I am building an App API in Lumen, and I am a bit confused about how to lock down what/who can make requests to it.
At present I have no way of authenticating requests from the app, so anyone who knows the link could make requests from a browser and potentially cause havok. I know in the .env file there is an appkey variable which is currently empty, and after some research I can't seem to find a clear answer on what it actually does and if I need it.
So basically:
If request comes from my app, proceed.
If it comes from anything else, stop it.
That is what I am looking for.
I am using Ionic $http to make the requests.
Any help would be great
App Key is used for encryption which you can read at https://laravel.com/
use below command to generate key
php artisan key:generate
For more info on lumen auth check below github, Lumen 5.3 token auth
github link for lumen token auth
hello to all i want to use google gcm for my app .. but now is not working ..
open this url shows warning me warning ..
http://developer.android.com/google/gcm/demo.html
The information in this document has been superseded by GCM Server and GCM Client. Please use the GoogleCloudMessaging API instead of the GCM client helper library. The GCM server helper library is still valid.
m confused littel bit .... can any one provide me an latest sample code please
thank you
Use this link to set up your gcm id:
https://developer.android.com/google/gcm/gs.html
I try to use Google oauth to authenticate users on my android app.
Then I would like to send it to my app server so it can connect at any time with Google calendar.
I tried to use
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article:
https://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.
What am I doing wrong?
EDIT:
OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL.
BTW, When I do the web flow with same parameters it works.
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token
When you create google Client ID Don't create a service application before you create a web application
Must include https://www.googleapis.com/auth/plus.login in your scope
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.
I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.
You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes
I found many examples on Stack Overflow and I just don't know where to start since I have a particular prerequisite:
My Delphi Datasnap Rest server is using ZLibCompression and RSA encryption (in TTransportFilterCollection of DSHTTPWebDispatcher). Is there an Android restful API that can handle those? Any sample that already implements that?
I found this thread Android REST client, Sample? as a good starting point, both lightweight and well-formed clients are presented but is it enough for me?
Thanks in advance for any hint, sample or library that you could point me to.
you can use the Android Rest-Client for sending data to a webservice
see my answer in the post Adding body of call to POST using HttpURLConnection
I just used the proxy generator from Danasnap server TDSProxyGenerator component (http://yourserver:port/proxy/java_android.zip) and added this code to my android project...
I had to search for the DSRESTSSLFactory.java file that is not generated by the proxy (but required !!), i found it in a demo from embarcadero, and from that point the communication is entirely handled, all accessible procedures are publicated, and really really simple to use...
I'm trying to create a push service for my Android app, and I follow Google GCM's documentation and example for this matter:
I can register/unregister my Android app. From my server side, I can see that I have one subscription registered, but when I try to send a message from server to my Android app I always get following error:
Error sending message to device #0: MismatchSenderId
For my Android app, I use SENDER_ID = 200000000001.
And for my server side as Google says I use API_KEY = AIzxxxxxxxxxxxxxxxxXxxXxxXxxxXXXXXxxxxs
I followed this document:
http://developer.android.com/guide/google/gcm/demo.html
I've enabled GCM in my Google API panel too, yet I'll get that annoying error message.
How can I fix this problem?
Did your server use the new registration ID returned by the GCM server to your app? I had this problem, if trying to send a message to registration IDs that are given out by the old C2DM server.
And also double check the Sender ID and API_KEY, they must match or else you will get that MismatchSenderId error. In the Google API Console, look at the URL of your project:
https://code.google.com/apis/console/#project:xxxxxxxxxxx
The xxxxxxxxx is the project ID, which is the sender ID.
And make sure the API Key belongs to 'Key for server apps (with IP locking)'
Mismatch happens when you don't use the numeric ID. Project ID IS NOT SENDER ID!! It took me 9 hours to figure this out. For all the confusion created by google, check the following link to get numeric id.
https://console.cloud.google.com
instead of
https://console.developers.google.com
Hope it helps!!
Update:-
Things have changed again. Now the sender id is with firebase.
Go to https://console.firebase.google.com and select your project. Under settings -> cloud messaging, you can find the sender id.
And it works!
Please run below script in your terminal
curl -X POST \
-H "Authorization: key= write here api_key" \
-H "Content-Type: application/json" \
-d '{
"registration_ids": [
"write here reg_id generated by gcm"
],
"data": {
"message": "Manual push notification from Rajkumar"
},
"priority": "high"
}' \
https://android.googleapis.com/gcm/send
it will give the message if it is succeeded or failed
I encountered the same issue recently and I tried different values for "gcm_sender_id" based on the project ID. However, the "gcm_sender_id" value must be set to the "Project Number".
You can find this value under: Menu > IAM & Admin > Settings.
See screenshot: GCM Project Number
This happens when the Server key and Sender ID parameters HTTP request do not match each other. Basically both server ID and Server key must belong to the same firebase project. Please refer to the below image. In case of mixing these parameters from deferent Firebase projects will cause error MismatchSenderId
InstanceID.getInstance(getApplicationContext()).getToken(authorizedEntity,scope)
authorizedEntity is the project number of the server
Your android app needs to correct 12-digit number id (aka GCM Project Number). If this 12-digit number is incorrect, then you will also get this error.
This 12-digit number is found in your Google Play Console under your specific app, 'Service & API' -> 'LINKED SENDER IDS'
Check google-services.json file in app folder of your Android project. Generate a new one from Firebase console if you are unsure. I got this error in two cases.
I used a test Firebase project with test application (that contained right google-services.json file). Then I tried to send push notification to another application and got this error ('"error": "MismatchSenderId"'). I understood that the second application was bound to another Firebase project with different google-services.json. Because server keys are different, the request should be rewritten.
I changed google-services.json in the application, because I wanted to replace test Firebase project with an actual. I generated right google-services.json file, changed request, but kept receiving this error. On the next day it fixed itself. I suspect Firebase doesn't update synchronously.
To get a server key for the request, open https://console.firebase.google.com and select an appropriate project.
Then paste it in the request.
With the deprecation of GCM and removal of its APIs, it appears that you could see MismatchSenderId if you try to use GCM after May 29, 2019. See the Google GCM and FCM FAQ for more details.
Use sender ID & API Key generated here: http://developers.google.com instead (browse for Google Cloud Messaging first and follow the instruction).
If use for native Android, check your AndroidMaifest.xml file:
<meta-data
android:name="onesignal_google_project_number"
android:value="str:1234567890" />
<!-- its is correct. -->
instead
<meta-data
android:name="onesignal_google_project_number"
android:value="#string/google_project_number" />
Hope it helps!!