I stupidly deleted my Authenticator app on my mobile phone and now I am unable to login to my Heroku account. Is there any way round this?
I had the same issue.
If you have Multi-Factor Authentication, recovery codes can get you out of lock out.
If you do not have those, the only way is to reach out to Heroku Support. They'll ask some questions to verify your identity, and provide a single recovery code.
Refer to this link for more details.
Related
How do I associate a QR Code from my Heroku accounts with my android Authentication App being that I am locked out of my account (Catch 22).
It's been a while since I last logged into Heroku and now trying to sign-on,the process is asking for Verification Code from my Authentication App. However, I no longer have the association between the Heroku QR Code and my Authentication App. Everything I do to try in resolve (email support, make a admin request, get to admin settings/QR Code, etc.) requires that I log in first.
Heroku stopped allowing SMS and I didn't have recovery codes and I got a new phone so my authentication app got reset. Is there a way to access my Heroku Dashboard?
You can read their help article on what to do in this situation. If you have any cookies for heroku.com on your browser, you may need to open the link in an incognito tab (Don't ask me why, I am just the messenger).
I'm working on a SAML SSO integration for our app using Google / G Suite. Our customers configure our SAML app in their company's G Suite admin settings. The integration works correctly in most cases:
Suppose you're not signed into a Google account yet. You initiate the SSO process. You're prompted to sign into your company Google account, and SSO works correctly.
Suppose you're already signed into your company Google account and your personal Google account. You initiate the SSO process. You see an account chooser. If you choose your company Google account, SSO works correctly.
However, SSO fails in this case:
Suppose you are only signed into your personal Google account. Google does not display the account chooser. Instead, you immediately get a a 403 error: "Error: app_not_configured_for_user."
This has led to a very confusing experience for our users. It's pretty common that you're currently only signed into one google account that's not your company google account. Furthermore, the error page is opaque -- it's not clear to a user what they did wrong.
Is there any way to always show the account chooser? For example, are there any parameters we can add to the /o/saml2/idp url or the SAML AuthnRequest? (E.g. we tried setting ForceAuthn and adding a <saml:Subject> block in the AuthnRequest, but it seems Google's SAML does not support either.)
Or is there a way for our app to get a callback on error, so we can show a more meaningful error message?
(I contacted G Suite support, and they said to ask our question on Stack Overflow instead. Appreciate your help here!)
Instead of redirecting to directly from your app to the Google IDP, you need to redirect to
https://accounts.google.com/accountchooser?continue={theredirectURL}
See
Google SAML app_not_configured_for_user / equivalent of prompt=select_account SAML
if you using a passport-saml
There is a fork that fixes this behavior.
Set in configuration googleAuth: true and then during authorization there will be a redirect to the google account selection page
I had this same issue. When I then added the G suite account to my Android device under Settings > Accounts and retried the login flow, I was properly prompted with the Account Chooser. Not the solution I was really looking for, but it did change the outcome.
I had the exact same problem when working with Keeper Password Manager. I solved it by erasing everything from ~/Library/Application Support/Keeper Password Manager/Cookies
I suggest you look for a similar folder in your app and do the same
I setup a user role that has (currently) simply all resources.
I setup a user that has this role.
I authenticate with the user credentials (user and password, no store code) in zapier to create a connected magento2 account.
After some time my zap does not work anymore because the connected account cannot access my magento anymore.
I can just hit reconnect in zapier enter the same credentials as above and it works again.
But after some time it again does not work.
Looking at the magento documentation this is because custom and admin accounts expire after 1 or 4 hours.
Reading the documentation I would need an integration to have unlimited access.
But in zapier I cannot enter tokens or anything.
So I really wonder how I would set this up. If it is possible.
Or is just zapiers integration borked?
What is strange though is that this behavior began after upgrading to Magento version 2.1.11.
Other 2.1.x versions before did not have this problem.
David here, from the Zapier Platform team.
That's a known bug on our end. In the meantime, you can override this via Configuration > Services > OAuth > Access Token Expiration
I'm writing a web application that reads my personal calendar data, crunches stats, and then spits them out for the world to see. I don't need an authorization flow. Is it possible to leverage the Google APIs without going through a user sign-in flow? In other words, I want my personal Google account permanently and securely signed in to my server without the risk of my token invalidating or having to re-auth.
Right now I'm signing myself in with an offline token, then uploading the authorization file onto my server, basically spoofing the server that I already auth'd. Is there not a cleaner way?
I've spent hours reading through the API docs and Auth docs, but haven't found and answer. If there is a page I've missed, please point me to it!
PS. I'm using the Calendars API through Python/Flask on Heroku, but that shouldn't matter.
An alternative approach is using a service account while sharing your calendar with that service account. See https://developers.google.com/accounts/docs/OAuth2ServiceAccount
So, you want to be remembered.
If you want to dispose of any kind of authenticacion but yet the user needs to be recognized you should be using a cookie.
On the server side that cookie should be used to select the offline token.
Of course, without that cookie the user needs to be authenticated in any way. I would make them reauth by Google so you get a new offline token.
Hope that it helps.