i have react native app it works with RVM machines to recycle plastic bottles or something you know. in exchange for that app gives some erc20 tokens (CRB my own) that I have to send to the user's wallet address. So I want to connect my app to wallets like Metamask, Maiar, Ledger.
can anyone guide me how do I do that which library should I use
You can take a look on Moralis, at the moment we don't have a lot of choice
https://github.com/ethereum-boilerplate/ethereum-react-native-boilerplate
Related
I am making my own personal financial application with React and Django. I am trying to connect to my chase account with the "development" plaid environment. When I try to add my Chase account it shows
"You may need to update your app in order to connect to Chase".
Any idea on how I can connect my app to my Chase account with "development" access?
I launch Link to create an access token to my chase account, but Plaid is showing that I may need to update the app in order to connect to Chase.
Chase requires an OAuth connection to work with Plaid. If you’re getting this error you haven’t completed all the requirements for using OAuth with Chase, such as getting Production access approval and filling out the questionnaire. (Or, if you have completed all the requirements, you haven’t been enabled for Chase OAuth yet — it takes a week or two.) You can find more details in the OAuth docs at https://plaid.com/docs/link/oauth/
Question
If InstalledAppFlow requires client secret json file to perform oauth2 authorization, how actual real-life applications using Google API are distributed?
Is client secret json file should be considered as part of application and included as constant?
Context
Currently I am learning how to use oauth2 to authorize google APIs access with python module google_auth_oauthlib.
And I found that Oauth2 authorization process itself require client secret files for InstalledAppFlow authorization method, but I never seen an application that asks for authorization asking for client secret.
After countless searches all I could find about it was this, from google identity docs.
The process results in a client ID and, in some cases, a client secret, which you embed in the source code of your application. (In this context, the client secret is obviously not treated as a secret.)
And from google cloud docs
Save the credentials file to client_secrets.json. This file must be distributed with your app.
Is this explaining that I should embed(include) client secret as constant in the code itself?
The issue with the client id and client secrete is that they need to be kept secure. Googles TOS requires that developers keep their client id and secrete secure
Asking developers to make reasonable efforts to keep their private keys private and not embed them in open source projects.
This can cause issues with for example open source applications. Can I really not ship open source with Client ID?
I have had a few conversations with the Oauth2 team at google over the years. Installed applications those that are compiled anyway can compile the client id and client secrete internally however that would not stop anyone from decompiling the application and retrieving the client id and client secret.
I was told that they are aware of that issue and that there is really no way around it.
I have seen other option where the client id and client secret would be sored on the server and then the installed application would request them from a web api. This is another option but you are sending them across HTTPS it should be considered secure even if you double encrypt them.
The fact of the matter is there really is no way around it. The main thing is that you should not release an application with for example a settings file where the client id and client secrete appear in clear text that would IMO be to great a risk you would need to compile it into your application or at the very least encrypt it some how.
You wont stop someone who really wants to get it from getting it but you will stop most people.
Why installed apps are the issue.
There are serval types of applications. Mobile, web, installed.
With mobile and web there are ways of configuring the client so that you can ensure that they only work form your server. With Web you have a redirect uri, with mobile there is the actual mobile api id.
With installed applications this is not possible because they mostly run on localhost. There is no way for you to know where the app is running so they are left open. So if anyone got ahold of your client id and client secret then they could use it for their app. Users would have no way of knowing it wasn't your official app and neither would google.
As you have a python script why not consider instructing your users in creating their own client id and client secret then they will be independent.
I am working on some projects with Hyperledger Fabric, currently using the IBM VS Code Extension. The chaincode is written in Go, as is the client application which provides a RESTful API, using the Go Fabric SDK. However, I am having trouble connecting the client application to the chaincode. Most of the tutorials and examples I have seen use Node.js as the client and it seems the Node SDK needs less configuration.
As far as I understand it, the steps should be similar to the following but more detailed information seems to be a little bit lacking when it comes to the Golang Fabric SDK.
The client application needs the following information to be able to communicate with the blockchain network:
The enroll ID and secret of the application identity (used to generate a cert and private key), or the certificate and private key directly
The connection profile
The smart contract name
The name of the channel the smart contract was instantiated on
Use the certificate and private key of the application identity, along with CA endpoint information inside your connection profile
In the VSCode plugin
Register an 'application' identity in the 'Fabric Wallets' section
Export the connection profile from the 'Fabric Gateway' section
Export the application identity's wallet
Update code to point to the exported connection profile
Update code to point to the exported wallet
As far as I can tell, the connection profile and other steps needed to connect the SDK to the VS Code Network should be pretty 'standard' so I wonder if someone knows of a working example?
Thanks for the collective help!
Unfortunately you are going to struggle with this at the moment. Wallets are not compatible with the Go SDK currently. Also the Go SDK doesn't quite conform (or at least it didn't the last time I tried it) to the connection profile specification so the connection profile from the VS Code extension won't work without some minor modification and didn't work with a CA not using TLS (IIRC I patched the Go SDK to make it work).
There is work underway to bring the Gateway/Wallet programming model to the Go SDK which will then make working with the VS Code extension a lot easier, but I don't know when a version of the Go SDK with a working implementation will be available.
Question: How can I securely include the SSL cert required for push notifications in the installer for my server product?
Background: Apple Push Notifications require a client SSL cert to be in place on the server that's making the calls to Apple.
My product has a traditional client/server architecture, i.e. a customer installs the server within their intranet and then obtains the iOS client from the App Store and connects the client to their instance of the server.
The point here is that the customer installs the server themselves, rather than a cloud architecture where I would manage the server myself.
My problem is that I don't know how to package the push notification certificate in the server installer in a secure way. I can't distribute the .p12 file without a password because that would expose my private key, and I can't use a password because the password would have to be included somewhere else in the installer which would defeat the purpose. Do I need to relay messages from all of my customers through a server that I manage, which has the SSL client cert? Do I need to install the SSL cert by hand into every one of my customers' sites?
Surely others must have run into this problem already? Or has everyone moved to the cloud?
Here is a major observation that happened to me over the weekend regarding Apple Push certificates. While there many references out there to setting up the Apple Push server side certificates, here is a MAJOR point I discovered that I cannot find referenced in any Apple documentation, or via google.
My situation: I have Push Certificates (sandbox) working great on Windows Server. Now it is time for production. Installation of production certs is successful like many times before. However, while the production push transmission completes error free, no pushes are generated to the device. Hmmm.
I just HAPPEN to notice that my Mac's time is roughly a minute off from the Windows Server (command-tabbing between MacOS and VM-Ware). Looking at Windows and Mac Settings, I see Windows internet time is set for "time.windows.com", and the mac for "time.apple.com". Just for kicks, I change the windows server time to "time.apple.com". Instantly, pushes are now being sent to the device. Nice. :-)
I dodged a major bullet here, this would have probably driven me insane trying to figure this one out. I do not claim to be an SSL cert guru... I (like most every one) just want to get this stuff to work because we have bigger fishes to fry.
I hope this is useful information.
I know only the solutions to install certificates for push notifications :
.p12, the password is in the code of the sending
.cer (.p12+private key) the password is requested at the importing of the certificate.
In the first case, you can deploy your solution, and download some code, for example xml with the password.
I have to set up push cloud notification server. I decided to use: http://pypi.python.org/pypi/pyapns/
The question that i have is how to test the server if i don't have an app which will be connected to the server? Is there any sample apps or services that would display the push notification? I just want to send payload using some sort of script and see if sending is successful or not. How people debug such things? Aren't there any kind of virtual env for such tasks?
I do have certificates and ID's of the app, but not the app it self, since the other people are making it. I do not use MAC, or have iOS device. I did read docs from apple.
So eventually i got the right .pem certificate and token of phone with the app-under-dev, phone had to registered as testing one for that app. I just pushed messages and waited for answer unit i got it. Apple do not provide any "easy to use" testing grounds, logs or messages for debugging. Best you can do is to separate pushing service and getting token as much as possible and when you got your hands on app do the raw testing.