I am trying to create a user using Stripes Connect Api following the Deferred Account Activation
https://stripe.com/docs/connect/deferred-accounts
I am providing the request with what I believe is what is known as the "Platform_Secret_Key" which I think is found in the dashboard's Account Settings > Connect > Platform Settings > ClientId
When I use this in my request as the 'apiKey' I get "Invalid Api Key" error.
However, if I use my account ApiKey, as suggests here https://stripe.com/docs/api#create_account
it errors too with
"You cannot use this method on your own account: you may only use it on connected accounts."
Has anyone been successful? How is this done?
You need to use your platform's secret API key (found in the API keys tab of your dashboard). The client_id (found in the Connect tab) is used to connect standalone accounts via the OAuth flow -- this doesn't apply here since you're directly creating accounts (aka "deferred accounts"), not going through the OAuth flow.
Simply using the create account API endpoint with your platform's secret API key should work. Unfortunately I'm not sure if Stripe.net supports this. The documentation mentions support for the OAuth flow but not for deferred accounts or managed accounts. You might have better luck asking directly on the GitHub tracker for the project: https://github.com/jaymedavis/stripe.net, or maybe someone else will have a better answer for you here!
Related
I'm looking to build a CLI application (most likely in C#) for Linux, Windows and Mac. The App will all access some of my API's, arleady deployed in the cloud. These API's are protected using Firebase Auth. At the moment Auth is done via my website and I support Social Sign in such as GitHub, Google etc.
Now when it comes to adding auth into a CLI app I'm completely stumped. I've been Googling this and can't find anything that walks through what you need to use. Do I need to package the Admin SKD? How to do I protect my Firebase keys (do the need to be in the CLI app)?
Can anyone point me in the right direction here please?
Many thanks in advance
For email and password authentication, you can use Firebase Auth REST API to create/login a user with provided credentials. For OAuth providers such as Google and Github, you can follow OAuth 2.0 Device Authorization Flow described in RFC 8628 and then call Firebase's 'sign in with OAuth credential' to create the user in Firebase Authentication. Here's the general flow for Google Auth:
Request device and user code from the OAuth provider (e.g. Google)
Open the returned link in a browser and ask user to enter the code shown (user may have to open the browser in any other device if current one cannot open a browser e.g. in VMs)
Keep polling for access token till you get the token or any of the errors listed in RFC 8628 section 3.5.
Create/SignIn the user with Firebase using sign in with OAuth credentials REST API using the accessToken returned in previous step.
The last API will return Firebase Authentication's idToken and refreshToken that you can use to further authentication users in your backend.
Checkout OAuth 2.0 for limited input device apps for more information.
Do I need to package the Admin SDK?
No, the Admin SDK must be used only on server side as it has privileged access to your Firebase resources like bypassing security rules.
How to do I protect my Firebase keys (do the need to be in the CLI app)?
The keys are meant to be public (like an identifier for your project). See Is it safe to expose Firebase apiKey to the public? for more information.
I'm working on a small application to connect to Microsoft Azure, list all databases belonging to a certain resource group, and export all said databases. I'm using the Microsoft.WindowsAzure.Management.Sql library for this.
Following this guide, I've managed to set up an app registration in AD for my application and assign it the Owner role (for testing), authenticate with Azure and get an access token.
However, when I try to use that token to perform any operations on the database (such as listing all databases, using IServerOperations.List), I get the following exception:
ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
The tenant ID, subscription ID, client ID and client secret are all correct, and changing any of them results in a different exception, already at the authentication stage.
How can I fix this? If the correct answer is "switch to Microsoft.Azure.Management.Sql" I'm perfectly fine with that, but if possible I'd at least like to understand why this is happening.
HIf the correct answer is "switch to Microsoft.Azure.Management.Sql" I'm perfectly fine with that, but if possible I'd at least like to understand why this is happening.
Microsoft.WindowsAzure.Management.Sql implements the ASM API(Azure old API).
The reason you're getting this error is because you're trying to authenticate/authorize an Azure Resource Manager (ASM) API with application permission.
But Service Management API is a delegated permission and not an application permission.
For more detail information about how to authenticate for ASM and ARM Rest API, please refer to another SO thread.
How can I fix this?
Microsoft.Azure.Management.Sql implements the ARM API. As you mentioned that you could use the Microsoft.Azure.Management.Sql to instand of Microsoft.WindowsAzure.Management.Sql
or you could use X509 Certificate based authorization to authorize your ASM API requests.
For more information about how to authenticate using a management certificate, you could refer to this tutorial.
Note: It is recommanded that to use Microsoft.Azure.Management.Sql to instead of Microsoft.WindowsAzure.Management.Sql
I'm trying to create an app with .net/C# that connects to quickbooks online using DevDefined OAuth. However, I'd like to test with the single use developer tokens before going into production. My issue is that I cannot find a single code example anywhere that describes how to connect to quickbooks (or really any service) that doesn't involve 4 different urls and five different keys, most of which I don't have. So, can someone please describe the process and preferably post or link to some code examples of how to connect to a service using OAuth dev tokens.
Start here:
https://developer.intuit.com/docs/0150_payments/0060_authentication_and_authorization/connect_from_within_your_app#/user
You'll need at least 3 URLs -- OAuth itself requires this:
Request token URL is: https://oauth.intuit.com/oauth/v1/get_request_token
User authorization URL is: https://appcenter.intuit.com/Connect/Begin
Access Token Request URL is: https://oauth.intuit.com/oauth/v1/get_access_token
You'll need several keys:
consumer key
consumer secret
app token
You should have all of those already, since Intuit gives them to you when you register an application with them.
You can ignore this step entirely in the link above: "Step 2: Once the user has logged into your app, call the setup() function."
If you're having trouble, post your code.
Adding to what Keith has mentioned -
Sample app link for .net using dev defined and all urls is mentioned below.
Go to https://developer.intuit.com/.
Create an app on out platform for the QBO v3 apis.
You will get a set of consumer key, consumer secret and app token.
Then implement Connect to Quickbooks button.
Set the above keys in the config of your code.
Then run the code.
You client who has the QBO company can then authorize your code/website to access his QBO company data using Connect to Quickbooks button.
You will then set of access token and access token secret and realmid/companyid to make api calls for their QBO company which is valid for 180 days.
To 'renew tokens', you can call reconnect api after 10 days or do Connect to Quickbooks after 180 days to get new tokens.
See the QBO v3 api sample app here-
https://github.com/IntuitDeveloperRelations
Set in your app keys in the config and test it out.
Also refer imp docs here-
https://developer.intuit.com/docs/0100_accounting/0060_authentication_and_authorization
https://developer.intuit.com/docs/0100_accounting/0060_authentication_and_authorization/connect_from_within_your_app
https://developer.intuit.com/docs/0100_Accounting/0500_Developer_Kits
API docs-
https://developer.intuit.com/docs/api/accounting
Use API explorer to test out calls-
https://developer.intuit.com/v2/apiexplorer?apiname=V3QBO
Private publish-
To do a private publish, you need to go to your app dashboard->Your app and then click on Prod tab->All all urls ->Save->Then go to Keys tab under Prod to get the Prod consumer key and secret.
Apps.comhttp://Apps.com publish-
https://developer.intuit.com/docs/0100_accounting/0008_release_your_app_to_production
https://developer.intuit.com/docs/0100_accounting/0009_publishing_and_marketing_your_app
Google API OAuth 2.0 servcie Account C# ( drive api)
I am only targeting ONE Service Account.
I am looking in authenticating to a service account.
following this example:
Google example
As far I can understand, the token is permanent not 1h like other authentication type. Yet there is no mention of the token in the code.
Do I have to store this token? or do I have to request it every time I want to create the service, using the certificate?
Is the "service" creation code the same as described every time I need it. Or is this just for the very first time I request access to this account?
As I've commented, the article "Using Google Drive API with C#" part 1 and part 2, shows how to store the refresh token and use it to authenticate in the name of app.
It's also warning about the limitations of the service account, in many cases "useless" as you said.
Here's another one implementation of IDataStore.
Hope that help you! =)
Google offers a few options for authenticating users. One of them is Service Accounts which provides more secure communication between your app and Google server while authenticating users.
Normally, if you use Google oAuth library in server side, a shared key is used to authenticate user and to get a token which includes access_token, toke type, refresh_token, expire time. In this case, user should give you permissions.
However, when you use Service account, user is not involved and service account is used for authentication. In this case, in first time, you should use Service Account to get a token and store it in your DB. That way, you will be able to use it next time while sending API calls. And of course, for security reasons, this access token will expire. In this case, you will use refresh_token which returns when you get token for the first time. With using refresh token, you will be able get a new access token.
I have recently finished creating a STS setup and need to expose some WCF service methods on the STS's themselves. So far the login sends a token to the claims provider, the claims provider sets all the clams and then hands the user back down to the front end so that's working fine. I need to implement some WCF functions that need to check that the user has a valid token to trigger the method. I have looked into it and have tried configuring WSFederationHttpBind with little success. It seems to ask the client for a certificate via "Windows cardspace" for some reason and I can't find a way to assign the already produced token with the WCF call from the client. Any pointers in the right direction would be great I've been racking my brains all day and clearly not searching for the right thing!
P.S The STS uses WIF to create/assign the tokens
When you say "It seems to ask the client for a certificate via "Windows cardspace" for some reason" do you mean that when the client calls the service operation you get a UI for CardSpace asking the user to select some credentials?
If so, to suppress this you need to set
channelFactory.Credentials.SupportInteractive = false;
A simple sample is avaialble in the WIF SDK. A slightly more complex one is available here: http://msdn.microsoft.com/en-us/library/ff359113.aspx