I'm trying to use restFB on Google App Engine, when I try and get info about the current User, I get an error,
javax.net.ssl.SSLHandshakeException: Could not verify SSL certificate for: https://graph.facebook.com/me?format=json
Below is the code I am using,
FacebookClient facebookClient = new DefaultFacebookClient();
User user = facebookClient.fetchObject("me", User.class);
What do I need to do to get this working on the development server?
This is fixed in release 1.5.0 If you update to the new SDK it should run fine.
As a workaround you can use doNotValidateCertificate() to ignore certificate validation. It may put your app at risk, however.
Related
I have a Lambda function that connects with DynamoDB. If I build and deploy this function and run it in my AWS console it works just fine, but if I try to execute it from my IDE (Intellij) it doesn't work. I get the following error message:
The security token included in the request is invalid (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: UnrecognizedClientException;
I tried looking at other questions here and nothing seems to workout. I have two users and each one has one group. One of them has AdministratorAcces and the other has DynamoDBFullAccess and AWSLambda_FullAccess permissions. None of them can execute the function locally. Tried to reconfigure my credentials using aws configure in cmd.
I also tried to create new security credentials. And the problem is not with the function because if I remove the DynamoDB connection code and run and deploy locally the function or deploy it in my AWS console successfuly executes. Anyway I will post below the code of my connection:
AmazonDynamoDB client = AmazonDynamoDBClientBuilder.defaultClient();
DynamoDBMapper mapper = new DynamoDBMapper(client);
MyCustomData data = new MyCustomData("test","12313","test2");
mapper.save(data);
EDIT:
I've been debuging the code where the exact problem occurs and seems that in the class AmazonHttpCLient.java there is a part that checks the credentials. The point is that there are three properties in the AWSCredentials object:
My credentials in the ~/.aws/credentials doesn't have a sessionToken parameter, and I at any moment seted that. Also a friend of mine debuged the same project and said that there is no property sessionToken in his debug. I tried to reinstall AWS CLI, SAM and Intellij, deleted the credentials files and checked if there is no credentials in my variables environment but the problem still persists.
I managed to solve the problem by downgrading my SAM CLI version. It was in 1.15.0 and my friends was in 1.6.2. So I downloaded that specific version and worked like a charm.
I don't know why this happens but I hope this gets fixed in in future versions.
I hope it helps someone having this issue.
Most probably, this error is due to the credentials/aws profile used for establishing connection with AWS account.
To troubleshoot this issue using IntelliJ IDEA, I would suggest you to install AWS Toolkit into your IntelliJ IDEA. Furthermore, use AWS Toolkit to find out which aws profile to use to meet your use-case.
otherwise, refer this existing thread for more other option
I am trying to fetch a simple ClientLogin token.
My code looks like:
UrlFetchTransport urlFetchTransport = new UrlFetchTransport();
ClientLoginTokens clientLoginTokens = new ClientLoginTokens.Builder()
.forApi(ClientLoginTokens.Api.ADWORDS)
.withHttpTransport(urlFetchTransport)
.withEmailAndPassword(email, password)
.build();
String clientLoginToken = clientLoginTokens.requestToken();
The code runs perfectly fine on my local machine and AppEngine's devserver (1.7.7). I end up with a nice clientLoginToken.
On production, however, I always get a 403 Forbidden (or 403 OK whatever that means) and I am never able to retrieve a clientLoginToken (ClientLoginResponseException: 403). My app is currently running on an http://APP.appspot.com domain (default AppEngine production url).
I already tried to use use the default transport and not UrlFetchTransport, but this does not change anything - it runs locally, but fails when running on AppEngine.
Any hints appreciated. Thanks!
Turn out this is a security "feature" of Google's ClientLogin.
AppEngine's servers are distributed worldwide - and Google makes sure nobody has stolen your account credentials. By default (and some unknown metric) Google blocks accesses to your account that do not come from your "computer" (or area I guess).
You can add additional applications by visiting:
https://accounts.google.com/DisplayUnlockCaptcha
After entering your credentials you have 10 minutes to "add" access for another application. That solved it for me. But of course it'd be much better to use OAuth 2.0 what does not have those kind of issues.
I have a desktop Java application that communicates with a GAE server. The client application signs in to the server using OAuth 1.0 with signpost via the provided endpoints
(appname.appengine.com/_ah/OAuthGetAccessToken and the like) with consumerkey and consumersecret set to "anonymous" and scope set to the GAE domain. The login process appears to be working fine:
Retrieve Request Token
Let the user visit the resulting authentication URL
Ask user for verification code
Retrieve Access Token
At this point, I have a seemingly valid token and token secret. If I use these to sign a request to the GAE server, I get an OAuthRequestException when identifying the user:
OAuthService oauthService = OAuthServiceFactory.getOAuthService();
try {
user = oauthService.getCurrentUser();
if (user != null) {
ri.userName = user.getEmail();
}
} catch (OAuthRequestException t) {
t.printStackTrace();
}
This used to work fine until this morning. I am using a modified version of the Chrome to Phone GAE backend. I noticed that Chrome to Phone is having the same issue: I cannot login to the service anymore, so I don't believe this is an error on the client side. Logins don't show up in the Google Connected Sites, Apps, and Services console. Here is a link to the affected line in Chrome to Phone's GAE service: Chrome2Phone affected source.
I already tried registering the application in the Google API console and provided comsumer key and secret, with the same result.
We made some back end changes to our authentication system which ended up not being compatible with App Engine code relying on the authentication system. It appears to be a rather straightforward issue and we are in progress with a fix. We don't have an exact timeline on resolution yet but expect it to be soon.
Update: the fix has been rolled out to production as of about 8pm PST. Thanks everyone your patience.
This isn't exactly an answer, but I'm seeing the same new behavior on a python app engine app using the built-in oauth provider libs (google.appengine.api.oauth). Existing saved tokens continue to work, but requesting a new token and then using it to call a protected service results in a InvalidOAuthTokenError. This is with unchanged consumer and provider code that worked flawlessly until last night (approximately midnight CST).
I'm trying to get OAuth through SoundCloud set up, but I'm having tremendous trouble. My newest issue is this:
I have the user login through a popup window which is connected to SoundCloud. It gives me a back a code once the user logs in. This is all working; however, the next step is failing for me. Once I have the code, I run this snippet of Java code:
URI redir = new URI("http://localhost:9000/auth/soundcloudcapturetoken");
ApiWrapper api = new ApiWrapper(SC_CLIENT_ID, SC_CLIENT_SECRET, redir, null, Env.SANDBOX);
Token authToken = api.authorizationCode(code);
Java fails on the api.authorizationCode(code) line with this error:
SSLPeerUnverifiedException occured : peer not authenticated
I snooped around online, and stumbled upon this post: http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated
It suggested that I add the two mentioned certs to my java cacerts file(s). I added the two certificates to both my jdk and jre, but my app still fails with the same error. Is there something I am missing here?
As a side note, I am currently using this api to access SoundCloud: https://github.com/soundcloud/java-api-wrapper
SoundCloud dev here.
Are you trying to use the sandbox (i.e. connecting to https://api.sandbox-soundcloud.com) ? If so, I was trying to reproduce your issue and just realised that our certificate for that host expired, we are deploying a new certificate as we speak, really sorry about that.
Also, you can find help from SoundCloud engineers in our mailing list: http://bit.ly/yqcubH
I have a GAE/GWT server web application using OAuth 2.0.
Locally (GWT development mode) it works fine (user is being redirected to the access confirmation page, I get a token and I can call google API using this token).
But when I deploy the application to appspot, it fails. Confirmation page looks differently, token returns in different format and google API doesn't work with this token.
Does appspot support OAuth 2.0? Does anybody experience this?
I've been struggling a lot to find out the issue.
In my case I had normally set my appspot url on the console as an authorized URI just as the localhost one, downloaded the json file and had the same redirect_uri_mismatch error.
The solution was to set an http version of the url. For some reason, it won't work if you set only the https one.
Appspot does not suport OAuth http://groups.google.com/group/opendatakit/browse_thread/thread/45ecd1401867154f/0b83b359c2504a74?show_docid=0b83b359c2504a741