I try to change an authentication method from basic to oAuth for Android app. So I decided to use MSAL library, registered an app to Azure App registration, added Android to authentication platform config and added "EWS.AccessAsUser.All" permission in "Office 365 Exchange Online" group.
Here is how my config looks like:
{
"client_id" : "MY_CLIENT_ID_HETE",
"authorization_user_agent" : "DEFAULT",
"redirect_uri" : "msauth://com.testing.testauth/MY_KEY_HASH_HETE",
"authorities" : [
{
"type": "AAD",
"audience": {
"type": "AzureADandPersonalMicrosoftAccount",
"tenant_id": "common"
}
}
]
}
In android app for scopes I use [https://outlook.office365.com/EWS.AccessAsUser.All].
Here is the code how I use auth lib:
PublicClientApplication.createMultipleAccountPublicClientApplication(this,
R.raw.msal_config,
object : IMultipleAccountApplicationCreatedListener {
override fun onCreated(application: IMultipleAccountPublicClientApplication) {
}
override fun onError(exception: MsalException) {
}
})
}
After that when trying to log in, entering email and password I receive notification "Need admin approval" with message "AADSTS900941: This operation can only be performed as administrator".
Any ideas what am I doing wrong? Thanks in advance.
Related
Based on the documentation I follow here documentation
the payload I had sent does not trigger onMessageReceived method for me to parse it instead it automatically trigger notification by the Huawei notification center.
this is a sample payload I've sent, and I've already include foreground_show and set it to false as mention in the web:
{
"validate_only":false,
"message": {
"notification": {
"title": "message title",
"body": "message body"
},
"android": {
"notification": {
"foreground_show": false,
"click_action": {
"type": 3
}
}
},
"data":"{'param2':'value1','param3':'value2'}",
"token": [
"ABW18Q4Rw5CAB68f9yS_1f859k0s-t3G1aIZheq5l6TedFj_Iold4I6M2EK-pwPTzt6HXxL_"
]
}
}
the result was, it does not trigger onMessageReceive function but it automatically creates the notification on the device.
but if I remove notification and android from the payload and only sending data it successfully trigger onMessageReceive :
{
"validate_only": false,
"message": {
"data": "{'param1':'value1','param2':'value2'}",
"token": [
"ABW18Q4Rw5CAB68f9yS_1f859k0s-t3G1aIZheq5l6TedFj_Iold4I6M2EK-pwPTzt6HXxL_"
]
}
}
this is the class where I already override the onMessageReceived:
class CustomPushService : HmsMessageService() {
private val TAG = "PushTokenLog"
override fun onNewToken(token: String?, bundle: Bundle?) {
super.onNewToken(token, bundle)
Log.d(TAG, "receive token:$token")
}
override fun onMessageReceived(remoteMessage: RemoteMessage?) {
Log.d(TAG, "onMessageReceived")
Log.d(TAG, "onMessageReceived:title:${remoteMessage?.notification?.title}")
super.onMessageReceived(remoteMessage)
}
}
I already include foreground_show: false and it wont trigger onMessageReceived unless if I only sending data in the payload then it will trigger onMessageReceived.
so is it not possible to send full payload as shown in the first payload and trigger onMessageReceived so that I can process the payload? and please let me know if my method wrong
In your request payload, you've set "message.android.notification.foreground_show” to “false”, which means your app is in the foreground and you will get the message data in the function onMessageReceived. Please double-check if your app is in the foreground.
Your device EMUI must be greater than EMUI 9.1.0, and Push SDK version must be greater than 4.0.
The class CustomPushService definition is good.
I used your 1st sample payload to test on my project. It worked very well. Please see below screenshot. The process entered into the function onMessageReceived as below.
Please refer to https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/android-server-dev-0000001050040110 and https://developer.huawei.com/consumer/en/doc/development/HMSCore-References/https-send-api-0000001050986197 for more information.
If you still have issues, please share logcat logs with me.
My Android app is using MSAL with this guide azure
When I try to sign up I get this error
MsalException: Applicationis not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.
Now i don't want to configure the application to be multi-tenant. so that leaves me with the second option of
Use a tenant-specific endpoint
From what I've seen I need to add it to the msal.config file which now looks like this :
{
"client_id" : "my cli id",
"redirect_uri" : "my red uri",
"broker_redirect_uri_registered": true,
"account_mode": "MULTIPLE",
"authorities" : [
{
"type": "AAD",
"audience": {
"type": "AzureADandPersonalMicrosoftAccount"
}
}
]
}
now this doesn't have an effect , I also understand I need to put somewhere the url of the endpoint with the tennant id and it takes /common as default ,
Any one have any ideas or example of how to do that ?
Thanks all
In the "audience", change the "type" to "AzureADMyOrg" and add "tenant_id" after that like below.
{
"client_id" : "my cli id",
"redirect_uri" : "my red uri",
"broker_redirect_uri_registered": true,
"account_mode": "MULTIPLE",
"authorities" : [
{
"type": "AAD",
"audience": {
"type": "AzureADMyOrg",
"tenant_id": "org_tenant_id"
}
}
]
}
I am trying to use Instagram Basic display API but when I post the authorization code to get the access token I keep getting the following error. Can anyone help me out from this?
Error:
{"error_type": "OAuthException", "code": 400, "error_message": "Invalid platform app"}
Code:
val url="https://api.instagram.com/oauth/access_token/" +
"?client_id=${InstagramId}" +
"&client_secret=${InstagramSecret}" +
"&grant_type=authorization_code " +
"&redirect_uri=${RedirectUrl}" +
"&code=${code}"
AndroidNetworking.post(url)
.build()
.getAsJSONObject(object : JSONObjectRequestListener {
override fun onResponse(response: JSONObject) {
Log.d("_TAG_", "onResponse:217 $response")
}
override fun onError(error: ANError) {
error.printStackTrace()
Log.d("_TAG_", "onError:226 ${error.errorBody} - ${error.errorCode} - ${error.errorDetail} - ${error.response}")
}
})
I got similar issue, I was using facebook app id and app secret instead of instagram app id and app secret. To get instagram app id and secret go to "Instagram Basic Display" section on the Facebook Developer site.
I think you have to adjust the way you call. That error is when you dont send parameters in the way is waiting IG.
I leave an example with Axios. But you can traduce to your favourite api.
const querystring = require('querystring');
//Make Object with params
const data = {
client_id: 'xxxxxxx',
client_secret: 'xxxxxxxxxxx',
grant_type: 'authorization_code',
redirect_uri: 'https://example.com/auth',
code: 'xxxx'
}
//Make the Call
axios.post("https://api.instagram.com/oauth/access_token", querystring.stringify(data))
.then(function (response) {
console.log("OK", response.data);
})
.catch(function (error) {
console.log(error);
});
you are using the FACEBOOK APP ID and SECRET please make sure
Go to the
"Instagram Basic Display" section on the Facebook developers site then scroll down until you find the Instagram App ID & Secret.
I am using https://github.com/arnesson/cordova-plugin-firebase to implement firebase phone authentication.
When i call verifyPhoneNumber()...It console me verificationId.
Code sample :
this.firebase.verifyPhoneNumber(phoneNumber,60)
.then(
function (verificationId) {
console.log(verificationId)
return verificationId;
}
)
Console Output:
Object {
instantVerification: false,
verificationId: "here verification id"
}
But, it is not sending code to given phone number.
Any help ?
As i can read in the documentation, they said you need to sign in with you'r credential before send SMS. Maybe you do it before u'r sample code, if you don't you use this instead of you'r code :
window.FirebasePlugin.verifyPhoneNumber(number, timeOutDuration, function(credential) {
console.log(credential);
// ask user to input verificationCode:
var code = inputField.value.toString();
var verificationId = credential.verificationId;
var credential = firebase.auth.PhoneAuthProvider.credential(verificationId, code);
// sign in with the credential
firebase.auth().signInWithCredential(credential);
// call if credential.instantVerification was true (android only)
firebase.auth().signInWithCustomToken(customTokenFromYourServer);
// OR link to an account
firebase.auth().currentUser.linkWithCredential(credential)
}, function(error) {
console.error(error);
});
I tried an offline authentication demo application which can be found here:
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/advanced-topics/offline-authentication/
I have a problem with the adapter invocation.
In onlineAuthentication(), myCustomRealmChallengeHandler.submitAdapterAuthentication fails.
I even add a logout before, and I have this error message on the server:
FWLSE0099E: An error occurred while invoking procedure [project
OfflineAuthentication]authenticationAdapter/submitAuthentication
FWLSE0100E: parameters: [project OfflineAuthentication] Cannot change
identity of an already logged in user in realm 'xxxxxx'. The
application must logout first.
On client after logout, wl.client.isUserAuthenticated is false.
I also tried a WLAuthorizationManager.getUserIdentity() to know if the adapter must do the setActiveUser.
In the main.js:
WL.Client.logout("spgRealm", {onSuccess:logoutSuccess, onFailure:logoutFailure});
WLAuthorizationManager.getUserIdentity().then(function(){
var invocationData = {
adapter : "authenticationAdapter",
procedure : "submitAuthentication",
parameters : [$("#usr").val(), $("#pwd").val(), usrInfo.sid, true ]
};
alert('sans ecran login '+JSON.stringify(invocationData));
spgRCH.submitAdapterAuthentication( invocationData, {
onSuccess:onlineAuthenticationSuccess,
onFailure:onlineAuthenticationFailure
});
})
In the adapter:
function submitAuthentication(username, password, sid, isIdentified){
var i = {
method : 'get',
returnedContentType : 'json',
path : '/mobapp/auth.php',
parameters : {'USR' : username, 'PWD' : password, 'SID' : sid}
};
var o = WL.Server.invokeHttp(i);
if (isIdentified == false) {
var userIdentity = {
userId: username,
displayName: username,
attributes: { 'mobile' : true }
};
WL.Server.setActiveUser("spgRealm", userIdentity);
}
return {
authRequired: false,
'httprsp' : o
};
return onAuthRequired(null, "SRVE001");
}
I also try:
WL.Server.setActiveUser("spgRealm", null);
However, the result is an infinite loop.
I test with Android Studio and an Android application.
the case:
First, logging-in on-line,
Second, quit secure area without logout
third, logging-in off-line
then access secure area on-line with user store off-line
the authentication failed.
the error :
FWLSE0100E: parameters: [project OfflineAuthentication] Cannot change
identity of an already logged in user in realm 'xxxxxx'. The
application must logout first.
the problem is in this part of code (main.js) :
// If logging-in while offline and Internet connectivity is then available, login to the realm without showing the login form.
} else if (username) {
var invocationData = {
adapter : "authenticationAdapter",
procedure : "submitAuthentication",
parameters : [$("#username").val(), $("#password").val()]
};
myCustomRealmChallengeHandler.submitAdapterAuthentication(invocationData, {
onSuccess:onlineAuthenticationSuccess,
onFailure:onlineAuthenticationFailure
});