Help;
Trying to call Dynamics Marketing API from api management however the api has and end point that requires emApplicationtoken to be set as a query param which I don't want to expose and also the Origin header url as the api management url which again i don't want to expose to the public api.
I try to use set the following policy for all operations
<inbound>
<base />
<set-header name="Origin" exists-action="append">
<value>https://someurl</value>
</set-header>
<set-query-parameter name="emApplicationtoken" exists-action="append">
<value>somekeyvalue</value>
</set-query-parameter>
</inbound>
However looking at the trace it never applies. I then tried to use URL rewrite thinking that because the params dont exist then it cant override them or append so ill try adding the emAuthetication toaken by using the following policy
<inbound>
<base />
<rewrite-uri template="/EvtMgmt/api/v2.0/events/{readableEventId}?emApplicationtoken=sametoken=" copy-unmatched-params="true" />
-->
</inbound>
Again, the policy doesn't apply
Here is the api design screen. its a simple API
Screenshot of API setup:
Here is a link to the Event API i am calling in the background. I can get the function working in API management by setting the query params and header, but they are exposed to the public Api which I need to avoid (don't want people seeing the auth token).
https://learn.microsoft.com/en-us/dynamics365/marketing/developer/using-events-api
Hoping some one can tell me what Im doing wrong. Im quite new to API management, and i cant find any real help for this specific problem.
To note when I put the param and header in the policies do apply byt then muck up the url function by duplicating the param and header detail.
Thanks in advance.
Related
I am using Spatie's Media Library (Pro), and we have an SPA that requires all the calls from the front-end to use an auth token with some "context" information.
(Our front-end is Nuxt.js/Vue.js; we send the calls to a micros-service gateway, but that's not really part of the issue here, only explaining why we can't do the "normal" way )
When I use the MediaLibraryAttachment or MediaLibraryCollection, dragging a new file to the dropzone fires the /upload call...but I can't attach my own token to it.
There is a withCredentials prop on those components, but they seem to only generate cookies.
Googling for a couple of days gives me zero hits on this, which makes me think I'm completely misunderstanding something. Does it make sense to be trying to do this, and if so, how?
Alternatively, loading the image but stopping the upload from firing would work, since I prefer to submit my own. I can stop the upload, but then it doesn't pre-load the image
Try something like:
<media-library-attachment
name="avatar"
:headers="headers"
/>
const headers = {
Authorization: `Bearer ${JWT_Token}`
};
Throughout the documentation for the new App Bridge, Shopify refers to the shopOrigin value and how it's used to configure the Provider from app-bridge-react but they never specify how to get this value?
The react app is loaded inside of an iframe and the src includes the shopOrigin value as a query string param called shop, but when I try the following code I get the error window is not defined:
const params = queryString.parse(window.location.search);
const config = {
apiKey: process.env.SHOPIFY_API_KEY,
shopOrigin: params.shop,
};
1) Why would I be getting window is not defined in javascript code running in a browser?! This makes no sense to me
2) If this value can be read from of the provided libraries such as #shopufy/app-bridge-react please tell me how
Unless you're using a library tailored specifically to Shopify, you have to manually save the shop origin during OAuth authorization.
Hopefully this Shopify tutorial is of some assistance
The shopOrigin is available within your browser cookies.
If you followed the Shopify development for react and Node.js, you should already saved this after the Shopify authentification.
I am not sure what exactly is the need for shopOrigin, if you just wanted to go to admin section of the shop from client side you can use Redirect in app bridge. otherwise you can store the shop detail on server during auth process and create a get api to retrive the details on client side as needed.
Don't know why this is happening, but when click on show button, the server will receive a GET request of url /:id instead of /:id/show. The REST client is jsonServerRestClient. I use Resource component as the document describes. like:
<Resource list={MyList} edit={MyEdit} show={MyShow} />
If you look at the docs of jsonServerRestClient
https://marmelab.com/admin-on-rest/RestClients.html#json-server-rest
You will note that the GET_ONE rest type will generate /:id url to the server only. Show is not a rest type.
I'm using Laravel to build and api based admin control application and I'm using
Route:resource instead of regular GET and POST methods.
Just realized my hosting provider DOESN'T ALLOW PUT and DELETE now I need to so now I have to use POST and GET methods.
this is what i have
Route::resource('contacts', 'Admin\\ContactInfoController',['only' => ['create', 'store', 'update']]);
Route::get('claims/statuses', 'Admin\\ClaimsController#statusCodes');
Route::get('claims/costcenters', 'Admin\\ClaimsDetailsController#getCostCentres');
Route::get('claims/{id}/details', 'Admin\\ClaimsController#details');
Route::get('claims/{id}/messages', 'Admin\\ClaimsController#messages');
Route::resource('claims', 'Admin\\ClaimsController',['only' => ['index','store','update','destroy','edit']]);
Route::resource('claims/details', 'Admin\\ClaimsDetailsController',['only' => ['store','update','destroy']]);
What approach might be best in converting my routes from PUT and DELETE to POST and GET?
I don't think it's possible that your hosting provider doesn't allow to put or delete request. If you created API it could be the case but in other cases (you created normal page) you send forms using POST method with hidden field _method set to HTTP verb, so if only your provider supports POST method it will work without a problem. You can read Form method spoofing section about this.
Contact your hosting provided to allow put or delete request, it's part of web development and this is quite limiting.
I want to take use of the ajax login feature of the spring security plugin.
I am completely stuck getting a JSON success response from the loginController into my GWT client.
As I understood from the documentation I need to post my params to the url /j_spring_security_check and spring security is redirecting me to the right action.
If I look into my LoginController I see nothing of the actual login logic and its a bit magic for me where all the login/db stuff is done. Further spring security always redirects to action auth instead of using AjaxAuth even if I add the header "X-Requested-With" to post. If I do my post to the url /login/ajaxAuth I am getting a 401 which is OK because its written down in the controller(even if i dont know why we need to return a 401 here). Maybe I am doing something completely wrong :-)
My basic questions are:
Where can I find the login logic?
What parameter do I have to provide?
Which URL do I have to use?
What do I have to do if I dont want to use the username but instead and email field?
Thanks for all your help!
Looks like you're correctly implemented it, maybe there some small bug, like a typo.
Btw:
It's implemented at filter, that process your request before actual controllers. At your case it will be UsernamePasswordAuthenticationFilter (or RequestHolderAuthenticationFilter). Controller is used there only to render an additional data. As for ajax auth, it uses /login/ajaxSuccess, that renders a JSON response
By default it uses j_username & j_password. And you can use ajax=true parameter, instead of X-Request-With header
/j_spring_security_check by default
You can implement your own GrailsUserDetailsService (or extend GormUserDetailsService), and setup it as a spring bean, with name userDetailsService, at resources.xml
You can also turn on logging for Spring Security by:
log4j {
debug 'org.codehaus.groovy.grails.plugins.springsecurity',
'org.springframework.security'
}
maybe it will be helpful
I am using Grails 2.1.1 and ran into this same issue. Tried all the above things but still couldnt get my AJAX login to call the ajaxSuccess method.
However when it failed it was calling authFail?ajax=true.
After digging in more, here is what I did:
Added grails.plugins.springsecurity.successHandler.targetUrlParameter = 'ajaxUrl' in my Config.groovy
Added <input type="hidden" name="ajaxUrl" value="/login/ajaxSuccess" /> in my AJAX login form
Not sure why it fixed, but it seemed to work for me.
Just posting this solution for users who get stuck and come to this ticket for solution.