauth2relay865404532
origin=http://mywebsite.com
state=264939258|0.165356673
display=page
client_id=1077585001321.apps.googleusercontent.com
authuser=0
I can't see any other client_id that I should be using in the Cloud Console. Does anybody know how to overcome this error? Thanks for your help.
In the new Google API Console, configure your OAuth2.0 authorized origins from
Your Project > APIs & auth > Credentials
You might need to add a new Client ID specifically for a web application (I did because the default was for AppEngine)
Create Client ID > Web Application > Authorized Javascript origins
If you are running on a local dev server, just add the exact URL such as :
http://127.0.0.1:9000
UPDATE: I changed accepted answer to Johno Scott instead as he refers to the newer version of the console, whereas mine was only true for the older version.
I solved it. I needed to enter a WEB ORIGIN on the OAuth 2.0 Client ID screen. Specifically, it had to be the exact path/url of the index.html file, otherwise it defaults to the root domain which doesn't work.
This screenshot shows you exactly where it needs to be entered: