I look for a 100% Linux solution to use Sweden's BankId.
There is information online:
https://github.com/virtualforce/bankid-authentication/
http://www.herlitz.nu/2017/09/13/integrating-with-swedish-bankid-and-.net/
Now I need to download my client certificate from the bank seb.se
How to download one's client certificate at SEB?
It's not really clear what you want.
Do you want a Linux BankID client? That's not supported by BankID. You can find out their client requirements here:
https://support.bankid.com/sv/felavhjalpning/systemkrav
Do you want a server solution for using BankID RP interface? Go ahead, the SOAP interface is well documented here:
https://www.bankid.com/rp/info
As for downloading the certificate from SEB, you need to be a bank customer with a Swedish personal number. I'm not a customer, but judging from their website, it seems they only issue BankID on card and Mobile BankID. Once you're logged into the Internet bank with your Digipass you should have no problem to find out how to issue a mobile BankID.
BankID on card might take some more effort though.
BankID does have a demo system for development purposes. There you can issue a fake BankID to use in the development mode, "test".
Related
I'm trying to add an add-on to my heroku project, but it needs verification by phone number. But the phone numbers of my country is not supported (Ukraine), so I'm getting an error This number is not supported. My account has already been verified using credit card. This additional verification is required to use this addon though.
What should I do with it and how to resolve this problem? Only this add-on is fit to me, so I can't get alternative one.
The problem was only solved for me through opening a support ticket on Heroku.
Someone from their team then manually verified the account for me
Currently, I have been tasked to utilize the Google People API to ask for a user's basic Google information along with their public phone numbers. So far the results have been positive.
The solution my team and I have incorporated the Google People API integration in has the capacity to be utilized across thousands of domains. As a result, my question is simply, How can my team members and I ensure that any our clients that utilize our solution with their own particular domain get our new functionality built with the Google People API?
Keep in mind, our clients have the flexibility to have http/https and any subdomain on their site. Entering each domain possibility for our client base one by one would not be an easy task. I'm seriously hoping there is a solution around the single, explicit origin entries.
Thank you for your time and help.
Warning:
You must remember that if this is source code you are giving your clients that you are not allowed to release your client id and client secret. This includes plugins and scripts.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
So if your clients could view the code of your application and see your client id and secret you should not be giving it to them.
Read more about this issue Can I really not ship open source with Client ID?
Recommendation:
The best solution for you will be to instruct your users now to create there own project on Google Developer Console and create their own JS origins.
You may just have to provide your own wrapper around the target API where you authorize the client request yourself and then do the request from Google using your own credentials.
For convenience while playing with the sample apps, I am hosting the html and css pages for my receiver on google drive.
But I'm seeing problems fetching them due to https and certificates.
This is what "wget" says when I try to fetch from the hosting URL:
ERROR: The certificate of ‘googledrive.com’ is not trusted.
ERROR: The certificate of ‘googledrive.com’ hasn't got a known issuer.
Any tricks to quickly avoid this? Otherwise I'll look to host elsewhere...
We have never had any issues with hosting on Google Drive, we use that frequently when doing development, you need to make sure your files are public on the web. The url you want to use is the one in the details tab (under the "Hosting" headline) (thanks to Antonio Fontan for mentioning that in the corresponding G+ post). Another alternative that I have used in the past is the App Engine; that is also a good alternative.
I am learning UPS address validation API for my PHP application. Going to use web service version for my integration. However I am not sure whether UPS address validation will work for mobile app or not like iPhone or Android app. Can someone answer me this question in details?
Thanks in advance.
To add to Matt's comment, UPS address verification and official postal (e.g. USPS, Canada Post) addresses can be different so, in addition to the terms of service, make sure you are pulling from the right data.
Is there a way to prove that a communication sent by e-mail or other means comes from the person in control of a website?
I'm talking about something fairly simple. Google, for instance when validating a website for Webmaster Tools or a domain for Google Apps, will ask you to put a code that they supply you into a text file located in the root directory of the website. But what I'm interested in is something that an ordinary, casual computer user could do upon receipt of an e-mail from a website operator to verify its provenance. The website owner may not have control of the domain itself or power to send e-mail from a domain address.
I've been reading up on PGP, but my head is spinning. But for instance, is this scenario possible?:
A long key code is published on the website.
In an e-mail another, different long key code is included.
O.K., now I'm starting to get confused.
I guess what I'm thinking of is that a recipient of a readable, plaintext message could somehow check something contained in the message against something on the website (maybe via an online web app, not any complex software that they would have to install), and they could be confident that the message came from the person in control of the website.
Ideally, this solution would be free as in beer and would not require the website owner to compromise his privacy or anonymity.
Specific recommendations of web apps or Macintosh (or Windows) apps or open source website development tools would be appreciated.
Sounds like you're after a digital signature method: http://en.wikipedia.org/wiki/Digital_signature. Publishing the public key on the website you control and signing emails with the corresponding private key is proof that you control the website.
Note that if the website is compromised in some way, the digital signature can be circumvented by the hacker publishing a different key. Better to buy a certificate from a reliable certification authority who act as a trusted third party to vouch for your identity.