I'm trying to develop an alexa skill and I would like to get the user's email and then compare it to those of a database. I found many examples on the web but they are all written in SDK v1 which is no longer supported.
following instructions and after reading the documentation I wrote this piece of code only that it doesn't work either on AWS or in the spoken test on alexa developer. What am I doing wrong?
var accessToken = this.event.context.System.apiAccessToken;
Bearer < ACCESS_TOKEN >
Host: api.amazonalexa.it
Accept: application/json
Authorization: Bearer MQEWY...6fnLok
GET https://api.amazonalexa.com/v2/accounts/~current/settings/Profile.email;
This repo has example code on using customer profile: GitHub: alexa-cookbook
Search for the line:
const email = await client.getProfileEmail();
Related
I am trying to list my GitHub public repos on my public website using their REST API. I have been creating personal tokens so far. In localhost it works.
When I do the request from my site it responds a 401 and it deletes my token.
To get the repos I am doing this simple request:
async function loadRepositories() {
const token = 'my_token';
const response = await fetch("https://api.github.com/users/tauromachian/repos",
{
method: "GET",
headers: {
Authorization: `Bearer ${token}`,
},
}
);
const repositories = await response.json();
return repositories;
},
How can I get this done?
Github is trying to protect you from someone stealing your identity here. There are ways to detect if a HTTP request is sent from the browser or a server (it's not 100% reliable though).
As you make the request from the browser which is a public client, meaning everyone can read the code and hence secrets you use within the code you are exposing your Personal Access Token (PAT). This PAT identifies you against Github, therefore if someone else could get hold of it, they can impersonate you and e.g. delete repos, steal code etc. (if the token has the correct scopes).
As Github wants to prevent that from happening, they delete tokens which are publicly exposed (they know it's exposed as the the request comes from a browser). Therefore attacks like that are not possible anymore.
To make your website work however you can simply make the request from your server as you can securely store secrets on the server-side and call the endpoint of your server from your website. Once you do that, Github won't delete the token, your token is save and you can display the data on the website.
I am trying to consume the Flagsmith APIs as documented here .
It seems some APIs like -- /flags/ need "x-environment-key" header, which is working.
But for others like /environments/ "x-environment-key" does not work. I have tried a bearer token authorisation by obtaining the API key ( Authorization: Bearer <> ). But that doesn't work either. There is no clear documentation on the authentication mechanism ( or I have missed it ).
Can someone throw some pointers ?
x-environment-key is for the SDK endpoints, where as /environments is an admin endpoint used in the dashboard to list a project's environments.
Those endpoints are protected via an API token, so you'd need to send
authorization: Token $API_TOKEN
You can find your API token in your account settings under keys
I'm trying to get a new accessToken and idToken by hitting the endpoint oauth2/token.
I got the refresh token from cognitoUser.authenticateUser() method in amazon-cognito-identity-js
Here's my sample request in postman:
URL (seems fine)
BODY (seems fine)
HEADERS (not sure)
Authorization: Basic Base64(client_id) - i used btoa() function in JS
Note: The pool does not have a client secret
Problem: When I test this out, this is the response
I believe I supplied the right data as documented here:
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
grant_type: refresh_tokenclient_id: required if does not have a secretrefresh_token: refresh token here
Is there something that I'm missing or something I did wrong? I am not very familiar with the flow. Any help is greatly appreciated!
Authorization Basic should be Base64(client_id:client_secret)
Our company is looking for ability to use a service like Twilio to send out SMS messages to several hundred people (RSVP reminders). Currently, we are using Google Sheets to track the list of people.
I found an entry in Twilio's blog (https://www.twilio.com/blog/2016/02/send-sms-from-a-google-spreadsheet.html) written by Greg Baugues that outlines how to send SMS messages using JS and Google Sheets. I copied Greg's JS code into the Google Sheets Script Editor, change out the Account SID and AuthToken with the values provided in my trial account, and then tried to send a single test SMS. Every time I run the function, I get the following response:
Request failed for https://api.twilio.com/2010-04-01/Accounts/AC042b89e7dffb4cb877f82b0c2efc76a7/Messages.json
returned code 401. Truncated server response:
{"code": 20003, "detail": "Your AccountSid or AuthToken was incorrect.", "message": "Authentication Error - No credentials provided", "more_info": ... (use muteHttpExceptions option to examine full response)
To make sure I didn't have some kind of error in my SID and Token, I tried send a test SMS through the web interface, and Python script available on Twilio's website. Both of these were successful.
Does anyone have any other recommendations? In the original blog post, I noticed that several other readers have left comments with the same issue. The authentication part of the original function is:
var options = {
"method" : "post",
"payload" : payload
};
options.headers = {
"Authorization" : "Basic" + Utilities.base64Encode("AccountSID:AuthToken") ##Credentials hidden, obviously
};
I wonder if something has change in Twilio's security settings since this posts was originally shared.
Got it. Very simple Javascript typo. In the options headers, there needs to be a space after Basic. "Authorization" : "Basic "
Everything works now. I'll leave this up in case anyone else decides to replicate the same code from the blog post.
I'm using a Javascript to do Basic Authentication with GitHub. For example, the following shell command gets a token from Github:
curl -i -u uaername:password -k -d "{\"scopes\": [\"repo\"]}" https://api.github.com/authorizations
How do you achieve that with jQuery and AJAX?
Including Basic Auth Data in HTTP Headers with jQuery
You can include basic auth details in the header using the Authorization field. You already understand how jQuery works. This snippet has the bits you're missing:
let auth = btoa(username + ":" + password);
jQuery.ajax({
url: ...,
headers: { Authorization: "Basic " + auth }
...
});
Note: btoa and atob (pronounced B to A and A to B) are builtin functions, and convert to and from Base64. See the MDN docs for more information.
Are you asking whether there is a way to get an oAuth token purely from the client side? If so, the answer is no.
But, you have some work arounds.
Github.js: https://github.com/michael/github
Gatekeeper is an open source server side component which can help with oAuth tokens management:
https://github.com/prose/gatekeeper
You could also use something like Firebase with simple login and in this case you don't need to manage any server side services:
https://www.firebase.com/docs/security/simple-login-github.html