This is what I want to do as soon as I get Sms:
Message received
Read contents
if contents=='abc' do process 1
I know how to do it using Ngrok but I do not want to update localhost address in Twilio for every new session.
Twilio developer evangelist here.
If you know how to do this using ngrok, then you're halfway there as you have presumably built the application that performs this task and run it locally.
If you want this to run permanently with a URL that doesn't change, then you will need to deploy your application to a server somewhere, and point a domain at it. Since you're using Python you might try something like Heroku to host the application. Alternatively, if you rewrite your application in Node.js you could take advantage of Twilio Functions to host your code.
Let me know if this helps at all.
Related
I am making an application that works from the command line, and run locally on my computer.
I want to be able to share it with other people, and thus are trying to apply OAuth.
Do I need a server for the callback? If yes, can I just create it for a second, get the response, and close it?
Thanks
According to Okta, yes, you need to spin up a temporary HTTP server:
The Trick to OAuth 2.0 on the Command Line
The way we’re going to avoid the need to copy and paste anything during the login flow is by having our PHP command line script start a mini HTTP server just when we need it, and shut down when we’re done.
The script will launch the browser to the authorization URL, and when Okta redirects the user back to the mini built-in server, we’ll catch that response, extract the authorization code, shut down the server, and continue with whatever the script was doing.
The example is in PHP, but the idea should also apply to Python.
I created a Flask-Webservice with Python that runs independently inside a docker container. I then uploaded the docker image to an Azure Container Registry. From there I can create a WebService (for Containers) with some few clicks in the Azure Portal, that runs this container. So far so good. It behaves just as I want it to.
But of course I don't want anyone to access the service. So I need some kind if authentication. Luckily (or so I thought) there is a built-in authentication-mechanism (I think it is based on OAuth ... I am not that well versed in security issues). Its documentation is a bit sparse on what actually happens and also concentrates on solutions in C#.
I first created a project with Google as described here and then configured the WebApp-Authentication with the Client-Id and Secret. I of course gave Google a java script source and callback-url, too.
When I now log off my Google account and try a GET-Request to my Webservice in the Browser (the GET should just return a "hello world"-String), I am greeted with a Login Screen ... just as I expected.
When I now login to Google again, I am redirected to the callback-url in the browser with some kind of information in the parameters.
a token perhaps? It looks something like this:
https://myapp.azurewebsites.net/.auth/login/google/callback?state=redirxxx&code=xxx&authuser=xxx&session_state=xxx&prompt=xxx).
Here something goes wrong, because an error appears.
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
As far as I now, nginx is a server software that hosts my code. I can imagine that it also should handle the authentication process. It obviously lets all requests through to my code when authentication is turned off, but blocks un-authenticated accesses otherwise and redirects to the google login. Google then checks if your account is authorized for the application and redirects you to the callback with the access token along with it. This then returns a cookie which should grant my browser access to the app. (I am just reproducing the documentation here).
So my question is: What goes wrong. Does my Browser not accept the cookie. Did I something wrong when configuring Google+ or the Authentication in the WebApp. Do I have to use a certain development stack to use the authentication. Is it not supported for any of the technologies I use (Python, Flask...).
EDIT
#miknik:
In Microsofts documentation of the authentication/authorization it says
The authentication and authorization module runs in the same sandbox
as your application code. When it's enabled, every incoming HTTP
request passes through it before being handled by your application
code.
...
The module runs separately from your application code and is
configured using app settings. No SDKs, specific languages, or changes
to your application code are required.
So while you are probably right that the information in the callback-redirect is the authorization grant/code and that after that this code should now be used to get an access token from Google, I don't quite understand how this would work in my situation.
As far as I can see it Microsofts WebApp for Container-Resource on Azure should take care of getting the token automatically and return it as part of the response to the callback-request. The documentation states 4 steps:
Sign user in: Redirects client to /.auth/login/.
Post-authentication: Provider redirects client to /.auth/login//callback.
Establish authenticated session: App Service adds authenticated cookie to response.
Serve authenticated content: Client includes authentication cookie in subsequent requests (automatically handled by browser).
It seems to me that step 2 fails and that that would be exactly what you wrote: that the authorization grant is to be used by the server to get the access token but isn't.
But I also don't have any control over that. Perhaps someone could clear things up by correcting me on some other things:
First I can't quite figure out which parts of my problem represent which role in the OAuth-scheme.
I think I am the Owner, and by adding users to the list in the Google+-Project I authorize them to use my service.
Google is obviously the authorization server
my WebService (or better yet my WebApp for Containers) is the resource server
and finally an application or postman that does the requests is the Client
In the descriptions of OAuth I read the problematic step boils down to: the resource server gets the access token from the authorization server and passes it along to the client. And Azures WebApps Resource is prompted (and enabled) to do so by being called with the callback-url. Am I right somewhere in this?
Alas, I agree that I don't quite understand the whole protocol. But I find most descriptions on the net less than helpful because they are not specific to Azure. If anyone knows a good explanation, general or Azure-specific, please make a comment.
I found a way to make it work and I try to explain what went wrong as good as I can. Please correct me if I go wrong or use the wrong words.
As I suspected the problem wasn't so much that I didn't understand OAuth (or at least how Azure manages it) but the inner workings of the Azure WebApp Service (plus some bad programming on my part). Azure runs an own Server and is not using the built-in server of flask. The actual problem was that my flask-program didn't implement a WSGI-Interface. As I could gather this is another standard for python scripts to interact with any server. So while rudimentary calls from the server (I think Azure uses nginx) were possible, more elaborate calls, like the redirect to the callback url went to dev/null.
I build a new app following this tutorial and then secured it by following the authentication/authorization-tutorial and everything worked fine. The code in the tutorial implements WSGI and is probably more conform to what Azure expects. My docker solution was too simple.
My conclusion: read up on this WSGI-standard that flask always warned me about and I didn't listen and implement it in any code that goes beyond fiddeling around in development.
I am currently using IFTTT to create some automated software with Amazon Echo (Alexa). I want to use the IFTTT's Maker channel to do so.
Here's what I want the end result to be:
Command Amazon Echo (Alexa) to run a program.
Run a Python program on my computer.
I have had success in using the Trigger function of the Maker channel using a JSON request. However, there seems to be little documentation on the Action function, where IFTTT can make a web request to a URL. I have heard that webhooks may be needed to use this, again I am not sure where to get started with this.
The image below is what the Action function asks for. I know I'll need a server on my local machine or a program reading any requests sent to a public website.
If there are any libraries that would make this much easier, I would happily take recommendations, as this has been on my mind for a while..
Thank you!
This might seem a lame question, but would be great if someone can help. I wrote a small python script which returns some output based on a command sent to it via slack's custom bot. Python script uses RTM API. Whenever someone in slack mentions the bot and passes a command (ex: #slackcustombot foobar), it returns a custom message(ex: Hi foobar) from the script. Now the issue is at the security side. My script resides at a server which is not open to internet. And as Slack uses dynamic IP, there's no possibility of white-listing the slack ip's.
So basically, all I wanted to know is, when someone in slack channel mentions the bots, and when the bot at slack server sends the command to my python script residing at my server, does it send as GET method or as POST method? cuz if it's a GET method, I might not have to worry about the security issue. but if it sends as POST method, what alternative I could use in this scenario? Any help is appreciated. Please correct me if I am wrong somewhere, still learning. :)
Regards,
Junaid.
Neither. It uses the WebSocket protocoll. If you rather want to use a HTTP-based protocol I would recommend looking into the Slack's Event API. It uses HTTPS POST to transfer messages to your bot.
The Events API is not providing all event types that are available with the RTM API, but its much easier to handle and should be sufficient for a chat bot. Check here for a documentation of which event types are available to the both RTM API and Events API.
You will however need to find a way to expose the url of your bot to the Internet, so that Slack can use it. If you need to access internal company applications through your Slack bot, the best approach in my opinion is to have the Slack bot on a webserver in the DMZ of your company.
A more small scale approach is to use a forwarding provider that is connecting to your local webserver through a VPN tunnel and exposing your internal webserver through a special public URL. That would work if you want Slack to talk to your webserver on a local network behind a router / firewall. One example is ngrok, but they are other providers too.
I've written a Python application that makes web requests using the urllib2 library after which it scrapes the data. I could deploy this as a web application which means all urllib2 requests go through my web-server. This leads to the danger of the server's IP being banned due to the high number of web requests for many users. The other option is to create an desktop application which I don't want to do. Is there any way I could deploy my application so that I can get my web-requests through the client side. One way was to use Jython to create an applet but I've read that Java applets can only make web-requests to the server it is deployed on and the only way to to circumvent this is to create a server side proxy which leads us back to the problem of the server's ip getting banned.
This might sounds sound like and impossible situation and I'll probably end up creating a desktop application but I thought I'd ask if anyone knew of an alternate solution.
Thanks.
You can use a signed Java applet, they can use the Java security mechanism to enable access to any site.
This tutorial explains exactly what you have to do: http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
The same might be possible from a Flash applet. Javascript is also restricted to the published site and doesn't allow being signed or security exceptions like this, AFAIK.
You probably can use AJAX requests made from JavaScript that is a part of client-side.
Use server → client communication to give commands and necessary data to make a request
…and use AJAX communication from client to 3rd party server then.
This depends on the form of "scraping" you intend to do:
You might run into problems running an AJAX call to a third-party site. Please see Screen scraping through AJAX and javascript.
An alternative would be to do it server-side, but to cache the results so that you don't hit the third-party server unnecessarily.
Check out diggstripper on google code.