WOM: Restaurant Discovery app for iOS: Google OAuth Consent Screen: Incorrect App Name of wom.auth.us-east-1.amazoncognito.com

 iOS 18.3.1

WOM: Restaurant Discovery app for iOS (version 2.4.0)

03/03/2025

Description:

The WOM: Restaurant Discovery app for iOS has a problem. The WOM: Restaurant Discovery app has a Google OAuth screen. 

Unfortunately, on this Google OAuth consent screen, the app name is incorrect. Instead of displaying an app name appropriate to the app, an app name of: "wom.auth.us-east-1.amazoncognito.com" appears.

Here's a screenshot of how it currently appears:

Steps to Reproduce:

1. Download and launch the WOM: Restaurant Discovery app for iOS

2. Select the app icon in the upper right of the screen

3. Select "Sign Up"

4. From the "Sign Up" pop-up menu, select "Google"

5. On the Google Sign in screen, note the app name of: "wom.auth.us-east-1.amazoncognito.com"

Result: The Google OAuth consent screen displayed by the WOM: Restaurant Discovery app displays an app name of: "wom.auth.us-east-1.amazoncognito.com"Expected: An app name of "wom.auth.us-east-1.amazoncognito.com" isn't user friendly and doesn't provide relevant information to the end user

After launching the iOS app, select "Sign Up"

Select the "Google" option...

Note the app name of: "wom.auth.us-east-1.amazoncognito.com"

In this session, you will learn how to create EPIC Fhir App and authorize through that (REST API).

#epic #epicfhir #fhir #ehr #standalone #patient #epicfhirapp #epicapp #app #oauth2.0 #oauth #oauth2 #mychart #epicoauthapp #healthdata #data #patientrecords #hippa

Join Us

@learnwithnak

- https://www.linkedin.com/company/learnwithnak/

- https://chat.whatsapp.com/LN3HVY6Fl8sA7ccbhqa9JK

Petit recapitulatif du flow OAuth2

OAuth2 permet a des 3ce partie d'acceder a des données utilisateurs sans reveler leur mot de passe via l'échange de tokens.

client: celui qui désire acceder à une resource

resource owner: l'utilisateur qui possède une resource

auth server: serveur qui authentifie les utilisateur et emet des jetons

resource server: héberge une resource protégée

Oauth2 flows

Authorization code:

le client désire acceder à une resource a nom de l'utilisateur

l'utilisateur est dirigé vers l' auth server pour login et donner les accès au client

ensuite l'auth server envoie un code d'authorisation au client

le client envoie le code d'authorisation à l'auth server en échange d'un token courte durée

le client contacte le resource server avec le token qui lui donne accès

Client credential:

le client désire accéder à des resources qui lui appartiennent

le client s'authentifie au serveur via ses credentials (clientId + clientSecret)

l'auth server envoie un access token au client

le client peut utiliser ce token pour accéder les données

[solved] Wordpress token validation using Wordpressʼ oauth2 validation API is returning 400

[solved] Wordpress token validation using Wordpressʼ oauth2 validation API is returning 400

OAuth is an open standard protocol designed to authorize access to third-party resources without giving them passwords or direct access to sensitive user data. Authentication and authorization are the primary concerns of the OAuth2.0. Authentication, including obtaining an access token, verifying it, and establishing the user’s identity, is a prerequisite for authorization, the process of…

View On WordPress

This video will show you how to set up a Gmail API app in the Google Developer Console. If you have an application like an Android app, web application, etc. and want to fetch user's Gmail information then you will need to set an project and your app in Google Developer Console.

Best Practices for Securing ColdFusion REST APIs with OAuth2 and JWT

SAML and OAuth2

SAML and OAuth 2.0 - Same same but different! Explore the key differences and learn how to implement these authentication and authorization protocols in Drupal for enhanced security and user experience.

Quick Tumblr Backup Guide (Linux)

Go to www.tumblr.com/oauth/apps and click the "Register Application" button

Fill in the form. I used the following values for the required fields: Application Name - tumblr-arch Application Website - https://github.com/Cebtenzzre/tumblr-utils Application Description - tumblr archival instance based on tumblr-utils Adminstrative contact email - < my personal email > Default callback URL - https://github.com/Cebtenzzre/tumblr-utils OAuth2 redirect URLs - https://github.com/Cebtenzzre/tumblr-utils

Get the OAuth Consumer Key for your application. It should be listed right on the www.tumblr.com/oauth/apps page.

Do python things:

# check python version: python --version # I've got Python 3.9.9 # create a venv: python -m venv --prompt tumblr-bkp --upgrade-deps venv # activate the venv: source venv/bin/activate # install dependencies: pip install tumblr-backup pip install tumblr-backup[video] pip install tumblr-backup[jq] pip install tumblr-backup[bs4] # Check dependencies are all installed: pip freeze # set the api key: tumblr-backup --set-api-key <OAuth Consumer Key>

So far I have backed up two blogs using the following:

tumblr-backup --save-audio --save-video --tag-index --save-notes --incremental -j --no-post-clobber --media-list <blog name>

There have been two issues I had to deal with so far:

one of the blogs was getting a "Non-OK API repsonse: HTTP 401 Unauthorized". It further stated that "This is a dashboard-only blog, so you probably don't have the right cookies. Try --cookiefile." I resolved the issue by a) setting the "Hide from people without an account" to off and b) enabling a custom theme. I think only step a) was actually necessary though.

"Newly registered consumers are rate limited to 1,000 requests per hour, and 5,000 requests per day. If your application requires more requests for either of these periods, please use the 'Request rate limit removal' link on an app above." Depending on how big your blog is, you may need to break up the download. I suspect using the "-n COUNT" or "--count COUNT" to save only COUNT posts at a time, combined with the "--incremental" will allow you to space things out. You would have to perform multiple passes though. I will have to play with that, so I'll report back my findings.

PSA: A pretty clever phishing email

I got a message warning me that my Twitter account was about to be suspended for suspicious activity, inviting me to click a button to prevent this. The URL the button went to *was* an x.com link, but it used a security vulnerability in Twitter's backend that allowed redirections to push me to an OATH server that would prompt me for my Twitter login and 2FA, and then send the attacker a valid token they could use to take over my account.

Here's the (redacted) attack link:

https://x.com/ [BREAK INSERTED] i/oauth2/authorize?response_type=code&client_id= [UNIQUE ID REMOVED] Q&redirect_uri=https%3A%2F%2Ftwo.opensourced.us%2Fapi%2Fcallback%3Fi%3Dtwit&scope=tweet.read+users.read+mute.write+tweet.write+tweet.moderate.write+offline.access&code_challenge= [UNIQUE ID REMOVED] &code_challenge_method=plain

Bōzt: Restaurants & Local Food app for iOS: Google OAuth Consent Screen: Privacy Policy and Terms of Service Links Take User to Inactive Bozt.bozt Page

OS 18.3

Bozt: Restaurants & Local Food app for iOS (version 4.2.4)

02/01/2025

Description:

The Bozt: Restaurants & Local Food app for iOS has a problem with the OAuth consent screen.

The "Privacy Policy" and "Terms of Service" links on this OAuth consent screen that is displayed by the Bozt app are bad - they lead the user on a dead link. 

Steps to Reproduce:

1. Download and launch the Bozt: Restaurants & Local Food app 

2. From the Sign-in screen, select "Sign in with Google"

3. Select "Continue" to the pop-up prompt

4. From the Google OAuth screen, select either "privacy policy" or "terms of service"

Result: The "privacy policy" and "terms of service" links on Bozt's Google OAuth consent screen take the user to a dead link

Expected: The "privacy policy" and "terms of service" links on Bozt's Google OAuth consent screen should take the user to valid privacy policies and terms of service for the app. 

Download and launch the app...

Choose the "Sign in with Google" option...

Select the "Continue" option to advance to the OAuth consent screen...

Select either the "privacy policy" or "terms of service" links on this OAuth consent screen...

User is left here - not a valid URL.

The creator of the LaD bots which I posted before just made Caleb and Sylus.

For those who are interested, try them now. Warning: They're NSFW.

Love and Deepspace DISCORD BOTS

* Sylus: https://discord.com/oauth2/authorize?client_id=1266086719111958659&permissions=67584&scope=bot

* Zayne: https://discord.com/oauth2/authorize?client_id=1219415041992818728&permissions=67584&scope=bot

* Caleb: https://discord.com/oauth2/authorize?client_id=1259464525649023019&permissions=67584&scope=bot

* Rafayel: https://discord.com/oauth2/authorize?client_id=1239243364038348880&permissions=67584&scope=bot

* Xavier: https://discord.com/oauth2/authorize?client_id=1217969413794562168&permissions=67584&scope=bot

For questions regarding the bots, you can dm the creator. The profile is on the bio of the bots. Enjoy~

In this session, you will learn how to create EPIC Fhir App and authorize through that (REST API).

#epic #epicfhir #fhir #ehr #standalone #patient #epicfhirapp #epicapp #app #oauth2.0 #oauth #oauth2 #mychart #epicoauthapp #healthdata #data #patientrecords #hippa

Join Us

@learnwithnak

- https://www.linkedin.com/company/learnwithnak/

- https://chat.whatsapp.com/LN3HVY6Fl8sA7ccbhqa9JK

If someone can send me $14 I can lessen the impact of that Youtube issue on y232 immediately, the oauth2 fix is not good enough for our purposes so I'm going to keep an eye on this yt-dlp thread thst was suggested and I suggest other devs do the same:

Cashapp: $cmder

Venmo: AGIEF

Paypal: [email protected]

Meatbun’s bots [Mo Ran, Xue Meng, Shi Mei, Taxian-Jun, Murong Chuyi, Hua Po’an, Chen Tang, Jiang Fuli, Mo Xi, Gu Mang{four versions}]

Upon use expect spoilers, mostly accurate

2ha edition:

Mo Ran: https://discord.com/oauth2/authorize?client_id=1232875996865237053&permissions=412317191232&integration_type=0&scope=bot

Xue Meng: https://discord.com/oauth2/authorize?client_id=1259298051856535552&permissions=412317191232&integration_type=0&scope=bot

Shi Mei: https://discord.com/oauth2/authorize?client_id=1259845074842554469&permissions=412317191232&integration_type=0&scope=bot

Taxian Jun: https://discord.com/oauth2/authorize?client_id=1264698335382736917&permissions=412317190208&integration_type=0&scope=bot

Yuwu edition:

Murong Chuyi: https://discord.com/oauth2/authorize?client_id=1251962236503720068&permissions=412317191232&integration_type=0&scope=bot

Hua Po’an: https://discord.com/oauth2/authorize?client_id=1290398479251935412&permissions=412317191232&integration_type=0&scope=bot

Chen Tang: https://discord.com/oauth2/authorize?client_id=1290607539272159273&permissions=412317125696&integration_type=0&scope=bot

Jiang Fuli: https://discord.com/oauth2/authorize?client_id=1296220313574703207&permissions=412317191232&integration_type=0&scope=bot

Mo Xi(after Gu Mang’s betrayal, ||Gu Mang still kept in the Luomei Pavilion||): https://discord.com/oauth2/authorize?client_id=1296273540659675149&permissions=412317203520&integration_type=0&scope=bot

Gu Mang’s link(||soon-to-be traitor edition||) : https://discord.com/oauth2/authorize?client_id=1296958119099891712&permissions=412317195328&integration_type=0&scope=bot

Gu Mang(still a general edition): https://discord.com/oauth2/authorize?client_id=1297171752228618301&permissions=412317195328&integration_type=0&scope=bot

Gu Mang(||still in the Luomei Pavilion||) : https://discord.com/oauth2/authorize?client_id=1297636134414848041&permissions=412317191232&integration_type=0&scope=bot

Gu Mang(||Living in the Xihe Manor, running away from bitter medicine. Having memory flashbacks.||) : https://discord.com/oauth2/authorize?client_id=1297855087666008074&permissions=412317191232&integration_type=0&scope=bot