I am using one java code to list the buckets in assume role. For that I need to manually enter the virtual MFA to authorize. I want to skip this process manually and want to authorize the MFA in alternate way . I don't know how to use.?
I tried entering MFA token manually, every time. I want to automate , so that I don't want to enter MFA manually every time when I run code
Related
We have an existing web application we developed and needed to port over to an android application for people in the field. So we have a shell of an android application that just points to the URL and displays it. I want to save the user credentials so if they timeout/close application and re-click the application it will auto log them in always after the first time.
I am looking at SharedPrefrences as other threads here have done, but not sure how to capture the creds from the web input elements. Can I use SharedPrefrences to accomplish this still? If so how do I target that input?
You do NOT save the user credentials. Ever. Saving them means they can be read by malware. And no, encryption can't help as the encryption key would need to be in your app or on your filesystem.
Instead, you have your login API return a token. This token will be sent back to the server with every request (either as a parameter or a cookie). The server will then use this token to look up the user id on the server and figure out who it is. That token can be saved to SharedPreferences. (This is the simplest version, there are more advanced things you can do as well, but this is sufficient).
Why is this safer than storing the password? Because passwords can and frequently are shared between multiple apps, so losing a password can compromise multiple accounts.
BTW, this is also how webapps work. They don't send the username/password with every request, when they login a cookie is saved with a token, and its sent back with every future request.
I am currently working for an application that deals with a lot of secure data. On every login operation, I need to enter the registered Email after which I need to enter a 6-digit Token that is sent to my email.
I do understand and have worked with both Gmail API and JavaMail API to automate the above mentioned scenario where my test script when executed enters the valid/registered Email then fetches the token and logs me in the application. Please do make a note that each time the Token is generated, the token expires in 15 minutes and the token can only be used only once.
The above is the scenario where I am looking for an alternate approach, rather than using Gmail/JavaMail API where I can read the mail, fetch the token and use the same to run the test case. The reason I am looking for an alternate approach is that, the test script will be used to validate for the same test multiple times, I guess 1000 times a day.
The application has authentication of 2 ways, one where the user receives and email and the other form of authentication is by using Authy/Google Authy app to login. I am only looking for suggestions/pointers with respect to Email Token verification method.
Thanks in advance.
We have the same type of logic in our application and I solved it by just calling the Authentication api directly and storing the key in my Testcontext.
Obviously there is some code that gets the key, puts it in the email and sends it out. You should try to call that code directly if possible.
I am able to access resources from Microsoft Graph using Get access without user. However, this method does not allow me to access resources which require delegated permissions.
I also tried to use the Get access on behalf of a user method, but it will require my user to sign in through a webpage, which is not desired in my scenario.
Is it possible to generate an authorization code with a long life time (possibly over a year) and use that code to request an access token, which can then be used to get resources that require delegated permissions?
Note: I know generating an authorization code with such a long life time is not a good idea, but this code will be used by the back-end program to access resources and not the user. So I do not want the user sign in page to pop up. Looking to implement this in Java.
Thanks!
In order to use delegated permission, the end user needs to sign in interactively through an OAuth2.0 flow.
Now, you can use a user's creds with the Resource Owner Credentials Flow which is simply posting the username/password to Azure AD and getting tokens back. This path is not recommended as it's brittle (For example, MFA will not work) and requires your app to manage the user's credentials.
Your best bet is to create some kind of sign in experience for your users that allows them to sign in and consent to your application. Refresh tokens in Azure AD have a lifetime of until-revoked meaning they can last as long as a year if not longer. The bottleneck you'll hit is the end user's password expiring which would lead them to need to sign in again.
For some help with this, Azure AD has an ADAL4j library you can use. I've also written a small Spring MVC Java code sample for the Azure AD v2.0 endpoint (Microsoft Accounts + Azure AD Accounts) that uses a 3rd party library.
I am trying to use java code mention on link: http://www.nexttutorial.com/faq/azureAD/1/Azure-active-directory-graph-api-user-authentication-in-java - but I get below error:
java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS50055: Force Change Password.\r\nTrace ID: 7596cf92-f3d6-4baf-a0c9-d166a92d1500\r\nCorrelation ID: 8cccb074-4ae4-4c9b-932b-1f4ddcb514cb\r\nTimestamp: 2017-05-05 08:20:28Z","error":"user_password_expired"}
I haven't used the Java APIs, but I can tell you two things that are the core of the problem:
The user's password has expired
You are using Resource Owner Password Grant flow
You need to change the application to instead show a browser window so the user can reset their password. If you just want to test the code as is, you can open a new Incognito/private/InPrivate window and sign in to e.g. portal.azure.com with the user. That will allow you to make sure they have a working password.
But I would advise against using that sign in flow because of potential problems like this one.
The reason you get the error is that the user needs to set a new password, but the flow you are using cannot support that scenario. It also cannot support the scenario where the user account has MFA enabled/is a Microsoft account etc.
And by the way, if this app is intended not to be used by a user, but just run as is, I would suggest making it a daemon with application permissions on the necessary APIs and then use client credentials flow for authentication. No user account needed then, since the app has the needed rights.
I am trying to create a purely command line based dropbox client for myself. How do I get the authorization code for the token without opening the browser. How do I use the Google OAuth API for Java to achieve this?
Dropbox doesn't offer a way to get an access token without using the browser. The user (in this case, you) needs to go to Dropbox to authorize the app, but this only needs to be done once.
I recommend using the Dropbox Java Core SDK:
https://www.dropbox.com/developers/core/sdks/java
The tutorial here shows you how to do this with a command line app:
https://www.dropbox.com/developers/core/start/java
Or, even simpler, since this is only for your own account, you can generate an access token for your account for an app you own using the "Generate" access token button on the app's page on the App Console:
https://www.dropbox.com/developers/apps