I am new-ish to using Django, so this may be an easy thing for someone...I hope so!
I have built a Django REST API by following the tutorial found here: http://www.django-rest-framework.org/. When I run the server, I am able to use the Browsable API and navigate through the API, such as specifically this link: http://127.0.0.1:8000/snippets/. I am also able to access this URL through Postman GET request and retrieve the associated Snippets.
Now, here is my problem:
I have created a React Native application where I am fetching data from this URL (my python server is running). I console.log the response from this, and I continually get an error of:
Error: Network Error
at createError (createError.js:15)
at XMLHttpRequest.handleError (xhr.js:87)
at XMLHttpRequest.dispatchEvent (event-target.js:172)
at XMLHttpRequest.setReadyState (XMLHttpRequest.js:478)
at XMLHttpRequest.__didCompleteResponse (XMLHttpRequest.js:324)
at XMLHttpRequest.js:418
at RCTDeviceEventEmitter.emit (EventEmitter.js:179)
at MessageQueue.__callFunction (MessageQueue.js:236)
at MessageQueue.js:108
at guard (MessageQueue.js:46)
I can refresh the link in the browser or Postman and have no issues, but in the fetch...I am unable to have any success, and am only getting back the vague error message above.
I thought it might have to be with a CSRF, or CORS...but I have both of those set-up ok in Django (and the error message doesn't say those so I don't think that is it).
Any suggestions/ideas?
Thanks!
Not that anyone could have specifically known this from my posting...but I would like to post this answer regardless for someone who may have had this same issue.
I have been developing the React Native application via Expo, and deploying it to my physical phone rather than the iOS/Android simulators.
This being the case, clearly my http://127.0.0.1:8000 or http://localhost:etc would not work from my phone! I then switched to using the iOS Simulator and it worked the first try without problem.
Related
I created a Flask-Webservice with Python that runs independently inside a docker container. I then uploaded the docker image to an Azure Container Registry. From there I can create a WebService (for Containers) with some few clicks in the Azure Portal, that runs this container. So far so good. It behaves just as I want it to.
But of course I don't want anyone to access the service. So I need some kind if authentication. Luckily (or so I thought) there is a built-in authentication-mechanism (I think it is based on OAuth ... I am not that well versed in security issues). Its documentation is a bit sparse on what actually happens and also concentrates on solutions in C#.
I first created a project with Google as described here and then configured the WebApp-Authentication with the Client-Id and Secret. I of course gave Google a java script source and callback-url, too.
When I now log off my Google account and try a GET-Request to my Webservice in the Browser (the GET should just return a "hello world"-String), I am greeted with a Login Screen ... just as I expected.
When I now login to Google again, I am redirected to the callback-url in the browser with some kind of information in the parameters.
a token perhaps? It looks something like this:
https://myapp.azurewebsites.net/.auth/login/google/callback?state=redirxxx&code=xxx&authuser=xxx&session_state=xxx&prompt=xxx).
Here something goes wrong, because an error appears.
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
As far as I now, nginx is a server software that hosts my code. I can imagine that it also should handle the authentication process. It obviously lets all requests through to my code when authentication is turned off, but blocks un-authenticated accesses otherwise and redirects to the google login. Google then checks if your account is authorized for the application and redirects you to the callback with the access token along with it. This then returns a cookie which should grant my browser access to the app. (I am just reproducing the documentation here).
So my question is: What goes wrong. Does my Browser not accept the cookie. Did I something wrong when configuring Google+ or the Authentication in the WebApp. Do I have to use a certain development stack to use the authentication. Is it not supported for any of the technologies I use (Python, Flask...).
EDIT
#miknik:
In Microsofts documentation of the authentication/authorization it says
The authentication and authorization module runs in the same sandbox
as your application code. When it's enabled, every incoming HTTP
request passes through it before being handled by your application
code.
...
The module runs separately from your application code and is
configured using app settings. No SDKs, specific languages, or changes
to your application code are required.
So while you are probably right that the information in the callback-redirect is the authorization grant/code and that after that this code should now be used to get an access token from Google, I don't quite understand how this would work in my situation.
As far as I can see it Microsofts WebApp for Container-Resource on Azure should take care of getting the token automatically and return it as part of the response to the callback-request. The documentation states 4 steps:
Sign user in: Redirects client to /.auth/login/.
Post-authentication: Provider redirects client to /.auth/login//callback.
Establish authenticated session: App Service adds authenticated cookie to response.
Serve authenticated content: Client includes authentication cookie in subsequent requests (automatically handled by browser).
It seems to me that step 2 fails and that that would be exactly what you wrote: that the authorization grant is to be used by the server to get the access token but isn't.
But I also don't have any control over that. Perhaps someone could clear things up by correcting me on some other things:
First I can't quite figure out which parts of my problem represent which role in the OAuth-scheme.
I think I am the Owner, and by adding users to the list in the Google+-Project I authorize them to use my service.
Google is obviously the authorization server
my WebService (or better yet my WebApp for Containers) is the resource server
and finally an application or postman that does the requests is the Client
In the descriptions of OAuth I read the problematic step boils down to: the resource server gets the access token from the authorization server and passes it along to the client. And Azures WebApps Resource is prompted (and enabled) to do so by being called with the callback-url. Am I right somewhere in this?
Alas, I agree that I don't quite understand the whole protocol. But I find most descriptions on the net less than helpful because they are not specific to Azure. If anyone knows a good explanation, general or Azure-specific, please make a comment.
I found a way to make it work and I try to explain what went wrong as good as I can. Please correct me if I go wrong or use the wrong words.
As I suspected the problem wasn't so much that I didn't understand OAuth (or at least how Azure manages it) but the inner workings of the Azure WebApp Service (plus some bad programming on my part). Azure runs an own Server and is not using the built-in server of flask. The actual problem was that my flask-program didn't implement a WSGI-Interface. As I could gather this is another standard for python scripts to interact with any server. So while rudimentary calls from the server (I think Azure uses nginx) were possible, more elaborate calls, like the redirect to the callback url went to dev/null.
I build a new app following this tutorial and then secured it by following the authentication/authorization-tutorial and everything worked fine. The code in the tutorial implements WSGI and is probably more conform to what Azure expects. My docker solution was too simple.
My conclusion: read up on this WSGI-standard that flask always warned me about and I didn't listen and implement it in any code that goes beyond fiddeling around in development.
My question may look silly but I am asking this after too much search on Google, yet not have any clue.
I am using iCloud web services. For that I have converted this Python code to PHP. https://github.com/picklepete/pyicloud
Up to this, everything is working good. When authenticate using icloud username,password I am getting a list of web service URLs as part of response. Now for example to use Contacts web service, I need to use Contact web service URL and add a part to that URL to fetch contacts.
https://p45-contactsws.icloud.com:443/co/startup with some parameters.
The webservice URL https://p45-contactsws.icloud.com:443 is coming in response while authenticating. But the later part, 'co/startup' is there in the python code. I don't know how they found that part. So for some services which is there in Python code, they are working good. But I want to use few other service like https://p45-settingsws.icloud.com:443, https://p45-keyvalueservice.icloud.com:443 etc. and when I try to send request with correct parameters to this other services, I am getting errors like 404 not found or unauthorized access. So I believe that some URL part must be added to this just like contacts. If someone knows how or where can I get correct URL part, I will be really thankful.
Thanks to all in advance for their time reading/answering my question.
I am afraid there doesn't seem to be an official source for these API endpoints, since they seem to be discovered through sniffing the network calls rather than a proper guide from Apple. For example, this presentation, which comes from a forensic tools company, is from 2013 and covers some of the relevant endpoints. Note that iOS was still at versions 5 & 6 then (vs. the current v9.3).
All other code samples on the net basically are using the same set of API endpoints that were originally observed in 2012-2013. (Here's a snippet from another python module with additional URLs you may use.) However, all of them pretty much point to each other as the source.
If you'd like to pursue a different path, Apple now promotes the CloudKit and CloudKit JS solutions for registered apps working with iCloud data.
I'm sure there aren't too many people on the site that have experience with this but I'm going to get it a shot. I tried installing Django Social Auth for social authentication on a site I am designing but when ever I try logging in using any of the services I get and error that says
Incorrect authentication service
I am positive that I have the right consumer and secret key inputted and have reinstalled using pip. Should I try with the just code in the project instead of using the pip version.
Here is my settings.py and local_settings.py combined (couldn't get the code to format correctly on here so I used Pastebin)
[http://pastebin.com/7awDzSxX][1]
So far I've tried getting the example implementation to work and have failed at that as well. I've been trying to copy as much as possible for it but nothing really seems to work. If you'd like more info about the situation let me know and I can post more code.
Cheers.
Looks like incorrect url tag parameter. For me works this one
Enter using Twitter
I was trying to authenticate with Twitter and received the same error. The I realized the twitter backend was commented. It should look like this, obviously applied to whatever backend you're using:
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'social_auth.backends.twitter.TwitterBackend',
)
I had a working Python integration to Facebook, using the Graph API and the https://graph.facebook.com/<<id>>/feed URL, for about a month.
And then all of a sudden a few days ago, I started getting this back whenever I tried to post a status update:
{"error":{"type":"OAuthException","message":"(#200) The user hasn't authorized the application to perform this action"}}
I'm requesting (and getting) the publish_stream permission, and I can do other things like get friends, pages, etc.
Any ideas? There's a link here http://forum.developers.facebook.net/viewtopic.php?id=73912 that shows there are others dealing with this.
Thanks!
So I now have my app working again. I ended up using the JavaScript API from Facebook, using that to login the user, set the cookie, and then I use the Python SDK from Facebook to make the actual status update. It works.
How this is different from what I was doing (my own Python code for doing the same stuff) is beyond me. The token returned by both the JavaScript and my own Python code are identical.
So it works, but I'm not sure how.
i have been on this for the last 2 days with no result.
i am running my facebook app on my localhost with port-forwarding method.
i know my server setup is working fine as i can see the logs on the django runserver and dyndns log as well.
django is properly responding to calls as well.
the problem is as soon as the app authorizes with my user account, it straight follows to the page that says this:
Errors while loading page from application
The URL http://amitverma.dyndns.org/facebook_sample/?auth_token=817f8fbe99eff10582b634589de17b84 is not valid.
Please try again later. We appreciate your patience as the developers of app_test and Facebook resolve this issue. Thanks!
I am making a test app learning from facebook + django tutorial from here and here.
I am still getting this error and I have no idea what i am doing wrong...
Please help me out.
This often happens with a failed authentication. I'm not sure what the Python client libraries might look like, but with the PHP ones you generally make an authorization call against the library, something like $facebook->require_login().
With the PHP library, if this call fails to verify the user's Facebook session, then it automatically outputs HTML that will redirect the browser and try to re-establish the session, hence the auth_token parameter.
I suspect you're running into something similar. Try to isolate any authentication calls you're making, and use a Firefox extension like LiveHTTPHeaders to see if you are undergoing any redirects during the requests.
When you get that error, presuming you have debug=True in the Django settings and that your application is in development mode in Facebook, you can do View Source and see the entire Django error page that would normally display, including traceback. Facebook comment it out in the HTML so it doesn't show on the front end, but you can copy and paste it into a separate HTML file and view that in your browser to see the nice friendly Django error page which will definitely give you a clue as to what's going wrong.