Android Management API Enrollment "Invalid Token": How to debug? - android-management-api

I'm trying to enroll a new device using the quickstart colab guide. I have successfully create an enterprise, a policy and an enrollment token. I can also successfully query those using the Android Management API.
However, enrollment is not working. Whenever I am scanning the associated QR code with a device, I get an "invalid code" (invalid code; the code you have provided isn't valid) message with the option to try again or to reset the device.
How can I debug this? Is there a way to find out more about why it is failing?

The token may have expired. You can actually set the duration of the token by setting the duration field.
https://developers.google.com/android/management/reference/rest/v1/enterprises.enrollmentTokens#EnrollmentToken
Sample:
enrollment_token = androidmanagement.enterprises().enrollmentTokens().create(
parent=enterprise_name,
body={"policyName": policy_name,"duration":"864000s"}
).execute()
Also, you can scan the QR code to check its contents.
It should match the content below, with your token value filled in:
{
"android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"com.google.android.apps.work.clouddpc/.receivers.CloudDeviceAdminReceiver",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"I5YvS0O5hXY46mb01BlRjq4oJJGs2kuUcHvVkAPEXlg",
"android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"https://play.google.com/managed/downloadManagingApp?identifier=setup",
"android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{
"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":"XXXXXXXXXXXXXXXXXXXX"
}
}

Related

How do I get apple receipt from app store events in laravel

I am using imdhemy/laravel-in-app-purchases plugin to manage mobile purchases from Google and Apple. I configured Google ok and I'm handling purchase events correctly.
But with apple subscriptions (renewable subscriptions) I can verify purchases, but I can't make the events listeners to work.
This is what I have working so far:
I can get a purchase from the mobile device and verify the receipt.
I can store the purchase identifier in my database.
I configured apple's push notification endpoint both for production and sandbox
My specific problem is:
the route /purchases/subscriptions/apple is expecting unified_receipt, unified_receipt.latest_receipt, unified_receipt.latest_receipt_info and notification_type.
but apple is sending Post: "{\x22signedPayload\x22:\x22eyJhbGciOiJFUzI1N...., if I'm not wrong, that is a JWT token, but in the library documentation, there is no information regarding JWT token.
That produces a 422 error from laravel's side, as it expects fields not sent by Apple.
Is there some extra configuration or step that I'm missing?
Thanks!
If you are switch to Notification version 1 you will find all data. Version 2 send only jwt token
If someone comes across this issue, the solution I found was to decrypt the JWT manually and skip all the custom events.

"Cannot post activity. Unauthorized" When testing from Bot Emulator

While testing the EchoBot template from Azure in Bot Emulator I keep getting "Cannot post activity. Unauthorized." How can I protect against this? I am new to .NET, so don't understand the how authentication is working here. I can see the configuration settings being loaded, but I don't see how they get supplied or applied in the default EchoBot template from Azure.
I have found I only get Unauthorized, if I have the "MicrosoftAppID" and "MicrosoftAppPassword" defined in the appsettings.json. If I comment these out it works fine.
[HttpPost]
public async Task PostAsync()
{
// Delegate the processing of the HTTP POST to the adapter.
// The adapter will invoke the bot.
await Adapter.ProcessAsync(Request, Response, Bot);
}
So I would like to understand how to avoid having to comment these lines out when testing the code locally. PostAsync returns the 401.
Have you tried adding your Microsoft App ID and Microsoft App Password inside of the Emulator ?
It should work fine after you add those when you test the bot in the emulator, check picture below
Go to your appSettings.json file and check if you have provided Microsoft App ID and App Password. You will get it when you have registered your app on Azure. If you haven't register it on Azure, you won't get ID and password. In this case, you must left the Microsoft App Id and Password json string as blank. Something like this:
In the Bot Emulator, don't give any credentials. Just provide your app URL and click Connect.
By this way you can get rid of the error.
Hope this helps.

Luis: Access denied due to invalid subscription key

I am facing following issue when i try to update application on Luis using following request:
https://westus.api.cognitive.microsoft.com/luis/api/v2.0/apps/app-id-here
header:
Ocp-Apim-Subscription-Key:paid-subscription key
body:
{
"name": "Name of luis app",
"description": "string"
}
I am getting following error:
{
"statusCode": 401,
"message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription."
}
I am using paid subscription from Azure portal with westus region. Still facing this issue.
However, This key works when I try to get top scoring intent using following request:
https://westus.api.cognitive.microsoft.com/luis/v2.0/apps/luis-app-id?subscription-key=subscription-key-azure&timezoneOffset=-360&q=hi
This is really weird as sunscription key works for GET request but not for PUT or POST request.
Any suggestions?
PS: I am using paid subscription key.
The (subscription) keys created with a Cognitive Service LUIS resource in Azure Portal, even when added to with Assign resource in luis.ai, can only be used for runtime queries on a defined app.
The authoring endpoints on LUIS Programmatic APIs v2.0 - to create and manage apps and their elements - can only be used with the Authoring Key available in the luis.ai portal.
More information can be found in Authoring and query prediction endpoint keys in LUIS
It looks like you have two issues you are working thru here.
First, the API you are trying to post to should read "https://[location].api.cognitive.microsoft.com/luis/api/v2.0/apps/{appId}/publish". From the looks of it, you are missing the 'publish' at the end of your API call.
Second, the paid subscription key needs to be added to your LUIS app. Can you confirm it has been added? If not, follow these steps to do so:
Click Manage => Keys and Endpoints.
Next, click 'Assign resource'.
A window will pop up allowing you to select the tenant, subscription, and the key to use.
Click OK.
Click 'Publish' to make the newly generated endpoint accessible.
Make sure you add subscription primary key value in my request and also make sure you have associated your API with the product which you used the Primary key

Device token not being set

Has anyone ever had a problem using Segment analytics SDK integrated with Mixpanel (cloud settings only, no Mixpanel SDK integrated)?
I'm registering the device token for push notification using the code:
SEGAnalytics.shared().registeredForRemoteNotifications(withDeviceToken: deviceToken)
...but we have almost half the users with a Ios devices key set in Mixpanel but no value, just an empty string.
There's no pattern among the users in this situation.
An empty 'iOS Devices' property on your People profiles generally indicates that there's a mismatch between the device token and the app's SSL push certificate that's been saved in your Mixpanel project; or, it could simply be an improperly formatted device token.
The fact that the property has been set in the first place means that you have successfully sent the device token to Mixpanel, however Mixpanel will remove tokens when their is a mismatch.
Mixpanel has a help doc that answers this specific question: https://mixpanel.com/help/questions/articles/how-does-mixpanel-manage-push-tokens-when-they-are-invalid-or-when-the-app-has-been-uninstalled.
Likewise, Segment has documentation for supporting mixpanel Push notifications here: https://segment.com/docs/integrations/mixpanel/#push-notifications.

Google Classroom API modifyAttachments

When executing the courses.courseWork.studentSubmissions.modifyAttachments method in the Google Classroom API, a 403 error is returned when I try to add the attachment to the student's submission.
GoogleJsonResponseException:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "#ProjectPermissionDenied The Developer Console project is not permitted to make this request.",
"reason" : "forbidden"
} ],
"message" : "#ProjectPermissionDenied The Developer Console project is not permitted to make this request.",
"status" : "PERMISSION_DENIED"
}
The call is being made from an authenticated student account and being added as a Link resource. The Developer Console project DOES have the Google Classroom API enabled, and other calls to the Google Classroom API are working fine, such as courses.list and courses.courseWork.studentSubmissions.get. What am I missing? The same error is returned when using the Try it! app in the Google Classroom documentation site.
When modifying assignments/courseWork or student submissions, only the Developer console project that created those objects can modify them. This means that only projects that created the corresponding course work can modify them, otherwise a 403 PERMISSION_DENIED error is returned. You can easily determine if the course work item is associated with the Developer Console project making the request by checking the associatedWithDeveloper property on the Google Classroom course work response.
It took me a while to figure this out myself, but the best way to go in my opinion is to first create the coursework (i.e. assignment or question) itself with Google Script or using the Classroom API. The coursework is then associated with the correct console project and you are cleared to manage the submissions from thereon.
All Classroom API methods may return a PERMISSION_DENIED (HTTP 403) error if an end user does not meet prerequisites for access. The message accompanying the error contains an error message to help you identify the cause and direct users to take the appropriate action.
ProjectPermissionDenied indicates that the request attempted to modify a resource associated with a different Developer Console project.
Possible Action: Indicate that your application cannot make the desired request. It can only be made by the Developer Console project of the OAuth client ID that created the resource.

Resources