I'm following the Auth0 application setup instructions for Cypress testing, as detailed here.
I'm stuck on this step
Next, click your Tenant icon (upper right avatar menu) to go to your Tenant Settings. On the General tab go to the API Authorization Settings.
Set "Default Audience" to the Audience URL for the Application you are testing (e.g. https://your-api-id.auth0.com/api/v2/)
What do I put for your-api-id (I'm not very familiar with Auth0 terminology).
This is the URL that the Cypress test will use to call Auth0.
I find a good default is the Domain under the Application settings
Navigate to the Applications menu
Choose the application you are about to test
Go to Setting sub-menu
Copy the Domain setting from there
Example:
Domain: <my-domain>.us.auth0.com
Tenant Default Audience: https://<my-domain>.us.auth0.com/api/v2/
where <my-domain> is the domain assigned during application setup.
Related
As per the Microsoft documentation, it is expecting us to use implicit flow for Single Sign On between Bot and Single Page Application. At the same time, Microsoft recommends us to move to auth code flow. Our client's Azure AD team is not allowing Implicit flow anymore. Can auth code flow work for SSO between SPA and Azure Bot?
Bot framework using implicit flow
https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots
Implicit flow
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
Create a bot application.
Go to ADD – App registration (https://go.microsoft.com/fwlink/?linkid=2083908)
Register one application
Go to Expose an API
Get the Application ID (Client ID)
Go to Expose an API
Paste the App ID and click on Save and Continue
Go to Client application and Click on Add a Client application
Go to Authentication and Click on Add a Platform
Click on Single page application.
Give the application redirection URI details.
Click on Configuration in Bot settings
Under configuration. Click on Add OAuth connection. Fill the required details.
I am using custom authentication for one app, and now all apps which I create I need to switch to that custom schema to be able to login.
How to solve that?
Well, I have a workspace and - in the same workspace - there are 11 different applications. Some of them user my "custom" authentication scheme, while others use Apex Authentication. I never had to switch all applications to either of them (i.e. the custom scheme, as you're saying).
So:
while in App. Builder
choose any application
navigate to Shared Components
go to Authentication Schemes
select authentication scheme (from the list)
I presume that would be "Application Express Authentication"; currently, it is "Custom scheme" (or whatever its name is)
click Make current scheme to switch to chosen scheme
I have never used OKTA before. I have setup an APP in OKTA to test SAML authentication. Created users in Directory. My client web application is able to login using OKTA authentication with SAML 2. However, my client web application is also expecting email in SAML2 response. How do i include email in Response from OKTA?. Currently in SAML 2 response i only see saml2:NameID
Steps i followed
1>Login to OKTA dashboard as admin
2>Goto Directory -> Profile Editor -> Select My App -> profile
2>Add new Attribute as below
3> after saving attribute, click on Mappings
4> Select Okta User to My App tab and set the mapping as below
ISSUE
After successful authentication, the response SAML 2 from OKTA does not include email attribute. The only attribute i see is NameID
When you create a new SAML integration, or modify an existing one, you can define custom attribute statements. These statements are inserted into the SAML assertions shared with your app.
In the Admin Console, go to Directory > Profile Editor, and find the
integration you just created. Click Profile.
In the Attributes screen that opens, click Add Attribute.
Add a new attribute and click Save
In the Admin Console, go to Applications > Application and click the
app name.
In the screen that opens, click the General tab. Then click Edit in
the SAML Settings section.
In the screen that opens, click Next.
In the Attribute Statements (Optional) section, type in the name of
the attribute you just created in step 3. This value does not
populate the drop-down box automatically. For the Value, type
"appuser", a period, and the attribute name. For example, if your
attribute is named NewRole, the Value is appuser.NewRole.
When done, click Next.
On the Applications page, click the integration name, then click the
Assignments tab. Click Assign, and select Assign to Groups. In the
window, click Assign to the right of the group. You can verify these
assignments with a SAML tracer.
More details here:
https://support.okta.com/help/s/article/How-to-define-and-configure-a-custom-SAML-attribute-statement?language=en_US
I'm trying to change the system proxy settings with authentication. The system proxy can be changed successfully, but when my App relaunched, the auhorizating dialog(requiring username and password) always pop up.
How can I authorize once and for all?
I have a demo App with source codes on GitHub: https://github.com/codinn/SystemProxySettingsDemo
details:
Demo App description
A demo for changing system proxy settings.
Problem
After click “Enable System Proxy”, a dialog for requesting auhorization will be popped up, and subsequent clicks won't popup again, which is fine.
But if we Quit and Relaunch the app, the auhorizating dialog will be popped up again.
How can we authorize once and for all?
Steps to Reproduce
Launch demo app “SystemProxySettingsDemo”
Click “Enable System Proxy” button, the auhorizating dialog will be popped up
The SOCKS proxy setting in system network preferences will be changed to host: 127.0.0.1, port: 8888
Click “Disable System Proxy” button to clear system network preferences proxy
Quit the app, and launch it again
Click “Enable System Proxy” button, the auhorizating dialog will be popped up, again
References
GitHub repository: https://github.com/codinn/SystemProxySettingsDemo
Apple official sample: https://developer.apple.com/library/content/samplecode/EvenBetterAuthorizationSample/Introduction/Intro.html
File “ViewController.swift”: Creating an authorization reference, Requesting Authorization, System Network Preferences Proxy settings.
Function define:
// requesting authorization with “AuthorizationCopyRights”
// set system network preferences proxy with “SCPreferencesCreateWithAuthorization” and “SCPreferencesPathSetValue”
func socksProxySet(enabled: Bool)`
4. File “CommonAuthorization.swift”: set / get authorization policy database entries
5. File “codinnDemoRightRemove.sh”: clear policy database entries belongs to demo app
Other Notes:
I've tried storing the Authorization Rights to the policy database with “AuthorizationRightSet” (setting policy database rule attribute “timeout” as 0, or 3600, or remove the attribute “timeout”), but it does not work
Also tried using "kAuthorizationRuleClassAllow" or "kAuthorizationRuleAuthenticateAsAdmin" as value for parameter "rightDefinition" of function "AuthorizationRightSet", but it does not work either
The best way to maintain a persistent authorisation to change these settings is to create a launchd daemon that runs as root. Such a daemon can change System Configuration preferences at any time without further authorisation.
Apple sample referrnce: EvenBetterAuthorizationSample
I'm developing a google apps marketplace app. There's the Test install flow button on the dashboard, but I'd like to test installation on another domain of ours - to see that permissions, token etc. work as expected. Is there a way to install an (it's non published yet) on a domain which is not related to development?
Found a solution, this was surprisingly straightforward, but it worked for me:
Open two browser windows, one for your dev account (dev.com) and one for the domain you wish to test on (test.com)
In you dev account, go to the dashboard and click the Test installation flow button
In the popup that you get, go to the address bar and copy the link
Now go to the browser with your test.com domain, and enter this address
You'll be asked to login, and then you'll get the consent screen
You should now see the app in your test.com`s marketplace apps list
You can do this by creating a new application in the chrome web store.
Make sure that you create this application in the web store with an account that belongs to the given domain. Next, restrict access to your domain.
Finally, you can install the application on the domain.