I'm attempting to add a new bill using the quickbooks API, and I have downloaded the source code and have filled out the $dataservice array. It looks like :
$dataService = DataService::Configure(array(
'auth_mode' => 'oauth2',
'ClientID' => $config[CLIENTID],
'ClientSecret' => $config[CLIENTSECRET],
'RedirectURI' => $config['https://developer.intuit.com/v2/OAuth2Playground/RedirectUrl'],
'scope' => $config['com.intuit.quickbooks.accounting'],
'baseUrl' => "production"
));
With CLIENTID and CLIENTSECRET obviously being the real keys that are generated from my Intuit Developer Account. When I run the php file by going directly to it I get two errors
Fatal error: Uncaught QuickBooksOnline\API\Exception\SdkException: [0]: 'ClientID' must be provided in C:\wamp64\www\Bill\vendor\quickbooks\v3-php-sdk\src\Core\ServiceContext.php on line 205
and
QuickBooksOnline\API\Exception\SdkException: 'ClientID' must be provided in OAuth2. in C:\wamp64\www\Bill\vendor\quickbooks\v3-php-sdk\src\Core\ServiceContext.php on line 205
But as seen above I have set the ClientID. Is there a different way I'm supposed to Access the php file, or is there another config file that should have ClientID set?
Not sure if it's necessary info but I installed the Quickbooks SDK with Composer
Related
I've implemented in my backend Cognito with Signup and Login, MFA activation and inactivation, but now I want to implement the remember devices, to reduce SMS confirmation.
For that, I've adjusted the InitiateAuth Function to the following code:
$client->initiateAuth([
'AuthFlow' => 'USER_SRP_AUTH', // REQUIRED
'AuthParameters' => [
"USERNAME" => $email,
"PASSWORD" => $password,
"SRP_A" => $bigA,
],
'ClientId' => $this->getClientId(), // REQUIRED
]);
This function runs properly, and returns the code in following image:
https://i.gyazo.com/a439e48e2de85a094f56ed4cfee10f83.png
Then, I continue generating SRP Values, and call in the function respondToAuthChallenge, with the following code:
$client->respondToAuthChallenge([
'ChallengeName' => 'DEVICE_SRP_AUTH',
'ChallengeResponses' => [
'USERNAME' => $username,
'SRP_A' => $bigA,
],
'ClientId' => $this->getClientId(),
]);
Yet, It returns me an error saying: 'Missing required parameter DEVICE_KEY'.
If I put a DEVICE_KEY key inside ChallengeResponses it starts returning me the error 'Device does not exist.'
I've searched a lot and cannot find a way to generate the DEVICE_KEY. I've tried with unique ID and sending it in both initiateAuthand respondToAuthChallenge but the error is the same.
Any clue how can I do it? I Believe that SRP code is not 100% yet, as still understanding the concept, yet, cannot understand the DEVICE_KEY part.
Thanks
It looks like you have to use Server Side Authentication Flow
For server-side apps, user pool authentication is similar to that for client-side apps, except:
The server-side app calls the AdminInitiateAuth API (instead of InitiateAuth). This method requires AWS admin credentials. This method returns the authentication parameters.
Once it has the authentication parameters, the app calls the AdminRespondToAuthChallenge API (instead of RespondToAuthChallenge), which also requires AWS admin credentials.
The AdminInitiateAuth returns among other stuff the device key.
To be clear, We have created the EC2 policy, so my site can directly access the services like Parameter store, S3, Amazon SES etc.
As of now, all of my credentials are stored on AWS Parameter Store and then site is using those credentials i.e. DB credentials, diff. API keys etc. So only hard coded credentials are the one which fetch the parameters from Parameter Store. Now client want to remove those hard coded credentials as well, that's why we have created the EC2 Policy.
Till now, we have code like below to fetch the parameters:
$config = array(
'version' => 'latest',
'region' => '*****',
'credentials' => array(
'key' => '*******',
'secret' => '******',
)
);
$s3_instance = new \Aws\Ssm\SsmClient($config);
$result = $s3_instance->getParameters([
'Names' => $credential_group,
'WithDecryption' => true
]);
//converting S3 private data to array to read
$keys = $result->toArray();
var_dump($keys);
Now the question is what i have to change in above code, so it should work without passing those credentials.
Note: I am using AWS PHP library to perform above.
Update
Further reading the documentation, https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials.html
Using Credentials from Environment Variables
If you don't provide credentials to a client object at the time of its instantiation, the SDK attempts to find credentials in your environment. The first place the SDK checks for credentials is in your environment variables. The SDK uses the getenv() function function to look for the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables. These credentials are referred to as environment credentials.
So after that, i have tried the below:
var_dump(getenv('AWS_ACCESS_KEY_ID'));
But it returns the bool(false). So does i need to manually setup those in environment credentials?
Which things i need to change in above code?
Update
Based on this doc: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#credentials
I had made below change (Removed the credentials part from array):
$config = array(
'version' => 'latest',
'region' => '*****'
);
Then system throws the below warnings:
Warning: include(Test_Role_Cognitoaccess_from_instanceRole.php): failed to open stream
Warning: include(): Failed opening 'Test_Role_Cognitoaccess_from_instanceRole.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php')
Warning: include(Test_Role_Cognitoaccess_from_instanceRole.php): failed to open stream
Warning: include(): Failed opening 'Test_Role_Cognitoaccess_from_instanceRole.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php')
As you already mentioned that you attached the policy to EC2 IAM role to access other AWS services.
You should try to create a default credential provider, this will automatically pick keys from the role.
$provider = CredentialProvider::chain(CredentialProvider::env(), CredentialProvider::ini(), CredentialProvider::instanceProfile(), CredentialProvider::ecsCredentials());
When you pass credentials directly to SsmClient and same time you have defined a role to the EC2 machine then you are making confusion for the AWS. If you have defined the permission for the EC2 instance then just do as follow:
use Aws\Ssm\SsmClient;
$client = new SsmClient(['version' => 'latest', 'region' => 'ap-southeast-2']);
$result = $client->getParameters(['Names' => ['My-SECRATE-KEY'], 'WithDecryption' => true]);
print_r($result);
Please keep in mind that permissions take a little time to propagate and in this period you will get permission error for the specific user. If you wait and let the changes take effect then mentioned code will work without any error. In my case I attached AmazonSSMReadOnlyAccess to the EC2 role and to EC2 instance. If you key/value in Parameter store is not encrypted then you can remove 'WithDecryption' => true or change it to false.
I am creating EC2 Instances using AWS PHP SDK. When I try to create an instance in Frankfurt region the API gives me authentication error as this region supports v4 signature service.
When I try to provide 'signature' => 'v4' parameters to client factory method, I get this error
Fatal error: Call to a member function signRequest() on a non-object in \Aws\Common\Signature\SignatureListener.php on line 78
Any suggestions on what's the correct method to use signature v4. Currently I'm using this code.
Aws::factory(array(
'key' => $this->key,
'secret' => $this->secret,
'region' => $region,
'signature' => 'v4')
)->get($service, true);
Finally got it to work, basically we have to provide an Aws\Common\Signature\SignatureV4 Instance in the client factory.
'signature' => new SignatureV4()
I have created an ec2 client using the method mentioned in the AWS docs. I am using the aws.phar file for the SDK. The ec2 client is created properly because when I var_dump the client, it returns the Ec2Client object. But when I attempt to access the describeInstanceStatus from the ec2 client it throws a You are not authorized to perform this operation. exception. This is my code.
use Aws\Ec2\Ec2Client;
require 'aws.phar';
$ec2Client = Ec2Client::factory(array(
'key' => '<aws access key>',
'secret' => '<aws secret key>',
'region' => 'us-east-1'
));
try{
$ec2Client->describeInstanceStatus(array(
'DryRun' => false,
'InstanceIds' => array('InstanceId'),
'Filters' => array(
array(
'Name' => 'availability-zone',
'Values' => array('us-east-1'),
),
),
'MaxResults' => 10,
'IncludeAllInstances' => false,
));}
catch(Exception $e){
echo $e->getMessage();
}
Please tell me where am I getting this wrong. I've tried googling it, looked in the AWS forums but to no result. Thank you.
The error is coming from the Access that you have been granted/denied via AWS IAM.
The user, whose access/secret keys you are using in the code, does not have privilege to describe instances. This privilege is configured in the IAM policy which is applied to this user.
There is nothing wrong with your code. You need to look into the IAM policy about what all privileges are granted/denied to this user.
i am using aws php sdk for creating bucket in S3
i want to create new user IAM using aws php sdk.. .and then i want to save userkey and acceskey. ..
I got the tutorial for limit the access to user,but not get any for creating new user.
is there any way to create new user?
Install AWS SDK - http://docs.aws.amazon.com/aws-sdk-php/guide/latest/installation.html
Create an Iam client however you like by supplying your AWS credentials. The easiest example to demonstrate is putting the credentials in the PHP file directly - See http://docs.aws.amazon.com/aws-sdk-php/guide/latest/credentials.html
Then this example will create a user
<?php
require 'vendor/autoload.php';
$iamClient = \Aws\Iam\IamClient::factory(
[
'credentials' => [
'key' => 'YOUR_ACCESS_KEY',
'secret' => 'YOUR_SECRET_KEY'
]
]
);
$result = $iamClient->createUser(
[
// UserName is required
'UserName' => 'carlton',
// Optional
'Path' => '/packager/dev/'
]
);
4.Check http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Iam.IamClient.html for all of the methods available on the $iamClient variable we created. A good IDE will provide code completion on $iamClient so you can see available methods that way.