Develop Reference

Trouble Testing IAP with Sandbox

I cannot sign in with Sandbox tester ID (the fields are not even displayed in Settings-App Store).
I am running Xcode 14.2 and attempting to test on a developer-signed physical device (iOS 16.1.2). Following the steps in Apple documentation ("Setting up StoreKit Testing in Xcode"), I have been able to run tests using using local StoreKit configuration file. All works well. I next wanted to try to use Sandbox Testing. Following the same documentation,
I set up a Sandbox Tester in Apple Store Connect.
I saved a Public Certificate from the storekit configuration file in
the project.
I removed the local StoreKit configuration file from the scheme’s run
options (by setting to "none").
I added the following conditional compilation block to my store
manager:
#if DEBUG
let certificate = "StoreKitTestCertificate"
#else
let certificate = "AppleIncRootCertificate"
#endif
It is my understanding that an option to sign in with the SandBox ID should appear in device's App Store Settings after the first time I attempt to make a purchase when running on the device physically connected to my Mac.
This is not happening. Am I missing a step? One possible mistake I made was placing the (above) conditional compilation block in the wrong place. Can someone recommend the best place for this? The documentation says to paste it in with my receipt validation code. Another suspected oversight might be something else I need to do in Apple Store Connect. Not sure. Any help appreciated!
Addendum - I get this message in the console:
Error enumerating unfinished transactions for first transaction
listener: Error Domain=ASDErrorDomain Code=509 "No active account"
UserInfo={storefront-country-code=USA,
client-environment-type=Sandbox, AMSServerErrorCode=0,
NSLocalizedDescription=No active account}

How to get an Google Translation API key to connect to Trados Studio?

How can I get an Google Translation API key to connect Trados Studio to Google Translation API?
In this instruction of SDL below, the key seems to have been available in the list in "APIs & services > Credentials" of Google Cloud console.
https://urldefense.proofpoint.com/v2/url?u=https-3A__gateway.sdl.com_apex_communityknowledge-3FarticleName-3D000005906&d=DwICaQ&c=Fge86U5Za1d7PUAcaTHoag0MToOH_fWpqWSEoP8Euxo&r=xdz4rRCzUCiMTlPzdnPEy9-9jLzZpm5SDgO1bwvO1T0&m=qS3KpcI4kSqBPB9p5G3IWLP2u9lzbF5ZeA6cdFqdAJY&s=lEyhu-1AVxnMDNj247L28iKqLLfpSCLyAzAOLhjf8lM&e=
But now, the "Key" column does not exist in the list. Instead, I got a Jason file following the steps in the console. But any values in the fields in the file like "project_id", "private_key_id", "private_key", and "client_id" all didn't work. I get an error "The API Key you have entered cannot be validated with Google".

I could make the key following the steps described in this page.
https://cloud.google.com/docs/authentication/api-keys#creating_an_api_key
The steps looked almost the same as those in SLD's instruction page.
But somehow, this link below in SDL's instruction page didn't work correctly for me.
https://console.developers.google.com/cloud-resource-manager
I got this error when I tried from the link.

Google API authentication: Not valid origin for the client

When making an auth request to the Google API (gapi), it's returning false on the checkOrigin.
I have removed any client id's or anything that would link directly to my account and replaced it with a regex indicating what the data is for reference.
Url: https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Flocal.tools&client_id=(\d{21})
My origin url is a local url, which is https://local.tools
Result: {valid: false}
I'm using the example found here without deviation (except for replacing clientid with my 21 digit clientid): https://ga-dev-tools.appspot.com/embed-api/third-party-visualizations/
The items I'm trying to display show up nicely on the demo site, but aren't getting past the Not valid origin for the client error on my local.tools site.

Clear your browser cache. Started getting this error in Chrome and then I created a new client id and was still getting the issue. Opened firefox and it worked, so I cleared the cache on Chrome and it started working.

I received the same console error message when working with this example: https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started
The documentation says not to overlook two critical steps ("As you go through the instructions, it's important that you not overlook these two critical steps:
Enable the Analytics API [&] Set the correct origins"), but does not clearly state WHERE to set the correct origins.
Since the client ID I had was not working, I created a new project and a new client ID. The new project may not have been necessary, but I'm retaining (and using) it.
Here's what worked:
Create a new project
Add and Enable the Analytics API
Create a new credential - ensure that it is an OAUTH credential (scroll to the bottom of this page for instructions https://developers.google.com/api-client-library/javascript/start/start-js#Setup).
During creation of the credentials, you will see a section called "Restrictions
Enter JavaScript origins, redirect URIs, or both". This is where you can enter your origins.
Save and copy your client ID (and secret).
My script worked after I created the new OAUTH credential, assigned the origin, and used the newly generated client ID following this process.

try clear caches and then hard reload, i had same error but when i tried to run on incognito browser in chrome it worked.

Key Point: Add both http://localhost and http://localhost:port_number to the Authorized JavaScript origins box for local tests or development.

Credentials do not work if API is not enabled. In my case the next steps were needed:
Go to https://console.developers.google.com/apis/library
Enter 'People'
From the result choose 'Google People API'
Click 'Enable'

Creating new oauth credentials worked for me

You probably use Client ID like this: <CLIENT_ID>.apps.google.com
Make sure your client ID is without ".apps.google.com"

For me - I just went here:
https://console.developers.google.com/apis/credentials
Then chose the right project; then choose the credential with the same ID shown in your console error message. When editing the credentials you can add multiple origins to the white list.

After updated Authorized JavaScript origins browser still caching old data, so I need to Empty cache and hard reload then it works
1. Change Authorized origins
2. Open Dev Tool (F12) then right-click into reload button

Clearing the cache on chrome works!
Please find the steps below to clear the cache.
Open dev tools (Right-click on the page and select inspect/ press F12)
Right-click on the chrome reload button while the dev tool is opened. (You will find the option to clear the cache and reload the site)

clearing the cache works for me.
for React developers try to restart the project otherwise it will show the same error again and again.

It was a referrer-policy problem.
This has been such a pain for a long time to me too...
Found the issue, my website instance had a referrer policy set to
no-referrer. After setting it to no-referrer-when-downgrade, the One
Tap prompt showed up as expected.
https://stackoverflow.com/a/63039142/15565029
If you are using Django, SECURE_REFERRER_POLICY is 'same-origin' by default. Change it by adding the below code in your settings file.
# settings.py
SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'
https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-SECURE_REFERRER_POLICY

Similar to few answers at above but with screenshots. If you created project for Firebase, may also use the same steps to configure at Google Cloud Platform console.
Select the project at https://console.cloud.google.com/
Navigate to Credentials
Click Edit button for the related OAuth 2.0 Client ID
Add URI into Authorized JavaScript origins
Don't forget to Save

That worked for me after trying for an hour:
On https://console.cloud.google.com/apis/credentials :
Edit Client Outh (mine was: Web Client (Auto Created by Google Service), which was created by my Firebase Web Project)
Enter JavaScript Origin for the Client ID (mine was: localhost:NNNN)
and don't forget to Save.
Try google login for half an hour: didn't work
Enabled Google Analytics as suggested above
Empty Chrome cache and hard reload as suggested above
Try google login for half an hour: didn't work
Sign Out from https://console.cloud.google.com, and sign in again
Empty Chrome cache and hard reload
Now it worked
I don't know which one of the above fixed the problem.
May be it was just a matter of time for cloud.google to
recognize my new JavaScript Origin.

I got the error because of Allow-Control-Allow-Origin: * browser extension.

Trying on a different browser(chrome) worked for me and clearing cache on firefox cleared the issue.
(PS: Not add the hosting URIs to Authorized JavaScript origins in API credentials would give you Error:redirect_uri_mismatch)

I was getting the same error but tried publishing my app and now it shows as below:

Accept Untrusted Certificates on anonymous profile in firefox

I have a small issue.I am opening a firefox browser in a specific profile with selenium,and an flash app
appear.In this app I need to click something,so I use sikuli.The problem is when clicking a button with sikuli,my app opens a browser in an anonymous profile so the "Untrusted SSL certificates" appears.
Is there any way to setAcceptUntrustedCertificates for anonymous profiles for firefox ?
I want to mention that I already have setAcceptUntrustedCertificates in my java code.
Thanks

You need to create a profile for the driver and use
profile.setAcceptUntrustedCertificates (true);
Also this has been answered before for example see
Handling UntrustedSSLcertificates using WebDriver

IOKit not permitted in Sandbox?

I'm new to using IOKit and have noticed what I think is the sandbox making it fail.
Here is the test I'm trying (in Pascal) which runs fine outside the sandbox but when I enable it IOServiceOpen returns the error kIOReturnNotPermitted every time.
Is IOKit not safe in the sandbox for certain services? I was trying to get some fan speeds/cpu temperatures and I see there are some apps in the AppStore (sandboxed) doing this so I believe it's possible. The only one I could confirm appears to have an XPC service bundled with the app as a helper so maybe that's a clue to make IOKit work? I tried basically all the entitlements and none of them seemed to help any.
Thanks for any ideas you may have.
procedure TestIOKit;
var
err: kern_return_t;
masterPort: mach_port_t;
iterator: io_iterator_t;
device: io_object_t;
matchingDictionary: CFMutableDictionaryRef;
conn: io_connect_t;
begin
IOMasterPort(0, masterPort);
matchingDictionary := IOServiceMatching('AppleSMC');
err := IOServiceGetMatchingServices(masterPort, matchingDictionary, iterator);
if err <> kIOReturnSuccess then
writeln('IOServiceGetMatchingServices: ', err);
device := IOIteratorNext(iterator);
IOObjectRelease(iterator);
if device = 0 then
writeln('no smc found');
err := IOServiceOpen(device, mach_task_self_, 0, conn);
if err <> kIOReturnSuccess then
writeln('IOServiceOpen: ', err);
end;

I found the same problem trying to read SMC keys in order get sensor temps and fan speeds from inside an OSX Yosemite 'Today extension'. The extension needs to be sandboxed, and I was also getting the kIOReturnNotPermitted error every time I tried to read the temp and fan sensors.
The only way I got it working was by creating a XPC service that manages all the SMC stuff, configured as a launch agent. This way, the sandboxed app (the 'today' extension) asks the XPC service for all the relevant data, instead of messing with IOKit directly.
So far, it seems to be working properly.

You don't need an XPC (not sure I understand that answer given it would also need to be sandboxed).
You can use this temporary entitlement although I don't hold any hope of apple approving it for MAS - you'd need to make your case to try and justify its use in iTunes connect. I have a similar problem and it's the only "solution" i've found so far:
com.apple.security.temporary-exception.sbpl string (allow iokit-open)

I don't see the answer from Luis Glez provide a solution but wrong information.
In fact there is currently no way to access this I/O Kit functionality from a sandboxed app neither would it be approved by Apple for the App Store.
If you check sandbox status of the app from from Luis Glez you will see that it's not sandboxed at all. Also it's not available at the App Store and I assume this is the reason.
Terminal:
codesign --display --entitlements - VitalStats.app
There was a recent discussion on the Developer Forums and someone from Apple confirmed that there is no way.
https://devforums.apple.com/message/1082393#1082393

The solution is very simple. You need to add a few lines in the file entitlements
<key>com.apple.security.temporary-exception.sbpl</key>
<array>
<string>(allow iokit-open)</string>
<string>(allow iokit-set-properties (iokit-property "ConsoleUID"))</string>
<string>(allow mach-lookup (global-name "com.apple.AssetCacheLocatorService"))</string>
</array>

My app was just rejected for using IOKit in general. Does anyone else have the same problem? The app was approved for 60 earlier builds, but all of the sudden, Apple seems to have a problem with that now. I use IOKit to read battery information like current voltage etc.
Rejected because of 1.1.6 - Safety.
Thank you for your submission. During our review, we found that your app is not appropriate for the App Store.
We encourage you to review your app concept and evaluate whether you
can incorporate different content and features to bring it into
compliance with the App Store Review Guidelines.

For those who may still look for answer, in Catalina, the problem might be that the app first needs to get the Input Monitoring permission, if it's not granted or denied - You would certainly get kIOReturnNotPermitted error.
To try if this is the case, go to System Settings, Privacy, select Input Monitoring and check if Your app is allowed.
After granting the permission the error should disappear