I have a Spring Boot authentication server running on a EC2 on AWS us-east-2 region which generates Firebase custom authentication token for a Flutter mobile app.
Everything is working fine, except by the fact that Firebase token issuedAt variables are being generated 4 or 5 minutes ahead of Firebase default time. This makes the FirebaseAuth.signInWithCustomToken return an error with The custom token format is incorrect. Please check the documentation message.
I haven't found any option to set time in Java Firebase API and I can't change it's value after the token have been signed.
I've seen some other questions facing a similar problem, but I couldn't figure out a way to fix it.
Edit 1
On the server side, I generate the token this way:
return FirebaseAuth.getInstance().createCustomToken(authService.getEmail());
And it really is a valid token, because if await 4 or 5 minutes before using it, it works. Otherwise, if I try to use it immediately, it doesn't.
As #Frank van Puffelen suggested, I contacted Firebase Support and they told me to try to generate Firebase Token manually. So I did that, set issuedAt attribute to 10 minutes before and it worked properly.
Related
I am trying with Amplify and trying to create my first react application, to just fetch simple Ride model.
I am always getting 401 unauthorised error on localhost and after hosting to S3.
errorType: "UnauthorizedException"
message: "You are not authorized to make this call."
#SlackGadget's solution was essentially correct.
The default expiration time of the AppSync API key is 7 day, meaning if you do not set this in your initial congif of your Amplify build or use a different type of authentication, then your API will expire after 7 days. If you deploy within this timeframe then a new key is generated, but there is no real warning without checking AppSync.
To check follow these steps:
Go to AWS AppSync
Click on the app in question
Click Settings in the side nav
Check the key against what appears in your aws-exports.js file, if it has expired this will be the issue.
Solution:
To initially fix it, re-deploy you app from the Amplify console to get it up and running an prevent the 401 error
Then update the API locally, go to your <project-root>/amplify/backend/api/<api-name>/parameters.json file and add a APIKeyExpirationEpoch key. This take an expiration time in seconds of the key. You can then deploy this and the new key will have a new expiration date.
You can also update the expiration key in the AppSync setting
Here are the docs for overwriting the Amplify parameters: https://docs.amplify.aws/cli-legacy/graphql-transformer/resolvers/#custom-resolvers
I'm trying to host a discord bot on Heroku.
When it starts I get this error:
"UnhandledPromiseRejectionWarning: Error [TOKEN_INVALID]: An invalid token was provided".
But here is the weird part. It worked fine when I tested it first in Visual Studio Code. So in the process of me getting the files into Heroku, it got invalid.
Does anyone have a clue of how I can fix this?
Thx for any replies in advance.
Deploying app on heroku you have to change you client.login(token) to client.login(process.env.token) and add token to
as token - key and value - token copied from discord developers portal, remember (important note!) letters has to be the same, I mean, if you use capitals in process.env.TOKEN, the config var has to be now TOKEN.
I run into a similar problem, i encrypted the token so that i could store the encrypted token on heroku and decrypt it in the js to pass the actual token to the login method.
The weird part is, if i write the token directly as string into the js file or i use heroku and store it directly there, then it works. But if i store the encrypted token in heroku and decrypt it (and yes it is correctly decrypted) and give the decrypted token to the login method then it does not work.
I dunno if heroku make some weird stuff or discord.js doesnt support something i dont know...
So, what definitly works is:
You insert the token (client secret) on herokus config vars (settings from your dyno), then you use process.env.BOT_TOKEN and pass it to your Discord.Client().login().
I assume in your case its bot.login(process.env.BOT_TOKEN).
So for me it looks like the value i store in heruko and the value i send to discord must be the same...
You should enter a valid Discord bot token. You can obtain it by going to the Discord Developer Portal, then "Applications", select your bot, then go to "Bot" and click "Copy" under the token (it says click here to reveal).
I also encountered this situation.
I discovered that when using dotenv to read data from a .env file (Run on my computer), the names are not case sensitive. (could be wrong)
For example, TOKEN will be able to be treated as token, meaning when process.env.token can be returned with the value of TOKEN in the .env
file
But when I run on Heroku, what I just said will be gone (process.env.token will not return the value of TOKEN, but the token). Try double-checking that the name matches and correct it.
Like you've said, you logged into your bot with bot.login('TOKEN', () => { console.log; }
but bot.login doesn't support callback functions.
What I mean by this is, instead of the code before, you change it to bot.login('TOKEN').
i'm using Larave 5.4 passport to create SPA application. However, i was able to make authentication work. but access token are always short-lived tokens with 600s expiration time.
i could not increase expiration time with:
Passport::tokensExpireIn(Carbon::now()->addDays(15));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(30));
it have no effect at all.
any help? thanks in advance.
Personal access tokens are always long-lived. Their lifetime is not modified when using the tokensExpireIn or refreshTokensExpireIn methods - as explained in Laravel's official documentation (https://laravel.com/docs/5.7/passport#personal-access-tokens).
The option of editing PassportServiceProvider.php in the vendor directory is a bad idea. Every time, you make an update (e.g composer update/install) or by another developer in production, code will be reverted to status quo, and it would start failing.
A better approach is to use Password Grant Tokens. The OAuth2 password grant allows your other first-party clients, such as a mobile application, to obtain an access token using an e-mail address / username and password. This allows you to issue access tokens securely to your first-party clients without requiring your users to go through the entire OAuth2 authorization code redirect flow. Be sure that you have duly installed passport (See Guide: https://laravel.com/docs/5.7/passport#installation), then run this command
php artisan passport:client --password
Having done this, you can request an access token by issuing a POST request to /oauth/token. Remember, this route is already registered by the Passport::routes method so there is no need to define it manually. If the request is successful, you will receive an access_token and refresh_token in the JSON response from the server. See payload sample below:
{
"grant_type" : "password",
"client_id":"your-client-id",
"client_secret":"your-client-secret",
"username":"twady77#gmail.com",
"password":"123456",
"scope":""
}
Sample response:
{
"token_type":"Bearer",
"expires_in":1296000,
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjVkMWJjN2NhOTU0ZWU2YTZmOGNkMGEyOTFjOTI5YzU4Zjk3ODk3M2YxZDJmNjQ2NjkyZjhjODQyZjYxNTBjZGRiYzMwY2RjMzRmZjJhYmU1In0.eyJhdWQiOiI4IiwianRpIjoiNWQxYmM3Y2E5NTRlZTZhNmY4Y2QwYTI5MWM5MjljNThmOTc4OTczZjFkMmY2NDY2OTJmOGM4NDJmNjE1MGNkZGJjMzBjZGMzNGZmMmFiZTUiLCJpYXQiOjE1NDkyOTI5MjcsIm5iZiI6MTU0OTI5MjkyNywiZXhwIjoxNTUwNTg4OTI3LCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.cSvu30xAT-boA5zmVuxTr0TfH_5MYuVWYi6NVQRbryZSswt8EAFTi5QXHH1f0O63DWnLA6VFBS2AfDe4-ryJZACDnt4gtPJOeuu1rNMZ53MU1vjxnyC8FsYz8v9vmYJsZPKqfTJpuJFYRFh7kkV7uWAmrEkuF3POnDn-GjW50f4i26lIZW5ta5j4nZQrIJCQUEzwXaQtn9H-qef3bTWAaplWaV-k7Blic-0TXXVfWa_CdoKCAzHROVBRWY1Idhe1LJkvGKldUGzUfliiB1x7EVVInq94VYEP5d9__90Z2UMUn5dCEgWkXvcEHYy87_4OSwu4TQk_f3hD82OVOEtJGgPyJqK51WqnQCBYwNtxNjqAW2oaMgpritp3G8nccUiyhkE4Pd_kj3cb2OvSNRXdDS9z-RnJb1OXUkja-4Xe_JfIWUjlTnkss18xMg89hcU_3xtBwUXBWHgffzcbNoI1oOwUL6Whekduiy8csf665v0cnzkPXISmvyGhiMseIlBEN9m9uESaJqD_g7WzbsEs7meI0CAF3230UgrI1MdYSAJMW0mMPF9EScH31a_Qpde5O233Ty6-S4NAp323Wneqs_jpGSfw81CvoI1JeY0hZccRC-MBBsQ2Ox7AM36H5L3p-ybricmT3oCcHEqhufq-ygyfqk1RufJwwRblwYPyaJE",
"refresh_token":"def50200c6b2378110190ac28d9d55f622885bb0b470a20543a6f1eefb18ed93c57b7040dc4db9444aa8853209bde9d5443a407d43fcaf1deb2e1f3f5ea3ce7431c4ec5e111bdc0cc71ca76034cd2a884441c51e4c922dddfa3f6e3a3fa8e1fbb8efe4581ce70d76590e732b3fa8b0c41a8abff4a8759f9dd1cc3ae46134fb67a8f25cd79e3229f6ee3238701ebfe0e8b0e2f14bd13c7fde3f813708a3de9928c8e992850994ca97bf61984cdb846bd0d72916312d9985472fc4293a3b3f2c55e1ef19621ef009623a6780f800ece9c8d835871dc795fda5daa43ac3fdae467e66b46e4eb73d53b8cb821522ee60979711c28c54fb2085f6000ac7e96e019ce51b9f92ea3fa2028aa0238fc3dca9c900e8dd77907782b22482f95a5e55708e5bda8c28f3732ff55e361f08447b33fe05d5646cecfb9faed462d327efdcc2a3742f46f9f825275d296b4ced25c05f3b6add68f43a2b448e4523d5410c631dc45bba"
}
Try to use this library: https://github.com/GeneaLabs/laravel-caffeine , and you can look laravel session config options
tokenExpireIn() instead of refreshTokensExpireIn() use then solve tokenExpireIn problem.
for passport grant token
Passport::tokensExpireIn(Carbon::now()->addDays(10));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(15));
This is only adding 10 minutes of expiry time. Don't know how and why, but instead changing internal codes. I Changed
Passport::tokensExpireIn(Carbon::now()->addDays(10000));
Passport::refreshTokensExpireIn(Carbon::now()->addDays(12000));
Now it's adding 7 days of expiry time. Seems like addDays function adding 10000 minutes.
I have the same issue before for my application, I spent two days try to find what is the problem, The best solution that I came up with is to change the expire date directly in the PassportServiceProvider
Go to vendor/laravel/passport/src/PassportServiceProvider.php line 108
new PersonalAccessGrant, new DateInterval('P1Y')
for example to set the expire date to one week
new PersonalAccessGrant, new DateInterval('P1W')
I know this is a bad solution for fixing the issue, recently I have found the same issue on Laravel Git repo
https://github.com/laravel/passport/issues/47
I'm new to the Facebook Marketing API and I'm trying to run the example custom_audience_utils.py script only to have it return an error message displaying "Invalid appsecret_proof provided in the API argument". I turned off appsecret_proof in my app. What am I don't wrong?
I was getting the same error. It turned out that I was using the wrong access token. You might want to check that.
I had generated the access token using the Graph API Explorer. By default the Graph API explorer generates a token for itself (see the application selection pull down on the top right of the page). I was using the app id for my own app (and hence the token was incorrect).
Once I generated a new token for my own app - and used it in the code - the appsecret_proof error went away.
Hope this helps.
I was able to successfully log in using Google Classroom and pull the course data during the trial. This was on my local machine. Now I have moved to my test server. I can still log in via google but can no longer pull the course data. I have already updated my client_secret file (updated the appropriate endpoints) but i get the following error after calling classroom.courses.list
Error: No access or refresh token is set.
Would appreciate anyone's help. I do have Google Classroom API as one of my APIs. Not sure if it's because i'm now on a domain instead of my localhost.
Sadly, I was doing a 2 part registration. The first past, I was setting the token. When the page was submitted again with new details from the user, when I was making the call to google, I hadn't set the token.