I am using B2C Commerce Einstein API https://developer.salesforce.com/docs/commerce/einstein-api/overview for salesforce commerce cloud
And I want to retrieve products recently viewed for logged in user.
URL: https://api.cquotient.com/v3/personalization/recs/{{einstein_id}}/recently-viewed
with body
{
"userId": "abcxxxxx"
}
The userId above is what i obtained when user logged int
but the result if empty
{
"recs": [],
"recoUUID": "61288d10-5346-42b8-ad1c-c0dd8f38fde2"
}
So what is the meaning of userId and how do I get that
userId
string
Application-provided unique identifier for logged in users (hashed).
Related
I m trying to create a Spring Boot application that a user can select type of role on registration e.g patient/doctor
The roles are created automatically in the database on application start
I m using Postman to make registration request but when I pass the role it is duplicated in the database
Any advice would be much appreciated!
Here is the method i use to create a user
public User createUser (RegistrationRequest registrationRequest) {
User user = new User();
user.setFirstname(registrationRequest.getFirstname());
user.setLastname(registrationRequest.getLastname());
user.setEmail(registrationRequest.getEmail());
user.setUsername(registrationRequest.getUsername());
user.setPhone(registrationRequest.getPhone());
user.setAddress(registrationRequest.getAddress());
user.setPassword(passwordEncoder.encode(registrationRequest.getPassword()));
user.setCreatedAt(Instant.from(Instant.now()));
user.setIsEnabled(false);
user.setRoles(registrationRequest.getRoles());
return user;
and here is the json request
{
"firstname":"Mary",
"lastname":"K",
"email":"example#gmail.com",
"username":"rain",
"password":"123",
"phone":"2848392",
"address":
{
"city": "Burdwan",
"region": "Paschimbanga",
"street": "gwg",
"zipcode": "713102"
},
"roles":[
{
"name":"DOCTOR_ROLE"
} ]
}
Given the following AWS Amplify GraphQL Schema (schema.graphql):
type Organization
#model
#auth(rules: [
{ allow: groups, groups: ["Full-Access-Admin"], mutations: [create, update, delete], queries: [list, get] },
{ allow: owner },
{ allow: groups, groupsField: "orgAdminsCognitoGroup", mutations: null, queries: [list, get] }
]) {
id: ID!
name: String!
address: String!
industry: [String]!
owner: String
orgAdminsCognitoGroup: String
}
I can filter out all organizations except the ones that belong to the current authenticated user via the following:
res = await API.graphql(graphqlOperation(listOrganizations, {
// todo: filter by owner OR by is org admin
filter: {
owner: {
eq: this.props.currentUser.username
}
}
}));
but is there anyway to also filter by the orgAdminsCognitGroup which is a dynamic group in Cognito belonging to the organization? I have not found any success trying to use an additional #model to help with the #auth rules to protect each entity.
So, the question is wanting to filter groups that the user is either the owner of, or in the 'orgAdminsCognitoGroup'?
I think it's possible, though I don't think the best way is what you had in mind. Instead, I might recommend you set up a response mapping template that does some server side filtering for you.
Specifically, you would first get the groups from the current user's auth token:
#set($claimPermissions = $ctx.identity.claims.get("cognito:groups"))
Then you could iterate over every organization in the results. If any have an owner that is the current user, add them to a response list. If they aren't, continue to check the orgAdminsCognitoGroup. You'd do that by checking whether or not $claimPermissions contains the group that the orgAdmin is set to for that organization. If it is contained, add it to the response list. If not, ignore it and continue iterating.
It would be possible, theoretically, to do this client side with the token the user has signed in with. Much in the same way the response mapping template did it, the groups the user is in are inside the token. If you crack it open and pull out the groups, you could apply the filtering there. I would recommend not doing this for security reasons, though it is possible.
How do I fetch the list of MS Teams users in an organization? And store and then broadcast a notification to them.
I see this snippet but it fetches the list of members in a conversation only
bot.dialog('FetchMemberList', function (session) {
var conversationId = session.message.address.conversation.id;
connector.fetchMembers(session.message.address.serviceUrl, conversationId, function (err, result) {
if (err) {
session.endDialog('There is some error');
}
else {
session.endDialog('%s', JSON.stringify(result));
}
});
});
Currently there is no option to fetch user's unique Id without installing the bot. You need the user’s unique ID and tenant ID to send a proactive message.
Bot can only send proactive message to users who has installed your bot. When user installs your app, you could save user details which can be used later to send messages.
You can fetch the list of the users using the Teams roster REST API.
https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/bots/bots-context#fetching-the-team-roster
Your bot can query for the list of team members and their basic profiles, which includes Teams user IDs and Azure Active Directory (Azure AD) information such as name and objectId. You can use this information to correlate user identities; for example, to check whether a user logged into a tab through Azure AD credentials is a member of the team.
You can directly issue a GET request on /conversations/{teamId}/members/, using the value of serviceUrl as the endpoint.
Currently, the only source for teamId is a message from the team context—either a message from a user or the message that your bot receives when it is added to a team (see Bot or user added to a team).
Response would follow the format:
[{
"id": "29:1GcS4EyB_oSI8A88XmWBN7NJFyMqe3QGnJdgLfFGkJnVelzRGos0bPbpsfJjcbAD22bmKc4GMbrY2g4JDrrA8vM06X1-cHHle4zOE6U4ttcc",
"objectId": "9d3e08f9-a7ae-43aa-a4d3-de3f319a8a9c",
"givenName": "Larry",
"surname": "Brown",
"email": "Larry.Brown#fabrikam.com",
"userPrincipalName": "labrown#fabrikam.com"
},
...
]
So I have set up a google service account for one of my apps. My intention is to keep a google calendar associated with the admin portal that all of the admins can post events to. I have got the JWT auth working I can post events to the calendar and perform other API actions. However, for some reason I cannot change the access control rules on the primary calendar. It is initialized with a single acl rule (role: owner, scope: {type: user, value: service_account_id}), and when I try to add public read access (role: reader, scope: {type: default}) like so:
POST https://www.googleapis.com/calendar/v3/calendars/primary/acl
Authorization: Bearer my_jwt_here
{
"role":"reader",
"scope":{
"type":"default"
}
}
I get the following error:
{
"error": {
"errors": [
{
"domain": "calendar",
"reason": "cannotRemoveLastCalendarOwnerFromAcl",
"message": "Cannot remove the last owner of a calendar from the access control list."
}
],
"code": 403,
"message": "Cannot remove the last owner of a calendar from the access control list."
}
}
This doesn't make any sense to me because this request shouldn't be trying to remove any access control rules. When I create a secondary calendar and do this I have no issues. When I do this with the primary calendar of my personal google account I have no issues. Is this some behavior specific to service accounts that I am not familiar with or what? I could settle for using a non-primary calendar but it bothers me that this isn't working. Any advice is appreciated.
so I found a weird work around for this issue and im posting here because I could not find SQUAT to help resolve this so hopefully this saves others some hassle.
I will also post some common problems I found when creating a organization-wide calendar (whether this is your use case or not I believe these tips will be helpful) - Jump to the bottom of the solution to this particular error.
First I needed to set up authentication with google calendar:
const { google } = require("googleapis");
const calendar = google.calendar("v3");
const scopes = [
"https://www.googleapis.com/auth/admin.directory.resource.calendar",
"https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/admin.directory.user",
];
const path = require("path");
const key = require(path.join(__dirname, "google-cal-api.json"));
I created a service account and then allowed it domain wide delegation with the above listed scopes; then downloaded the key. Now if you want to do actions like create calendar events FOR users within this domain what you have to do is generate a JWT token that 'impersonates' the user whos calendar you wish to interact with; like so
const generateInpersonationKey = (email) => {
var jwtClient = new google.auth.JWT(
key.client_email,
null,
key.private_key,
scopes,
email
);
return jwtClient;
};
To set up a JWT client for the service account itself (and so you can create a calendar people can subscribe to; in our case it was a google calendar to show whos on leave within the workplace; so a calendar that has ALL that people can subscribe and toggle on/off was ideal) you just replace the email with 'null' and it defaults to itself, instead of 'impersonating' someone within the domain wide org.
Creating events are simple, follow the google cal api docs, depending on the auth token will depend on where the calendar is generated
JUMP HERE FOR THE IMMEDIATE SOLUTION TO THE ABOVE
For resolving the issue you pointed out; What I did was set my personal accounts email as an owner of this service accounts calendar with the following NodeJS code:
var request = await calendar.acl.insert({
auth,
calendarId: "primary",
resource: {
role: "owner",
scope: {
type: "user",
value: "callum#orgdomain.com",
},
},
});
I set myself as an owner, then I went to Google Calendar API > Patch (Try Me) filled in the calendarId as the service account with the calendar im trying to restrict; and then rule ID would be the gsuite domain domain:orgdomain.com The body should be
{
"role": "reader",
"scope": {
"type": "domain",
"value": "orgdomain.com"
}
}
And thats how I was able to restrict people within our gsuite domain from deleting or editing custom calendar events. This solution is coming from the perspective of someone who originally inserted the domain ACL as
var request = await calendar.acl.insert({
auth,
calendarId: "primary",
resource: {
role: "owner",
scope: { type: "domain", value: "orgdomain.com" },
},
});
Because adding it as a 'reader' like this messes with the service account ownership and wont allow anything but owner
Hope this has been helpful
Callum
I followed :
http://developers.google.com/+/api/oauth
and :
http://developers.google.com/+/api/latest/people/get#examples
After I acquired the access token I didn't understand how to get the user's ID? How do I use it to get the user's data?
With the access token, you can make a people.get request with the userId me:
GET https://www.googleapis.com/plus/v1/people/me?access_token=1234567890
↑
The returned person resource has an Id property that contains the userId of the user:
{
"kind": "plus#person",
"id": "108189587050871927619",
... ↑
}