oauth2 – API keys or Client Credentials flow? Good practice to control application access to a deployed web component

Company A developed a widget (Web Component) deployed on several clients/partners.

Only clients/partners must be authorized to use the widget.
No need to distinguish between each end users (clients’ users), because only the application itself, the widget itself must be authenticated/authorized.

I thought about using a relevant API KEY per client stored on a reverse proxy (mini-backend), the latter stored on the client’s infrastructure.
This way, the widget could target the reverse proxy, this one providing the hidden API KEY in order to deal with Company A’s backend.

Pros of this solution:
No front developments required on client’s infrastructure.
Cons:
If the API is stolen (in extreme cases), as there is no expiration by default, anyone could benefit of its power at any time except if additional check on domain + IP/DNS are carried out.

Other way, what about the Client Credentials flow of OAuth, that would consist in ensuring a communication between Company A’s backend AND client’s backend to generate a token allowing client/partner to ask for a business token that can expire in a short run.
Thus, the widget would be passed the business token in order to deal with Company A’s backend features at any time, before expiration.

Pros of this solution:
The token can expire and has therefore less potential of damages than a potential stolen API KEY that does not expire.
Cons:
Backend developments required on clients side in order to deal with the client credentials flow (service to service).
Front developments required on client’s infrastructure to provide the business token to the widget.

What would you suggest?

Unity Mirror client scene.local player.connection to client.client owned object not working in client

U hmm I’m new to mirror networking I just wanna find objects that the local player has authority, but it doesn’t work on client, is there a solution to this? Well I could make an object tracking script but that will complicate things.
This question might look like I haven’t research anything, truth is I’ve searched everywhere there is just no documentation for this

Why have a refresh_token with an OAuth2 Client Credentials grant type?

Can someone explain to me the purpose of the refresh token when you’re using the Client Credentials grant type with OAuth2? I’m confused because you can easily generate a new access token without one, so why bother?

For example, to get an access token you typically only need:

https://oauth.example.com/token?grant_type=client_credentials&client_id=CLIENT_ID&client_secret=CLIENT_SECRET

So why would you ever use:

https://oauth.example.com/token?grant_type=refresh_token&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN

Is a refresh token more applicable when using other grant types (eg. Resource Owner Password Credentials)?

scrolling – Thin vertical scrollbars such as those in the Steam client are a usability nightmare. Why do designers still use them?

As an example I detest using the Steam client on a PC and have realized one of the biggest reasons is that scrolling the commonly very ‘tall’ pages is utterly painful.

Scrolling by clicking and dragging the scroll thumb bar is by far the fastest and most efficient way to scroll tall pages. For example I can easily jump to say 3/4 of the way down the page. Keys just can’t do this as well (also force me to go to the keyboard in a heavily mouse driven UI) and let’s not even waste a second thinking about the scroll wheel.

These vertical scrollbars are pixels wide and these scrollbars are not configurable in any way. At least if I am in the browser version I use an addon that lets me override the site scrollbars. Sadly the browser version of steam is missing a lot of client functionality so dumping the client isn’t an option.

Even worse is that if I want to quickly move the mouse to the vertical scrollbar, I cannot rely on Fitt’s law and move the mouse quickly to the screen edge and just scroll. Instead I have to painstakingly move the pointer left a couple of pixels until over the scrollbar. This is just infuriating!

Yes, I have raised this months ago in the dumping ground that is the Steam discussion forum. I received no response apart from some passerby who could only mention the half-baked custom CSS option that is wiped whenever steam updates (often daily).

postgresql – Postresql Client and Version Mismatch

Given:

$which psql
/Library/PostgreSQL/12/bin/psql
$which createdb
/Library/PostgreSQL/12/bin/createdb

Recently I created a database:

$createdb -U postgres postgres
Password: 

However, I don’t understand why the server version varies from the client.

$psql -U postgres
Password for user postgres: 
psql (12.1, server 9.6.2)
Type "help" for help.

How can I create the server on 12.1 as well?

c++ – Is it safe to distribute the server’s certificate file with the client?

I’ve been working on making an SSL server/client on C++ using Boost. To load the certificates, I use the following code for each side:

server.cpp

boost::asio::ssl::context ssl_context(boost::asio::ssl::context::tls);

ssl_context.use_certificate_chain_file("server.crt");
ssl_context.use_private_key_file("server.key", boost::asio::ssl::context::pem);
ssl_context.use_tmp_dh_file("dh2048.pem");

client.cpp

boost::asio::ssl::context ssl_context(boost::asio::ssl::context::tls);
ssl_context.set_verify_mode(boost::asio::ssl::verify_peer);

ssl_context.load_verify_file("server.crt");

If I don’t add the ssl_context.load_verify_file("server.crt"); line on the client, I get the following errors from both sides during SSL handshake:

server: handshake: tlsv1 alert unknown ca

client: handshake: certificate verify failed

So, is it safe to distribute the “server.crt” certificate chain file with the client? If not, how should this be done instead?

sharepoint enterprise – InvalidOperationException: Could not get algorithm from X509AsymmetricSecurityKey to make Client Context for SP 2016 in VS 2019

I’m trying to create a context to SP 2016 site with the help of a certificate using following piece of code:

OfficeDevPnP.Core.AuthenticationManager othManager = new OfficeDevPnP.Core.AuthenticationManager();
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2({certificate path}, {password to access Certificate});
ClientContext oContext = othManager.GetHighTrustCertificateAppOnlyAuthenticatedContext({siteurl}, {clientID}, cert, {certificate issuer id});
Web objWeb = oContext.Web;
oContext.Load(objWeb);
oContext.ExecuteQuery();
string webTitle = objWeb.Title;

However, it is running fine on Visual Studio 2015 but I have various solutions in VS 2019 so it is throwing following exception in VS 2019:

InvalidOperationException: Could not get algorithm from X509AsymmetricSecurityKey

Even tried following in App.config file of my application but issue persists:

<system.web>
<compilation debug="true" targetFramework="4.7.2"/>
<httpRuntime targetFramework="4.6.1"/>
</system.web>

Any help would be much appreciated!

nginx getting 400 error client sent invalid request

I’m trying to set up nginx as reverse proxy to an application.
When I set up the same request over http it works fine

I think I’ve done everything and I still have the 400 error. Any help will be really nice.

My nginx configuration file :

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
}

http {

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;
    large_client_header_buffers 4 16k;

    client_max_body_size 10M;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log debug;

    gzip on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

My site configuration :

server {
    listen 80;
    server_name example.com;
    location /eai {
        proxy_pass http://192.168.44.128:8000;
    }
}
server {
    listen               443 ssl;
    ssl_certificate      /etc/nginx/certificates/myssl.crt;
    ssl_certificate_key  /etc/nginx/certificates/myssl.key;
    server_name example.com;
    location /eai {
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_pass http://192.168.44.128:8000;
    }
}

My python code to call the application behind the proxy :

import requests

url = 'https://example.com/eai/request/import'
file_list = (
    ('file', ('test.csv', open('test.csv', 'rb'), 'text/html')),
)

r = requests.post(url, files=file_list, proxies={"https":"https://192.168.44.241","http":"http://192.168.44.241"}, verify=False)

The info line in the error.log

client sent invalid request while reading client request line, client: 192.168.44.1, server: example.com, request: "CONNECT example.com:443 HTTP/1.0"

Thanks in advance for any help

Regards

Need product design for client – $30 Paypal

Hey everyone, I need to get a cool product design made for my client.

The name of the product is going to be called Joker ( just like the movie) sample images here – https://www.google.com/search?q=jok…UouVkKHbOzAM8Q_AUoAXoECBUQAw&biw=1280&bih=637

Sample Product to design over – https://www.strictlyecig.com/products/no-cap-hemp-delta8-shatter.html

Delta 8 and everything you can add the same just want to…

Need product design for client – $30 Paypal

structured text – StructuredText client on a PLC, adding a C# server

This is ST code running on a PLC, apparently it’s a client, that connects to a server running in Labview.
I need to create a tcp server in c# to talk to it. Any chance of breaking down what’s happening here?

// Start sequence when Trigger changes to TRUE.

IF ( (Enable=TRUE) AND (DoTCP=FALSE) AND (_Eip_EtnOnlineSta=TRUE) ) THEN
    DoTCP:=TRUE;
  
IF (TCP_Conn_Status = _CLOSED) OR (TCP_Conn_Status = _CLOSE_WAIT) OR (TCP_Conn_Status = _CLOSING)  THEN //(TCP_Conn_Status <> _ESTABLISHED) THEN
    Stage := 1; //try connect if not estabilished yet
ELSE
    Stage:=2;   //only check status, avoid open another port and lose sync.     
END_IF;

SktTCPConnect_instance(Execute:=FALSE);  // Initialize instance.
SktClearBuf_instance(Execute:=FALSE);  // Initialize instance.
SktGetTCPStatus_instance(Execute:=FALSE);  // Initialize instance.
SktTCPSend_instance(  // Initialize instance.
    Execute:=FALSE,
    SendDat:= dummy_dat(0));  // Dummy
SktTCPRcv_instance(  // Initialize instance.
    Execute:=FALSE,
    RcvDat :=dummy_dat(0));  // Dummy
SktClose_instance(Execute:=FALSE);  // Initialize instance.
END_IF;

IF (DoTCP=TRUE) THEN

CASE Stage OF
        
    1:  // Request a connection.
        SktTCPConnect_instance(
            Execute   :=TRUE,
            SrcTcpPort:=UINT#0,  // Local TCP port number: Automatically assigned.
            DstAdr    :=IP_Address,  // Remote IP address
            DstTcpPort:=Remote_Port,  // Destination TCP port number
            Socket =>TCP_Conn_WkSocket);  // Socket     
            
        IF (SktTCPConnect_instance.Done=TRUE) THEN
            Stage:=INT#2;  //check TCP status               
        ELSIF (SktTCPConnect_instance.Error=TRUE) THEN
            error_ID := (SktTCPConnect_instance.ErrorID);
            //TCP_Conn_Status := _CLOSED;
            IF (error_ID = WORD#16#2008) THEN //never lock error to else state
                Stage:=INT#6; //errorID=2008 - Socket Communications Resource Overflow
            ELSE
                Stage:=INT#2;  // always check TCP status
            END_IF; 
                    
        END_IF;
        

    2: //request status
        SktGetTCPStatus_instance(
            Execute:=TRUE,
            Socket :=TCP_Conn_WkSocket);  // Socket
                        
        IF (SktGetTCPStatus_instance.Done) THEN
            TCP_Conn_Status := SktGetTCPStatus_instance.TcpStatus;
            IF (TCP_Conn_Status <> _ESTABLISHED) THEN //(TCP_Conn_Status = _CLOSED) OR (TCP_Conn_Status = _CLOSE_WAIT) OR (TCP_Conn_Status = _CLOSING) THEN
                Stage:=INT#0;   //go to end
            ELSE
                Stage:=INT#3;   //continue normal flow
            END_IF;
                                                
        ELSIF (SktGetTCPStatus_instance.Error=TRUE) THEN
            error_ID:=(SktGetTCPStatus_instance.ErrorID);
            Stage:=INT#20; // Error end
        END_IF;
            
    3:   //  sending message
        Payload_local:= Payload_Client_IN;  
                    
        Msg_size_byte := CRC_size_byte + ToAryByte(Payload_local,_LOW_HIGH,SendSocketDat(0)) + UINT#2;  ////payload size + CRC (bytes)
        Msg_size:= ToAryByte(Msg_size_byte,_LOW_HIGH,SendSocketDat(0));     //replace first two bytes with payload  + CRC size 
        Msg_size_byte :=ToAryByte(Payload_local,_LOW_HIGH,SendSocketDat(2));    //replace rest of the array with palyload as bytes
        
        Payload_CRC_send := AryCRCCCITT(SendSocketDat(0),(Msg_size_byte+Msg_size),WORD#0,_LOW_HIGH);        //calculates (size +payload) CRC
        Msg_size_CRC :=ToAryByte(Payload_CRC_send,_LOW_HIGH,SendSocketDat(Msg_size_byte+Msg_size)); //append CRC as bytes to the end of the array
        
        SktTCPSend_instance(
            Execute:=TRUE,
            Socket :=TCP_Conn_WkSocket,  // Socket
            SendDat:= SendSocketDat(0),// TCP_Message_Send(0),  // Send data
            Size   := Msg_size_byte+Msg_size+Msg_size_CRC); // msg payload + payload size + CRC 16
            
        IF (SktTCPSend_instance.Done=TRUE) THEN
            Stage:=INT#4;  // go to read buffer
            SktTCPSend_instance(  // reinitialize instance.
                Execute:=FALSE,
                SendDat:= dummy_dat(0));
            SktTCPRcv_instance( //reset instance
                Execute:=FALSE,
                RcvDat :=dummy_dat(0));
            
        ELSIF (SktTCPSend_instance.Error=TRUE) THEN             
            error_ID:=( SktTCPSend_instance.ErrorID);               
            IF (error_ID =  WORD#16#2006) THEN // OR error_ID = WORD#16#2003) THEN
                Stage:=INT#5;  // time out - clear buffer only
            ELSE
                Stage:=INT#30;  // Error end
            END_IF;
                                    
        END_IF;
        
                            
    4:  // Request receiving message size only
        SktTCPRcv_instance(
            Execute:=TRUE,
            Socket :=TCP_Conn_WkSocket,  // Socket
            TimeOut:=UINT#10,  // Timeout time: 1 x (0.1 sec)
            Size   :=UINT#2,  // Receive data size
            RcvDat := RcvSocketDat(0));  // Receive data
     
        IF (SktTCPRcv_instance.Done=TRUE) THEN              
            Stage:=INT#41;  // Normal end
            SktTCPRcv_instance( //reset instance
                Execute:=FALSE,
                RcvDat :=dummy_dat(0));
                            
        ELSIF (SktTCPRcv_instance.Error=TRUE) THEN              
            error_ID:=(SktTCPRcv_instance.ErrorID);             
            IF (error_ID =  WORD#16#2006) THEN // OR error_ID = WORD#16#2003) THEN
                Stage:=INT#5;  // time out - clear buffer only              
            ELSE
                Stage:=INT#40;
            END_IF;
            
        END_IF;
        
    41: // Request receiving payload
        
        AryByteTo (RcvSocketDat(0),UINT#2,_LOW_HIGH,Msg_size_byte_send);    //convert byte array to message size
        
        SktTCPRcv_instance(
            Execute:=TRUE,
            Socket :=TCP_Conn_WkSocket,  // Socket
            TimeOut:=UINT#10,  // Timeout time 10 x 0.1s - 1sec
            Size   :=Msg_size_byte_send,  // Receive data size
            RcvDat := RcvSocketDat(2));  // Receive data
     
        IF (SktTCPRcv_instance.Done=TRUE) THEN
            Stage:=INT#5;  // normal end
            
            Payload_CRC_receive_recalc:= AryCRCCCITT(RcvSocketDat(0),Msg_size_byte_send,WORD#0,_LOW_HIGH);  //calculate CRC from received message (add size, but exclude CRC on the payload)
            AryByteTo(RcvSocketDat(Msg_size_byte_send),UINT#2,_LOW_HIGH,Payload_CRC_receive);
            IF (Payload_CRC_receive = Payload_CRC_receive_recalc) then
                payload_received:=AryByteTo(RcvSocketDat(2),Msg_size_byte_send - UINT#2,_LOW_HIGH,Payload_Server_OUT);  //convert array of bytes to dta type, excluding msg size and CRC
            END_IF;
            
        ELSIF (SktTCPRcv_instance.Error=TRUE) THEN              
            error_ID:=(SktTCPRcv_instance.ErrorID);             
            IF (error_ID =  WORD#16#2006) THEN // OR error_ID = WORD#16#2003) THEN
                Stage:=INT#5;  // time out - clear buffer only              
            ELSE
                Stage:=INT#410;
            END_IF;
            
        END_IF;
        
        
     5:  // Clear receive buffer.
        SktClearBuf_instance(
            Execute:=TRUE,
            Socket :=TCP_Conn_WkSocket);  // Socket
     
        IF (SktClearBuf_instance.Done=TRUE) THEN
            Stage:=INT#0;  // check connection
        ELSIF (SktClearBuf_instance.Error=TRUE) THEN
            error_ID:=(SktClearBuf_instance.ErrorID);
            Stage:=INT#50;  // Error end
        END_IF;
 
    6:  // Request closing.
        SktClose_instance(
            Execute:=TRUE,
            Socket :=TCP_Conn_WkSocket);  // Socket
                            
        IF (SktClose_instance.Done=TRUE) THEN 
            Stage:=INT#0;  // Normal end
            TCP_Conn_Status:= _CLOSED;
        ELSIF (SktClose_instance.Error=TRUE) THEN
            error_ID:=(SktClose_instance.ErrorID);
            IF (SktClose_instance.ErrorID = WORD#16#2007) THEN//errrorID = 2007 --> Socket Handle Out of Range(closed)
                Stage:=0;
                //TCP_Conn_Status:= _CLOSED;
            ELSE
                Stage:=INT#60;  // Error end
            END_IF;
            
        END_IF;
        
    0:  // Normal end
        DoTCP  :=FALSE;
        Done:= TRUE;
        
        SktTCPSend_instance(  // reinitialize instance.
            Execute:=FALSE,
            SendDat:= dummy_dat(0));
        SktTCPRcv_instance( //reset instance
            Execute:=FALSE,
            RcvDat :=dummy_dat(0)); 
            
    ELSE  // Interrupted by error.
        IF (error_ID = WORD#16#2003 OR error_ID = WORD#16#2008) THEN //Socket Status Error
                //Stage:=UINT#2;    //force reopen
                //error_ID:=WORD#16#0;
                TCP_Conn_Status:= _CLOSED;
                //TCP_Conn_Status:= TCP_Conn_Status;
        END_IF;             
            DoTCP  :=FALSE;//use FALSE to reset states, use TRUE to trap error during debug
            Done := FALSE;              
            SktTCPSend_instance(  // reinitialize instance.
                Execute:=FALSE,
                SendDat:= dummy_dat(0));
            SktTCPRcv_instance( //reset instance
                Execute:=FALSE,
                RcvDat :=dummy_dat(0));
        //END_IF;               
END_CASE;
END_IF;