I am trying to add google authentication in my laravel application using hybrid auth.
Google auth configuration:
<?php
return array(
"base_url" => "https://mywebsite.com/gauth/auth",
"providers" => array(
"Google" => array(
"enabled" => true,
"keys" => array(
"id" => "myid.apps.googleusercontent.com",
"secret" => "mysecret"
),
"scope" => "https://www.googleapis.com/auth/userinfo.email "
)
)
);
The authentication worked fine in the http website. But when I added SSL/https to the site it is not working and I am getting the following error:
Exception in Auth.php line 169:
User profile request failed! Google returned an error: exception 'Exception' with message 'The Authorization Service has return: invalid_request' in /project/httpdocs/vendor/hybridauth/hybridauth/hybridauth/Hybrid/thirdparty/OAuth/OAuth2Client.php:84
What is the issue causing this error?
I think the error was due to the PHP version. The PHP version was higher than recommended by the Hybrid Auth.
Used the Google PHP library and worked fine.
https://developers.google.com/api-client-library/php/auth/web-app
Related
I have a local apache2 server running humhub 1.3.14.
My goal is to set Keycloak located on my rancher cluster as the authentication provider for humhub.
After selecting "keycloak OpenId Connect" the user is successfully redirected to the keycloak server. After the user has authenticated, keycloak redirects back to my local humhub server.
There humhub complains:
"Unable to verify JWS: Unsecured connection" .
to validate the JWS, humhub uses yii2-authclient/src/OpenIdConnect.php which requires "spomky-labs/jose:~5.0.6" (which is abandoned, but yii2 does still use it).
in humhub/protected/vendor/yiisoft/yii2-authclient/src/OpenIdConnect.php setting
$validateJws = false
does nothing.
humhub/protected/config/common.php:
return [
'params' => [
'enablePjax' => false
],
'components' => [
'urlManager' => [
'showScriptName' => false,
'enablePrettyUrl' => false,
],
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'keycloak' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://xxxx/auth/realms/humhub',
'clientId' => 'humhub',
'clientSecret' => 'xxxxxxx',
'name' => 'keycloak',
'title' => 'Keycloak OpenID Connect',
'tokenUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/token',
'authUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/auth',
'validateAuthState' => 'false',
'validateJws' => 'false',
],
],
]
]
];
Can anyone help?
Further information required?
UPDATE
After updating "spomky-labs/jose" to "spomky-labs/jose:~6.1.0", the response from humhub changed to:
"Unable to verify JWS: The provided sector identifier URI is not valid: scheme must be one of the following: ["https"]."
UPDATE
I have enabled https also on my local apache2 server which runs humhub.
I also downgraded spomky-labs/jose back to version 5.0.6, because of compatibility problems with the current humhub version 1.3.14.
After that, the JWS error seems to be fixed but a new error accured:
Coult it be caused by the content type in the JWS which is not "application/json" but instead just "" (empty)?
if so, how can this be fixed?
Finaly i found the solution: It is not working well, because humhub does not hold the specifications in its OIDC adapter. After directing back from Keycloak, the following error accures:
The OpenId Connect 1.0 Specification describes, that an ID-Token has to be signed using a JWS (Json Web Signature). Keycloak does that, but does not set the "cty" field. As for https://www.rfc-editor.org/rfc/rfc7515#section-4.1.10 (RFC7515), this field is optional which means, that Humhub (v. 1.3.13) has a wrong implemented Open ID Connect 1.0 adapter because it sets this field to be mandatory.
I have a working implementation of the AWS PHP SDK. Operations like $client->getUser() are working, but $client->adminCreateUser() and others are not working.
When I call $client->adminCreateUser([...]), it results in:
Error executing "AdminCreateUser" on "https://cognito-idp.ap-southeast-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.ap-southeast-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
MissingAuthenticationTokenException (client): Missing Authentication Token - {"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
Line 191 in /var/www/project/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php
Similar services evoked from CLI (e.g cognito-idp admin-create-user) with the exact same credentials are working.
What is causing this?
Example Details
My environment:
Ubuntu 18.04
Apache 2.4.29
PHP 7.3
aws/aws-sdk-php 3.92.3
.aws/credentials
[default]
aws_access_key_id=XXXX
aws_secret_access_key=XXXX
I am using my developer credentials
Example code:
$client = new CognitoIdentityProviderClient([
'version' => 'latest',
'region' => 'ap-southeast-2',
'credentials' => false, // Set to false to allow roles provisioned to our EC2 instances
]);
$result = $client->adminCreateUser([
'DesiredDeliveryMediums' => ['Email'],
'MessageAction' => 'RESEND',
'TemporaryPassword' => 'TemporaryPassword1234',
'UserAttributes' => [
['Name' => 'email', 'Value' => 'mailbox#domain.tld'],
],
'UserPoolId' => 'ap-southeast-2_XXXX',
'Username' => 'mailbox#domain.tld',
]);
You need to remove 'credentials' => false from your CognitoIdentityProviderClient configuration.
The adminCreateUser() operation requires a signed request (unlike operations like signUp(), which is why signUp() would work with an unsigned request but adminCreateUser() and other operations that require developer credentials won't)
From the AWS Docs
https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#admincreateuser says
AdminCreateUser requires developer credentials.
https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#credentials says
Pass false to use null credentials and not sign requests.
A request needs to be signed to provide developer credentials.
I'm using windows, xampp and fairly new on integrating docusign. I watched this tutorial from docusign using PHP, however since the tutorial is using mac, I'm getting confused on how I will setup this tutorial on my xampp and windows and the result is I'm getting the error:
The redirect URI is not registered properly with DocuSign
Here is how I did my setup
1.) Clone the repository and place it on my xamp/htdocs/eg-something-something
2.) Rename the ugly repository name to xamp/htdocs/docusign/
3.) Run composer install to get the dependencies
4.) I configured my ds_config.php and here is my code... I removed credentials for security purposes
<?php
// ds_config.py
//
// DocuSign configuration settings
$DS_CONFIG = [
'ds_client_id' => 'xxxx', # The app's DocuSign integration key
'ds_client_secret' => 'xxx', # The app's DocuSign integration key's secret
'signer_email' => 'xxx#gmail.com',
'signer_name' => 'Michael',
'app_url' => 'http://localhost/docusign/public', // The url of the application.
// Ie, the user enters app_url in their browser to bring up the app's home page
// Eg http://localhost/eg-03-php-auth-code-grant/public if the app is installed in a
// development directory that is accessible via web server.
// NOTE => You must add a Redirect URI of app_url/index.php?page=ds_callback to your Integration Key.
'authorization_server' => 'https://account-d.docusign.com',
'session_secret' => '{SESSION_SECRET}', // Secret for encrypting session cookie content
'allow_silent_authentication' => true, // a user can be silently authenticated if they have an
// active login session on another tab of the same browser
'target_account_id' => false, // Set if you want a specific DocuSign AccountId, If false, the user's default account will be used.
'demo_doc_path' => 'demo_documents',
'doc_docx' => 'World_Wide_Corp_Battle_Plan_Trafalgar.docx',
'doc_pdf' => 'World_Wide_Corp_lorem.pdf',
// Payment gateway information is optional
'gateway_account_id' => '{DS_PAYMENT_GATEWAY_ID}',
'gateway_name' => "stripe",
'gateway_display_name' => "Stripe",
'github_example_url' => 'https://github.com/docusign/eg-03-php-auth-code-grant/tree/master/src/',
'documentation' => false
];
$GLOBALS['DS_CONFIG'] = $DS_CONFIG;
5.) I log into my admin sandbox and use this as my redirect URI
http://localhost/docusign/public/index.php?page=ds_callback
The web app is running but I am having an error of "The redirect URI is not registered properly with DocuSign" when I click the login or just by authenticating.
Thanks for helping me on this issue.
Update part:
I tried adding http:// on the configuration of the integration key on sandbox, however, I'm getting a fatal error:
Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL
error 77: error setting certificate verify locations: CAfile:
C:\xampp\apache\bin\curl-ca-bundle.crt CApath: none (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html) in
C:\xampp\htdocs\docusign\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
on line 186
Once I tried to authenticate. Check this screenshot for the errors.
try http://localhost/docusign/public/index.php?page=ds_callback as the redirect URL.
You need the complete URL including the http:// part.
I am new in Quickbooks and want to use the API by OAuth 2.0 protocol. For that, I did the following steps according to Quickbooks docs.
I have created an Intuit Developer account.
I have created an application for testing purposes.
I got OAuth keys for my test application.
I want to do API requests by using PHP SDK provided by Quickbooks and I started to use code according to the instructions of PHP SDK:
require "vendor/autoload.php";
use QuickBooksOnline\API\DataService\DataService;
$dataService = DataService::Configure(array(
'auth_mode' => 'oauth2',
'ClientID' => "Q0lCkcEshsGMHOEula2r5RKc2yhxvMsYEpKN1lw1WZwyfd1Si6",
'ClientSecret' => "gE0F9hLgwx9OBzRpNxyOvWJH6L2fIhzAwBugPJHq",
'accessTokenKey' => 'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..4z4Assj4x1qt8H4DtQco6A.nmV2jTxaDMVdFWEUO16q5qhbd5aD6U-U-RYnSNywqg-HPC_3_jvwpMJU1a1S5X-PgPUy60WvVy_8p1awY7kIoFzTV4IhdFLrZpYtBUGCjcsvjxWeOSgP6oCayBEmCv7zzabtgB6vxU46jQqKX2IXYUGPPtyYO64hrgELFR4SKUK6boZiVnh8z19gnvsReKMmIINA3-NgC6QJqMRp6HWgzCa9RuDN9tCtrAK2dy5xmJRNSNgdv_gyg1bfdX4l4b30fLPzFk31fsTT9NTJq9PuGtdTsvUuCj7Hme6HPldD9TKYRXWU8TKrQQrQWEpdlbPr6F3rhP6IdmCv9t1XH_WzF_1IseRUoYhiTUjubig-j8gzwajIdYQTzpJQKJ92QiAEyt8k40WWg0v69hEC0w7WRBuUE-IJ50xWypqS_P28IWt1G14rovZ97soGOteSik-41g1icR2zxfNhXGq7zO7oU5B8r-ej5Pb52T0MCMktgd6y32bqwo2pcEzblL2bZs7DZ7LDx5peY4TIfGW21crTE6xjhRr7LdqB8K505pRqIOP20eaRgwtGHLZ3bdBt1_negw2AGjc409BM0nLzzmODxr3yo-YdGwkcOjm5QgbGAsrnpoSo9tSpxPHoN0vMRneRdsKCd6CZG5M1OIOMuj7spkm442tvwiAMCx2Fh-STG6fMnhOq7l_f8NW_3kscxtF2.obQxJKjPfi1KlaQQ_OUoNg',
'refreshTokenKey' => "L011509163184Q0K7DT40SVXhJXAfyoj6B6EbSr3Ty64yVvF5A",
'QBORealmID' => "123145857569084",
'baseUrl' => "https://sandbox-quickbooks.api.intuit.com"
));
I am stacked on getting accessTokenKey in order to complete configurations and start to do API requests. QuickBooks provides a tool named OAuth Playground here for getting accessTokenKey. I put Client ID and Client Secret from Application's Keys as Consumer Key and Consumer Secret in the OAuth Playground's screen and press Connect to QiuckBooks but it gives me this error:
We were unable to process your request.
This error can occur when too much time has passed in the request. We have been notified of the problem and will investigate further.
Please contact us for further assistance.
Error Id: cxgdknrkjzppmjifkv2ipsgp-29491421
Could anyone help me with this error?
I state that I have created an application with LinkedIn and I am in possession of the key and the secret key of the application.
After inserting the key in the configuration file in HybridAuth (config.php) and after trying to log in with my LinkedIn account, HybridAuth returns me the following error:
"Error!
Authentication failed. The user has canceled the authentication or the provider refused the connection.
Original error message: Authentication failed! LinkedIn returned an invalid Token."
What could be the problem?
This is the configuration that concerns LinkedIn:
"LinkedIn" => array (
"enabled" => true,
"keys" => array ( "key" => "************", "secret" => "****************" )
),