This is my first touch with Twilio Add-ons.
I want to use the addon "Whitepages Pro Phone Reputation" to return the relative results of a +ZZZZZZZ phone number. I have install the addon on the account (for the client id) and checked the use on Lookups on the control panel.
My PHP code is the following:
require_once(__DIR__ . '/includes/Twilio/autoload.php');
use Twilio\Rest\Client;
$client = new Client('XXXXXXX', 'YYYYYY');
$number = $client->lookups
->phoneNumbers("+ZZZZZZZ")
->fetch(
array("type" => "carrier", "AddOns" => "whitepages_pro_phone_rep")
);
var_dump($number->addOns['results']['whitepages_pro_phone_rep']);
But it returns the following:
array(5) { ["request_sid"]=> string(34) "XRcfbbe6fc969c3d20f5f0a95913a22cde" ["status"]=> string(6) "failed" ["message"]=> string(47) "Requirements to invoke AddOns have not been met" ["code"]=> int(61003) ["result"]=> array(0) { } }
What's the wrong with my code?
Twilio developer evangelist here.
You are receiving an error there, the code is 61003. You can always search for error codes for Twilio and there is normally an explanatory page. Here is the explanation for Error 61003.
Sadly, that explanation doesn't have many solutions!
To me, it looks as though your code is correct, but I wonder whether you have installed and enabled the Add-on in your account for lookups. Go here to install the Add-on, then make sure you have lookups selected.
Let me know if that helps at all.
I work for Whitepages and have some experience working within the Twilio environment. I've been the lead engineer for a couple of joint Twilio / Whitepages webinars and put together the app we used this year at Signal.
Have you tried testing it through a browser? Might be easy to see if it's the code or account / sub account. The mixing up the sid / token between a main account and a sub account has happened to me once.
https://lookups.twilio.com/v1/PhoneNumbers/+XXXXXXXXXXX/?AddOns=whitepages_pro_phone_rep
This will ask you for your account sid and auth token. Make sure you're getting a response there. Then at least we've narrowed it down.
Also when using the + Twilio expects E.169 formatted number numbers so make sure the country code is there.
Side note: It does look like you have "type" which should be "Type" for your carrier response but I don't think that will have an effect on AddOns.
Disclaimer: I've never worked in PHP.
We'll get it sorted out for you. Thanks for your support!
EDIT: Just noticed...would '$number->addOns' need to be '$number->add_ons'?
I detected the problem. ohhh I was so stupid!
I did my tests using my own phone number (Vodafone Greece) but the service did not supports Greek phone numbers.
I do a test with a number from U.S.A. and it works as expected!
Related
I am working on Identity server and OpenId connect and since I need to do the implementation in a more dynamic manner and on multiple microservices in different languages, I am trying to understand the flow and doing the implementation with different stacks without depending on the client SDKs provided by the particular Identity server provider we are using. (in production, most likely, we will use some already built libs but my intention now is to grasp the concept of verification from ground up)
Now I am trying to simulate a case where we already have the access and id tokens and they are sent to a simple REST PHP function, and:
Do verification of JWT signature
Expiration check on the token
Validation of Scope & Audience
Pass username back to the frontend
(not relevant but I generated the access_token with Authorisation code flow -> PKCE)
This is my verification flow, I am using jose-php packages:
# public key
$components = array(
'kty' => 'RSA',
'e' => 'AQAB',
'n' => 'x9vNhcvSrxjsegZAAo4OEuo...'
);
$public_key= JOSE_JWK::decode($components);
$jwt_string = 'eyJ...'; // Access_token
$jws = JOSE_JWT::decode($jwt_string);
$result = $jws->verify($public_key, 'RS256');
However, this returns undefined for $result. I am debugging other parts of the PHP script, and I will share my result with everyone here once I find a fix but I think there is a better way (not with provider exclusive client SDKs) to do this flow and there is a high chance that I am missing something.
If anyone has a background with JWT token verification with PHP for identity server, It will be really great if you can share any better alternative or suggestions to do this here
Thank you in advance :)
This is an answer for anyone who seeks a simple verification middleware for jwks, might not be ideal for production!!! You are more than welcome to suggest a better solution :)
I switched to firebase/php-jwt as it is more convenient and straightforward to use and it was fairly easier to go quickly through its code and it does not return undefined anymore. Now the middleware code for validation looks like below:
$jwks = ['keys' => [[], []];
// JWK::parseKeySet($jwks) returns an associative array of **kid** to private
// key. Pass this as the second parameter to JWT::decode.
// Instead of RS256 use your own algo
// $data can return error so wrap it in try catch and do as you desire afterward
$data= (array) JWT::decode("YOUR_ACCESS_TOKEN", JWK::parseKeySet($jwks), ['RS256', 'RS256']);
For those who are willing to test a sample encoding and decoding process, feel free to use the private key and public key below: (Credit to firebase documentation with a bit of tweaking on my side to convert it to a simple Laravel controller)
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use \Firebase\JWT\JWT;
use \Firebase\JWT\JWK;
use Illuminate\Support\Facades\Http;
class JWTValidation extends Controller
{
public function bundle(){
$privateKey = <<<EOD
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn
vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9
5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB
AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz
bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J
Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1
cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5
5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck
ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe
k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb
qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k
eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm
B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM=
-----END RSA PRIVATE KEY-----
EOD;
$publicKey = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
ehde/zUxo6UvS7UrBQIDAQAB
-----END PUBLIC KEY-----
EOD;
$payload = array(
"iss" => "example.org",
"aud" => "example.com",
"iat" => 1356999524,
"nbf" => 1357000000
);
$jwt = JWT::encode($payload, $privateKey, 'RS256');
//echo "Encode:\n" . print_r($jwt, true) . "\n";
$decoded = JWT::decode($jwt, $publicKey, array('RS256'));
/*
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
*/
$decoded_array = (array) $decoded;
return response()->json(['jwt' => $jwt, 'decoded' => $decoded]);
//echo "Decode:\n" . print_r($decoded_array, true) . "\n";
}
}
Now back to my first question again :)
In case that I validate the key with the help of this library as the first piece of the code, am I exposing any vulnerability? or will it be a time-consuming task in long run to maintain a custom verification flow like this?
I'm in the same process right now :).
The biggest downside now is that I have to decode the JWT first to extract the iss endpoint, then call the .well-known/openid-configuration endpoint, extra the correct key from there and validate the JWT again with the correct key information.
I'm doing it manually now, because I'm not aware of any libraries that support this.
I am trying to make a test transaction using my Laravel 7 app and Authorize.net.
After submitting the sample data, I'm getting:
The element 'createTransactionRequest' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd' has invalid child element 'clientId' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'. List of possible elements expected: 'merchantAuthentication' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'.
Anyone know what's causing this error or how to fix it?
Well, I'll answer my own question since it might help others. The problem is the error message in the Authorize.net response is really vague.
Kurt Friars' comment was helpful, since it pointed me in the right direction. As for Mansour Hamcherif's suggestion, the merchantAuthentication object was set in my app, it just didn't have the right values, so it wasn't that.
The solution for me was setting the proper values to setName() and setTransactionKey(). The previous developer who had worked on this project had left values and the credentials had expired. I did a Linux text search for "setTransactionKey", which lead me to the correct PHP file where I need to set:
$merchantAuthentication = new AnetAPI\MerchantAuthenticationType();
$merchantAuthentication->setName('EnterYourLoginNameHere');
$merchantAuthentication->setTransactionKey('EnterYourTransactionKey');
After that, I cleared all of my Laravel app's caches as well as my browser's caches, did a hard reload, tried a transaction again and it worked! I got:
This transaction has been approved., Transaction ID: **********.
You may want to check the log for the raw request, it's likely the merchantAuthentication object has not been set, if you are using the PHP SDK I recommend checking the SimpleCodeConstants.php file and make sure your merchant credentials constants are set.
For example, if I set my merchant credentials to NULL, I get the same E00003 error as a result of sending the following raw request:
{"createTransactionRequest":{"merchantAuthentication":[],"clientId":"sdk-php-2.0.0-ALPHA", ...}
I'm trying to make Youtube v3 Data API work on my website.
I shamelessly copied this code from google's code samples, and it is not working. The error message showed is this:
An client error occurred: All cacheable requests must have creation dates.
I previously had issues with API keys as I forgot almost everything about APIs in general and I just thought this sample would have been useful to remember things. I managed to generate the appropriate key and now I know for sure it isn't the real problem.
Sadly Google didn't find posts related to this issue, except two links to the actual Php Library that I implemented in my site to make everything work. By looking at it closely I noticed a developer comment that could be useful.
$rawDate = $resp->getResponseHeader('date');
$parsedDate = strtotime($rawDate);
if (empty($rawDate) || false == $parsedDate) {
// We can't default this to now, as that means future cache reads
// will always pass with the logic below, so we will require a
// date be injected if not supplied.
throw new Google_Exception("All cacheable requests must have creation dates.");
}
I can understand english pretty well but I really don't know what to do now.
I even tried to add some sort of date in the request in my code, but it isn't working (you can laugh):
// Call the search.list method to retrieve results matching the specified
// query term.
$searchResponse = $youtube->search->listSearch('id,snippet', array(
'q' => $_GET['q'],
'maxResults' => $_GET['maxResults'],
'date' => strtotime(),
));
An client error occurred: (list) unknown parameter: 'date'
Any tips? Thank you in advance
EDIT: I know, this PHP library is currently in beta, but there must be some workaround.
EDIT 2: I found a temporary work around. I inverted the logic gate of that 'if' in the Php Library and now it works. But I don't like doing this, and I won't mark this as solved. At least if you know the reason of the bug please explain it to me, I'm really interested.
I am currently experiencing this problem. the thing is that it is working perfectly in test mode, but when we try to use the live id and transaction key, we keep getting the error... I am thinking maybe the request is still trying to post to the test server and we need to force the request to the live one
here is our instantiation code
// authorize.net account credentials
$auth_test_mode = false;
if ($auth_test_mode) {
define("AUTHORIZENET_API_LOGIN_ID", "testid");
define("AUTHORIZENET_TRANSACTION_KEY", "testkey");
} else {
define("AUTHORIZENET_API_LOGIN_ID", "ourid");
define("AUTHORIZENET_TRANSACTION_KEY", "ourkey");
}
any help would be greatly appreciated
thanks!
You also need to specify which URL you are using. The test server and live server use different URLs. If you don't change that, too, you'll get this error.
If you are using authorizenet-php-api, then include this line too:
define("AUTHORIZENET_SANDBOX", false);
Also, FYI, you don't need defines for your API keys, you can use the functions like this:
authorizeNetGetDailyTransaction($account['loginID'],$account['transactionID'])
Which is the only way to do it if you have to login to multiple accounts from the same page.
I found that many functions thats documented in Zend_Service_Twitter seem to be no longer working, or maybe i did the wrong thing.
Zend_Debug::dump($twitter->account->verifyCredentials());
returned
object(Zend_Rest_Client_Result)#50 (2) {
["_sxml":protected] => object(SimpleXMLElement)#55 (2) {
["request"] => string(33) "/1/account/verify_credentials.xml"
["error"] => string(19) "Incorrect signature"
}
["_errstr":protected] => NULL
}
This might very well be the case, as Twitter has updated their oAuth Authentication. It also broke my own oAuth Library. The big difference I found was that they added a oauth_verifier, which I did not remember for seeing in the original oAuth documentation when I was building my own library.
This diagram on Twitter's Developer page helps explain.
http://a0.twimg.com/images/dev/oauth_diagram.png
I can't really help you with the rest of your problem as I don't use the Zend Framework myself, but I think your assumption that it needs an update is correct.