We have migrated our production app from hosted Parse to Parse Server and when during testing we have encountered that our cloud functions are not working properly. After research we have found that session for our authenticated users is not saved to Session class on database by Parse SDK automatically. When we signup new user, session is created and it is saved to cloud. We can see it from Parse Server dashboard. But when we sign out that user and sign in again, especially after sign in, session is created but it is not saved to cloud and we cant see it from dashboard. It seems like it remains on local. Thats why our cloud code is not running, because request.user on all cloud functions is null and user is not authorized. We are using latest Parse Server with version 2.2.14 and revocable sessions.
Did you add this to your code (from the Session Migration Tutorial)
In your app's code, add this line just after the Parse initialization line where you set your application ID and client key. This line will cause all login/signups from the SDK to use revocable sessions. It will also issue a network call to Parse in the background to upgrade your user's legacy session token to the new revocable token.
iOS: [PFUser enableRevocableSessionInBackground]
Android: ParseUser.enableRevocableSessionInBackground()
.NET: ParseUser.EnableRevocableSessionAsync()
JavaScript: Parse.User.enableRevocableSession()
Related
I have followed the solution explained in the Azure SSO related question in the forum
After that i checked in the Portal Azure try testing from the portal itself but it keeps redirecting me to the login page only if doing it first time so its new to me though. am i missing something or i need to write login handler for my application to handle this as for now i have not created any handler for login because as per the description in the link it supposed to work .
I tried by having dd in the service provider that has been created but its not reflecting as i am confused and stuck here i am not getting where i need to write the logic where i need to handle users with type in this as for login now it is redirecting me to login route when i test it from azure portal.
Any guidance on this would be helpful !
• I would suggest you follow the Github documentation below for configuring the lavarel SAML SSO in Azure AD as it uses Lavarel package for SAML2 integration as a service provider itself. Also, as you have added the service provider in your case, it doesn’t need to if you are using v 5.5 and higher of Lavarel as it gets automatically registered. Its just for older versions that you need to add the service provider in ‘config/app.php’.
https://github.com/aacotroneo/laravel-saml2
• Thus, once you do the above and publish the config files accordingly by executing the php commands, then you will need to modify the IDP settings in PHP app’s configuration and in here, please ensure that you are entering the ACS(Reply) URL and Identifier (Entity ID) from the Azure AD created application correctly. Also, ensure that the required SAML URLs and certificate keys are correctly entered in the environment variables required in the aad_idp_settings.php
Also, please check the actual routes in the metadata, by navigating to ‘http(s)://{laravel_url}/{idpName}/metadata’ as they must be reachable for your application to pass the authentication claims to AAD for get the authentication token and since, you are configuring SSO, please check the IDP metadata for ‘http(s)://{laravel_url}/single_sign_on/mytestidp1/metadata’ and finally please ensure that ‘RedirectIfAuthenticated.php’ is configured to redirect to ‘/routesPrefix/myIdp1/login’ and the same in '/Exceptions/Handler.php'
By following the above steps, your issue should be resolved.
Im releasing my app to firebase distribution throw Fastlane while using CI machine.
Im facing an issue with the 2FA.
Im using Match to retrieve my certificates.
This is what I have under "Appfile"
app_identifier "com.example.example" # the bundle
apple_id "appleAcount#gmail.com" # Your Apple
team_id "abcd..." # Developer Portal Team ID
ENV["FASTLANE_USER"] = "appleAcount#gmail.com"
ENV["MATCH_PASSWORD"] = ""
ENV["FASTLANE_PASSWORD"] = ""
ENV["FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD"] = ""
This is the error I'm receiving:
Two-factor Authentication (6 digits code) is enabled for account
'appleAcount#gmail.com' More information about Two-factor
Authentication: https://support.apple.com/en-us/HT204915
If you're running this in a non-interactive session (e.g. server or
CI) check out
https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification
(Input sms to escape this prompt and select a trusted phone number
to send the code as a text message)
(You can also set the environment variable
SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER to automate this) (Read more
at:
https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship_2fa_sms_default_phone_number)
Please enter the 6 digit code:
I have read this "https://docs.fastlane.tools/best-practices/continuous-integration/" but with no luck. can anyone help me solve this issue?
The fastlane team did a great job ❤ in recent releases (from 2.157.0 to 2.163.0 so far) to support the use of an API key for App Store Connect API in many actions (pilot, deliver, match, etc. - the status for each tool is available here).
Using an API key removes the need to provide an Apple account to authenticate and authorize the fastlane actions to do their operations on App Store Connect, which also means that you will no longer be fighting with 2 factor issues on your CI machine or have to manually regenerate a session via fastlane spaceauth when it becomes invalid.
From App Store Connect API Key page:
Generating an API key allows you to configure, authenticate, and use one or more Apple services for that key. Keys don’t expire, but can’t be modified to access more services once created. You can have a maximum of 50 active keys at a time
There are other benefits of using an API key and it is the recommended solution as explained in the fastlane documentation:
fastlane has historically used Apple IDs with username and password to
authenticate using a cookie-based web session. fastlane will continue
using this same cookie-based web session to authenticate with an
unofficial version of the App Store Connect API.
However, it is recommended to use the API Key authentication when you
are able to. The benefits include:
No 2FA needed
Better performance
Documented API
Increased reliability
I will not detail the steps to set up and use an API key here as it is already well explained in the documentation but here are the main steps:
Create a new API key from App Store Connect (you must have the "Account Holder" role to create one) and assign it the App Manager role (cf. Role permissions documentation),
Store the key and its info on your CI,
In your Fastfile, call the app_store_connect_api_key action with the values stored in 2.
Pass the value returned by 3. as an api_key parameter when you call an action, or let the action retrieve its value by itself from the lane context (if it supports it).
2FA problem due to invalid session:
Should vanish :)
You need to set up a environment variable 'FASTLANE_SESSION'='---\n....\n' token.
To get this token you need to authenticate manually using this command:
fastlane spaceauth -u YOUR_APP_STORE_EMAIL
example fastlane spaceauth -u joe#test.com.
You will need to revalidate every 2-3 weeks (some say 30 days) your session. The process is kinda of a pain right now.
Create a new App Store Connect API Key in the Users page
For more info, go to the App Store Connect API Docs
Give your API Key an appropriate role for the task at hand. You can read more about roles in Permissions in App Store Connect
Download the newly created API Key file (.p8)
This file cannot be downloaded again after the page has been refreshed
Add key in your project
lane :release do
api_key = app_store_connect_api_key(
key_id: "D383SF739",
issuer_id: "6053b7fe-68a8-4acb-89be-165aa6465141",
key_filepath: "./AuthKey_D383SF739.p8",
duration: 1200, # optional (maximum 1200)
in_house: false # optional but may be required if using match/sigh
)
pilot(api_key: api_key)
end
more details
Short description:
Im using laravel application which already has system for logging in with microsoft account. That system works, but this is the first time im working on it, and i can not establish locally that users can sign in with their microsoft account into the application. Because system in the application works, and i get error when logging in, the issue must be in my configuration at Azure portal.
My configuration is as following:
I have created tenant and registered app in it. My SAML config is as following:
Entity ID: https://login.microsoftonline.com/tenant-id/saml2
Reply URL (Assertion Consumer Service URL): https://sts.windows.net/tenant-id/
In my .env i have set following values:
AZURE_AD_CALLBACK_URL=/login/microsoft/callback
AZURE_AD_CLIENT_ID=id-of-the-application-in-tenant
AZURE_AD_CLIENT_SECRET=tenant-secret-key
SAML2_AZURE_SAML_ENABLED=true
SAML2_AZURE_IDP_SSO_URL="https://login.microsoftonline.com/tenant-id/saml2"
SAML2_AZURE_IDP_ENTITYID="https://sts.windows.net/tenant-id/"
SAML2_AZURE_IDP_x509="tenant-id"
SAML2_AZURE_SP_ENTITYID="https://some-app.com/"
I get following error after entering my credentials:
AADSTS700016: Application with identifier 'https://someapp/' was not found in the directory 'tenant-id'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
I have added user to the application, which i use to test login, so this error is totally confusing for me.
I dont know if i provided all neccessary info, but if some missing i will provide them.
I hope someone knows what is wrong with the configuration
The tenant id is a GUID. Have you used this or are you using the "tenant-id" string?
Also, the ACS is an endpoint in your application - not an Azure URL.
I was trying to setup OAuth workflow using the sample application as given here
However for some reason, after I enter my okta user Id and password, I never gets the control back on my call-back URL and application just hangs indefinitely.
However the normal Javascript Singn-in widget (check this link) with the minimal authentication does work and I get the control back to the redirect URL. But this is not for an OAuth2 workflow... which is completely useless for me. Because all it does is provide authentication service using Okta tenant app and it will redirect you to your App URL. This does not provide any authorization grant workflow or other OAuth2 complex workflow. May be useful for some application but not for enterprise app where you want to retrieve user profiles, and create a login session based on user profile data retrieved from OKTA.
So my question is why is the OAuth workflow not working using the PHP application that uses JS sign-in-widget? And why there are no instructions or warning on this page for this costly service (this is not free and many org is probably paying for this)?
I spent almost a day trying to setup my Authorization server as per the instruction given on this link, but nothing works. Any idea what must be going wrong ?
Does this entire example works only after contacting OKTA support to enable the Authorization server feature? Because, I also saw a documentation here that says that this is Early Access (EA) feature (and it is probably recently added in OKTA? Extremely frustrating experience).
BTW I sent email to their customer support to enable this Authorization server feature just in case if I am missing something. If this does not work then I will have to create my own OAuth2 server using Laravel 5.4 PHP framework, which is probably the quickest solution and 100% free.
I also tried to test the Authorization server setup as per the instructions provided here.
I was successful in getting the following end point working:
/oauth2/:authorizationServerId/.well-known/openid-configuration
But I am unable to get any scope and claims using api end-point:
/api/v1/authorizationServers/:authorizationServerId/scopes
So in short, I am so far unable to test my Authorization server to get my authorization grant workflow working.
Where can I look for some troubleshooting advice?
Is there another way to check whether I have configured my OKTA Authorization server properly?
I found out that the JS script provided for the PHP sample is not right for the workflow I am working on. So after changing that JS Script, things started to work.
Edit: Also please note that Setting up Authorization server is a new feature (It is Early Access feature) in OKTA. It is not enabled by default. So you need to contact OKTA support team to enable the Authorization service endpoint and functionality provided by it.
On apps like twitter and snapchat, if you changed the password from the web, it wouldn’t allow you to get into the app without re-authenticating with the new password. When changing your password with Parse Open Source Framework, does it implement this functionality automatically on mobile or would the developer need to implement it themselves?
You have to do it by yourself. Check the following tutorial, section Handling an Invalidated Session:
https://parse.com/tutorials/integrating-facebook-in-android