We are hosting a web app on Parse's Cloud Code Hosting service but I'm having a problem getting the logged in facebook user in Express code. I can see that the client side it working when I call Parse.FacebookUtils.logIn and I can get the user in main.js using request.user when the account is logged in from an iOS app, but the same doesn't work in app.js. I've tried following the cookie handling code in this guide https://parse.com/docs/js/api/symbols/parseExpressCookieSession.html but I still get undefined when I try and access it.
I'm sure I'm missing something obvious but I'm not sure where the process is failing.
This seems to be a reasonably common problem;
https://parse.com/questions/parseexpresscookiesession-cookie-session
https://www.parse.com/questions/parseusercurrent-on-express-is-undefined-when-loggin-with-facebook
Then I finally came across this;
https://github.com/ParsePlatform/parse-facebook-user-session
Related
I had to get a new phone, and I didn't think about my auth applications. I got all my others replaced and working, but I can't even get to the Third-Party Authenticator App to get the QR code I need since I have to be logged in to get to it. I can't even submit a help ticket since I have to be logged in as well to do this. Does anyone have any ideas on how to recover your validation authorization application for Heroku?
I have a Google Cloud App Engine app that functions correctly when either I allow unauthenticated AllUsers access or turn on IAM for controlling access in Identity Aware Proxy. However when I follow the instructions on this page https://cloud.google.com/iap/docs/cloud-run-sign-in to enable Cloud Run Hosted sign-in with external identities and attempt to access either the login page or the Google Cloud Run hosted sign-in page, I receive the following error in the browser.
"Could not fetch URI /computeMetadata/v1/instance/service-accounts/default/token?scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/identitytoolkit"
For context, the Google Cloud Run service hosting the user sign-in is set to allow all Unauthenticated. It should re-direct to the Google App Engine web app. I think this is related to permissions or redirects, but I am at a loss as to how to fix. Any thoughts? Thanks!
I attempted to fix by re-deploying the Cloud Run Service, switching IAP on and off, switching between IAM and external identities, but to no success.
Thanks #John Hanley, I discovered that one my compute engine service account was disabled for some reason within the project. Re-enabling solved the problem partially. I'll spend more time matrix out the permissions and re-directs to make sure they are aligned.
I originally thought I completely answered my own question and solved my problem. Unfortunately, I only solved one of the problems with my implementation of the external identities authentication method.
Description of the other problem:
I enabled email/password and Google as providers, but when I click on the the option to authenticate with Google, I receive the following text in the browser: "The requested action is invalid."
At the Console in Dev Tools I get the following error:
GET https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=*mykey*&cb=1599165379363 403
The following url is displayed in the URL bar:
https://.firebaseapp.com/__/auth/handler?apiKey=mykey&appName=%5BDEFAULT%5D-firebaseui-temp&authType=signInViaRedirect&providerId=google.com&customParameters=%7B%22hl%22%3A%22en%22%7D&scopes=profile&redirectUrl=https%3A%2F%2Fiap-gcip-hosted-ui-app-engine-app-myserver-uc.a.run.app%2F%3FapiKey%3Dmykey**&v=7.16.0&fw=FirebaseUI-web
mykey and myserver were removed for this post and is not the actual values.
Email/password sign-in works, but not the Google sign-in. What am I missing here?
I am trying to get a Bot working with the Oauth example provided here: https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=aadv2%2Cjavascript
If I use Azure as an exemplary issuer all works ok. So the general code works out fine.
Now, I have an example Laravel Passport app running to issue myself for testing purposes. All configuration, normal login etc. works fine. I created a generic oauth 2 client in Azure with my password client id and secret.
If I test it in the Azure Portal it heads to the request permission dialog. I confirm and it redirects to e.g. https://token.botframework.com/.auth/web/redirect?code=XYZ&state=123 and just shows Bad Request. No more, no less.
I tried different configurations etc., googled and found some with similar problems but no solution. Most just referred to secrets etc. But the secret works, a broken secret before lead to other issues I am not facing now.
And the error message is not really helpful ^^ No matter how I call https://token.botframework.com/.auth/web/redirect it is always a Bad Request.
Does anybody have an idea, a hint in what direction to look further, where issues could occur? As I am a little lost right now.
I was trying to setup OAuth workflow using the sample application as given here
However for some reason, after I enter my okta user Id and password, I never gets the control back on my call-back URL and application just hangs indefinitely.
However the normal Javascript Singn-in widget (check this link) with the minimal authentication does work and I get the control back to the redirect URL. But this is not for an OAuth2 workflow... which is completely useless for me. Because all it does is provide authentication service using Okta tenant app and it will redirect you to your App URL. This does not provide any authorization grant workflow or other OAuth2 complex workflow. May be useful for some application but not for enterprise app where you want to retrieve user profiles, and create a login session based on user profile data retrieved from OKTA.
So my question is why is the OAuth workflow not working using the PHP application that uses JS sign-in-widget? And why there are no instructions or warning on this page for this costly service (this is not free and many org is probably paying for this)?
I spent almost a day trying to setup my Authorization server as per the instruction given on this link, but nothing works. Any idea what must be going wrong ?
Does this entire example works only after contacting OKTA support to enable the Authorization server feature? Because, I also saw a documentation here that says that this is Early Access (EA) feature (and it is probably recently added in OKTA? Extremely frustrating experience).
BTW I sent email to their customer support to enable this Authorization server feature just in case if I am missing something. If this does not work then I will have to create my own OAuth2 server using Laravel 5.4 PHP framework, which is probably the quickest solution and 100% free.
I also tried to test the Authorization server setup as per the instructions provided here.
I was successful in getting the following end point working:
/oauth2/:authorizationServerId/.well-known/openid-configuration
But I am unable to get any scope and claims using api end-point:
/api/v1/authorizationServers/:authorizationServerId/scopes
So in short, I am so far unable to test my Authorization server to get my authorization grant workflow working.
Where can I look for some troubleshooting advice?
Is there another way to check whether I have configured my OKTA Authorization server properly?
I found out that the JS script provided for the PHP sample is not right for the workflow I am working on. So after changing that JS Script, things started to work.
Edit: Also please note that Setting up Authorization server is a new feature (It is Early Access feature) in OKTA. It is not enabled by default. So you need to contact OKTA support team to enable the Authorization service endpoint and functionality provided by it.
So I'm trying to integrate Google login with Parse using the "Bring your own login" system. I was able to get the basic authorization functionality to work using the code snippets at https://groups.google.com/forum/#!topic/parse-developers/UUvTreGYOrI.
Now, to do some testing, I went ahead and manually deleted the user object via the Parse dashboard. However, I am now getting the following error when trying to access go through the signup workflow:
com.parse.ParseRequest$ParseRequestException: {"code":101,"message":"object not found for get"}
I tried clearing the cache and uninstalling the app, but the issue persists. Can anyone help me how to get around this and start the registration process afresh?
On a more fundamental note, this is my first time implementing code OAuth, logins, and ACLs. As such, any resource/tutorial that can give me code examples of this integration with Parse on both the CloudCode and the client (app) side would be highly appreciated (I believe the current official Parse tutorial uses Git and only has samples of the server side CloudCode).
Nevermind - I figured it out.
I had to delete the entry in the TokenStorage class on the Parse dashboard. I guess that's storing the token that links the login with the User object.
Anyway - I'm keeping this open to see if someone can point me to a good sample code for this workflow.