My goal is to get the "Turn on the light" message when I say that to my Google Home. To do that, I visited their documentation page, which listed this sample code. I downloaded it and run it locally. Even thought I ran it locally, by default it was available publicly at "https://something.ngrok.io".
I opened the page and added a new light (I chose monochrome, because it looked simpler than RGB light) like this.
Then, I created a project "Fake Light" at Actions on Google.
Now, I see that app when I click "Add devices" on the Google Home app like below. If I click it, it shows the OAuth page, but when I tried to log in, it says, "Couldn't update settings please check your connection".
The NPM console log is like the following (I censored out some parts):
login successful rick
authCode successful 5*************************
GET /oauth?response_type=code&client_id=***********&redirect_uri=https://oauth-redirect.googleusercontent.com/r/******** 302 8.858 ms - 1418
/token query {}
/token body { grant_type: 'authorization_code',
code: '*****************',
redirect_uri: 'https://oauth-redirect.googleusercontent.com/r/*****************',
client_id: 'ZxjqWpsYj3',
client_secret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
getClient ZxjqWpsYj3, hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv
return getClient { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
client { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
handleAuthCode {}
getClient ZxjqWpsYj3, hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv
return getClient { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
getAccessToken = { uid: '1234',
accessToken: '*****************',
refreshToken: '*****************',
userId: '1234' }
return getAccessToken = { token_type: 'bearer',
access_token: '*****************',
refresh_token: '*****************' }
respond success { token_type: 'bearer',
access_token: '*****************',
refresh_token: '*****************' }
POST /token 200 6.401 ms - 100
POST / 404 0.401 ms - 140
I used the sample account rick/oldman. The last log did show "404" but I am not sure why this happens.
The fulfilment address had to contain "/smarthome". I had entered "https://xxxxxxxx.ngrok.io". I changed it to "https://xxxxxxxx.ngrok.io/smarthome" and the error did not happen again.
https://github.com/actions-on-google/smart-home-nodejs/issues/58
Related
Okta noob here and hoping the hive-mind could help.
while I have a successful log int to OKTA according to the logs, it returns to an error page with a url similar to the following
localhost:8080/error?code=Tp59q3-more of the hash-W1EP&state=z8JF0llhhMe-more of the hash-e6iLs1A5Z5
I'm using the sample code here: https://github.com/okta/samples-js-angular/tree/master/okta-hosted-login, which I had previously working. That is, up until the point I added my own custom code to the project.
the things that has me scratching my head is the Login challenge/response dialog for passwords appears as expected, the okta dashboard records a successful login. The redirect URL gives me a hash whereas the help documents don't indicate that is the case.
So not sure if I'm getting a head fake from the error? query string.
The response code I'm receiving is 200.
It doesn't make sense that a dev site would obscure error codes. so any guidance would be appreciated. Do I need to decode these hashes? Is this a redirect issue?
const { CLIENT_ID, ISSUER, OKTA_TESTING_DISABLEHTTPSCHECK } = process.env;
export default {
oidc: {
clientId: `${CLIENT_ID}`,
issuer: `${ISSUER}`,
redirectUri: window.location.origin + '/login/callback',
scopes: ['openid', 'profile', 'email'],
pkce: true,
testing: {
disableHttpsCheck: `${OKTA_TESTING_DISABLEHTTPSCHECK}`
}
},
resourceServer: {
messagesUrl: 'http://localhost:8000/api/messages'
},
};
I am getting 403 Forbidden error while trying to use /me/people to get a list of contacts on Outlook. This is working on Graph Explore, but not in my application.
try {
const response = await axios({
method: 'get',
url: 'https://graph.microsoft.com/v1.0/me/people',
headers: {
Authorization: `Bearer ${req.user.accessToken}`,
},
});
res.send(response.data);
} catch (err) {
console.error(err);
}
My guess is the token that you're using doesn't have enough permissions. According to the documentation for GET /v1.0/me/people at https://learn.microsoft.com/en-us/graph/api/user-list-people?view=graph-rest-1.0&tabs=http you need People.Read or People.Read.All. Can you confirm you have those in the access token?
What this means is when users login to your application with their Microsoft account they'll be prompted to give your app access to their contacts. If you're writing an app that runs without user interaction (background process) you should follow these steps for authorizing your application.
i'm trying to use the directory API by using a service account that I've enabled his Domain-wide Delegation and off course also authorized this service from the admin console using the json file credetials downloaded when creating the service account.
I've also enabled the admin sdk from the google developers console
and i'm using the googleapi library
in order to get access token for the service account
import * as google from 'googleapis';//google sdk for api+Oauth
//creating JWT auth client for service account:
const jwtClient = new google.auth.JWT(
client_email,
null,
private_key,
scope, // (included the "https://www.googleapis.com/auth/admin.directory.user" scope)
null,
);
let tokens
jwtClient.authorize( (err, tokens)=> {
if (err) {
console.log(err);
return;
} else {
tokens = tokens
}
// Make an authorized request to list of domain users.
let url = `https://www.googleapis.com/admin/directory/v1/users?domain=mydomain`;
let headers = {
"Content-Type": "application/json",
"Authorization": `Bearer ${tokens.access_token}`
}
request.get({
url: url,
json: true,
headers: headers,
}, (err, res, body: {}) => {
this.handleResponse(err, res, body, resolve, reject);
});
});
})
}
the tokens are retrived succefully but when sending the users list request i'm receiving 403 "Not Authorized to access this resource/api"
on the other hand when using the google explorer api with the same params it work's
Looks like you didn't provide a subject when constructing the JWT object (in the line after scope, in your code). You should provide the email address of an admin there, so that you get a token impersonating that admin. Otherwise, you're acting as the service account itself, that doesn't have access to your domain's directory (and can never have access - that's why you must impersonate an admin).
I'm trying to consume the WP Rest API with Nativescript.
The WP API and the Authorization with OAUTH1 is already well setup and tested with POSTMAN.
Nativescript Login function to consume rest is already setup too and work without OAUTH.
Now I'm trying to Login with OAUTH here the code :
authorizationString = 'OAuth oauth_consumer_key="T2yXcbN28Ufj",
oauth_token="AmEVr5oSNmbKyZKccFjtmnSk",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1492267438",
oauth_nonce="rGFJG2",
oauth_version="1.0",
oauth_signature="Ru%2BaSvsZn2liesd2ENy8GeNsdHY%3D"';
login(user: User){
console.log("Try to login User : " + user.email);
let headers = new Headers({"Authorization": authorizationString});
let body = JSON.stringify({
username: user.username,
email: user.email,
password: user.password
});
headers.append("Content-Type", this.contentType);
return this.http.post(
this.api,
body,
{headers: headers}
)
.map( response => response.json() )
.do(data => {
//Do work!!
})
.catch(this.handleErrors);
}
But i got an error, this error means the autorization is not well formatted or sent :
"data": {
"code": "rest_cannot_access",
"message": "Only authenticated users can access the REST API.",
"data": {
"status": 401
}
}
How to properly use oauth1 with Nativescript?
I just switched to OAUTH2 by using a opensource plugin :
https://github.com/wlcdesigns/WP-OAuth2-Server-Client
and it's more easy to use with the authorization : Bearer
I have a Django app that authenticates using Okta:
headers = {
'Authorization': 'SSWS {}'.format(<okta api token>),
'Accept': 'application/json',
'Content-Type': 'application/json'
}
authentication_payload = {
'username': <username>,
'password': <password>
}
response = requests.post(
<okta auth endpoint>,
headers=headers,
data=json.dumps(authentication_payload)
)
This works successfully. From the response content I am able to get the User Id:
content = json.loads(r.content.decode('utf-8'))
okta_user_id = content['_embedded']['user']['id']
I then use the okta_user_id to create the endpoint to get the okta user by id:
okta_user_endpoint = https://<org>.okta.com/api/v1/users/<okta_user_id>
I then use the same headers from the authentication call, with the same api token, and try to get the user by id:
user_response = requests.get(
okta_user_endpoint,
headers=headers
)
But this is unsuccessful. I get a 401 error with the following content:
{
"errorCode":"E0000011",
"errorSummary":"Invalid token provided",
"errorLink":"E0000011",
"errorCauses":[]
}
Seems straight forward with an invalid token, but if the token is invalid how am I able to successfully make the authentication call? And if the token if valid for the authentication call why is it not working to get the user by id?
Okta recently changed the way that the /authn endpoint works. The /authn endpoint no longer requires an authentication token. This was done in order to support single-page applications.
It looks like your application will need to be able to fetch user information on an arbitrary user. In that case, using an Okta API token makes sense.
However, if you were making that call from a single-page application, you would want to make a request to the /users/me API endpoint.