- Статус темы:
-
Закрыта.
-
Пуссии
User- Регистрация:
- 20.06.21
- Сообщения:
- 4
- Симпатии:
- 1
Во время игры Персонаж завис. После выхода и попытки войти в игру выдает ошибку gameErrors.apigatewayUnauthorized
Что делать, как это исправить? -
выложите сюда результат диагностики процессов из утилиты https://check4game.com полностью, текстом.
-
Пуссии
User- Регистрация:
- 20.06.21
- Сообщения:
- 4
- Симпатии:
- 1
У нас проблемы именно с игрой black desert. По ссылке, что вы отправили, нет этой игры
-
Ваша проблема не связана с black desert а с лаунчером 4game и там можно выполнить диагностику лаунчера игра не важна при запуске скажет что не видит игру пропускайте!
-
Пуссии
User- Регистрация:
- 20.06.21
- Сообщения:
- 4
- Симпатии:
- 1
лог
check4game ver=2.2.8, uptime=21h 10m, ra
Процессор: Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz
Видео: Intel(R) UHD Graphics / 27.20.100.8280 / 20200706
Видео: NVIDIA GeForce GTX 1650 / 27.21.14.5167 / 20200705
DeviceName: DISPLAY1, BPP: 32, P:True, 1536×864
OS(x64) Microsoft Windows NT 6.3.19041.662
OS Name: Windows 10 Enterprise 2009/ 10.12.2020
.NET 4.7.2+ (528372) / MEMORY: 8060 MB (4202 MB)
report Date: 20.06.2021 18-08-33 +05:00 GMT
игра: N/A, env: N/A, cfg: N/A, N/A
путь: C:UsersProfessionalDownloadscheck4game.2.2.8Скачиваем список LSP файлов
https://www.check4game.com/proc/lsp.txt => OKWinSock2 NameSpace_Catalog
%SystemRoot%system32napinsp.dll (10.0.19041.1100)
%SystemRoot%system32pnrpnsp.dll (10.0.19041.1100)
%SystemRoot%system32pnrpnsp.dll (10.0.19041.1100)
%SystemRoot%system32wshbth.dll (10.0.19041.546)
%SystemRoot%system32NLAapi.dll (10.0.19041.546)
%SystemRoot%System32mswsock.dll (10.0.19041.1100)
%SystemRoot%System32winrnr.dll (10.0.19041.546)WinSock2 Protocol_Catalog
%SystemRoot%system32mswsock.dll (10.0.19041.1100)Скачиваем список несовместимых процессов
https://www.check4game.com/proc/proc.txt => OKСписок процессов
ApplicationFrameHost.exe : Application Frame Host (10.0.19041.1)
audiodg.exe : Изоляция графов аудиоустройств Windows (10.0.19041.1100)
browser.exe (16) : Yandex (21.5.3.742)
CefSharp.BrowserSubprocess.exe*32 (3) : CefSharp.BrowserSubprocess (87.1.132.0)
check4game.exe : check4game (2.2.8.0)
cmd.exe : Обработчик команд Windows (10.0.19041.1100)
CompPkgSrv.exe : Component Package Support Server (10.0.19041.546)
conhost.exe (2) : Хост окна консоли (10.0.19041.1100)
csrss.exe (2) : csrss.exe
ctfmon.exe : CTF-загрузчик (10.0.19041.1100)
DAX3API.exe (2) : DAX API (3.20602.651.0)
dllhost.exe : COM Surrogate (10.0.19041.546)
dwm.exe : Диспетчер окон рабочего стола (10.0.19041.1100)
esif_uf.exe : Intel(R) Dynamic Tuning Service (8.7.10200.12510)
explorer.exe : Проводник (10.0.19041.610)
FMService64.exe : Fortemedia Service (0.1.0.36)
fontdrvhost.exe (2) : Usermode Font Driver Host (10.0.19041.662)
GameCenter.exe*32 (3) : GameCenter (4.0.1630.57824)
HPPrintScanDoctorService.exe : C:Program FilesHPPrintScanDoctorHPPrintScanDoctorService.exe
ibtsiva.exe : Intel(R) Wireless Bluetooth(R) iBtSiva Service (22.00.0.2)
IGCC.exe : IGCC (1.100.3325.0)
IGCCTray.exe : IGCCTray (1.100.3325.0)
igfxCUIService.exe : igfxCUIService Module (6.15.100.8280)
igfxEM.exe : igfxEM Module (6.15.100.8280)
Innova.Launcher.exe*32 : 4game (1.0.0.262)
IntelCpHDCPSvc.exe : Intel HD Graphics Drivers for Windows(R) (25.20.100.8280)
IntelCpHeciSvc.exe : C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_ef76dcbfba64a02cIntelCpHeciSvc.exe
jhi_service.exe : Intel(R) Dynamic Application Loader Host Interface (1.37.2020.0426)
lsass.exe : Local Security Authority Process (10.0.19041.662)
LSB.exe : Lenovo Service Bridge (5.0.2.4)
mediaget.exe*32 : C:UsersProfessionalMediaGet2mediaget.exe
mediaget_crashpad_handler.exe*32 : C:UsersProfessionalMediaGet2mediaget_crashpad_handler.exe
Memory Compression : Memory Compression
Microsoft.Photos.exe : Microsoft.Photos.exe (2020.20120.400400000)
MoUsoCoreWorker.exe : MoUSO Core Worker Process (10.0.19041.662)
NVDisplay.Container.exe (2) : C:WindowsSystem32DriverStoreFileRepositorynvlt.inf_amd64_fba8fe61c46fa4beDisplay.NvContainerNVDisplay.Container.exe
OfficeClickToRun.exe : Microsoft Office Click-to-Run (SxS) (16.0.10375.20036)
OneApp.IGCC.WinService.exe : Intel® Graphics Command Center Service (1.0.0.0)
PresentationFontCache.exe : PresentationFontCache.exe (3.0.6920.9141)
QtWebEngineProcess.exe*32 : C++ Application Development Framework (5.15.2.0)
Registry : Registry
RtkAudUService64.exe (2) : Realtek HD Audio Universal Service (1.0.231.1)
RtkUWP.exe : Realtek Audio Console (1.7.199.0)
RuntimeBroker.exe (9) : Runtime Broker (10.0.19041.546)
SearchApp.exe : Search application (10.0.19041.546)
SearchFilterHost.exe : Microsoft Windows Search Filter Host (7.0.19041.610)
SearchIndexer.exe : Индексатор службы Microsoft Windows Search (7.0.19041.1100)
SearchProtocolHost.exe : Microsoft Windows Search Protocol Host (7.0.19041.610)
service_update.exe (2) : Yandex (21.5.3.742)
services.exe : services.exe
SgrmBroker.exe : SgrmBroker.exe
ShellExperienceHost.exe : Windows Shell Experience Host (10.0.19041.610)
sihost.exe : Shell Infrastructure Host (10.0.19041.1)
smartscreen.exe : SmartScreen Защитника Windows (10.0.19041.1100)
smss.exe : smss.exe
spoolsv.exe : Диспетчер очереди печати (10.0.19041.1100)
StartMenuExperienceHost.exe : C:WindowsSystemAppsMicrosoft.Windows.StartMenuExperienceHost_cw5n1h2txyewyStartMenuExperienceHost.exe
svchost.exe : svchost.exe
svchost.exe (69) : Хост-процесс для служб Windows (10.0.19041.1100)
SystemSettings.exe : Параметры (10.0.19041.1100)
taskhostw.exe : Хост-процесс для задач Windows (10.0.19041.1100)
TextInputHost.exe : C:WindowsSystemAppsMicrosoftWindows.Client.CBS_cw5n1h2txyewyInputAppTextInputHost.exe
wininit.exe : wininit.exe
winlogon.exe : Программа входа в систему Windows (10.0.19041.1100)
WinRAR.exe : WinRAR archiver (6.0.0)
WinStore.App.exe : Store (12104.1001.1.0)
wlanext.exe : Инфраструктура расширяемости беспроводной локальной сети Windows 802.11 (10.0.19041.1100)
WmiPrvSE.exe : WMI Provider Host (10.0.19041.546)
WUDFHost.exe : Windows Driver Foundation (WDF) — хост-процесс среды выполнения платформы драйвера режима пользователя (10.0.19041.1100)
YourPhone.exe : YourPhone (1.21042.143.0)Список служб
Audiosrv : Windows Audio
ClickToRunSvc : Служба Microsoft Office «Нажми и работай»
cphs : Intel(R) Content Protection HECI Service
cplspcon : Intel(R) Content Protection HDCP Service
DolbyDAXAPI : Dolby DAX API Service
DusmSvc : Использование данных
esifsvc : Intel(R) Dynamic Tuning service
FMAPOService : Fortemedia APO Control Service
FontCache3.0.0.0 : Кэш шрифтов Windows Presentation Foundation 3.0.0.0
HPPrintScanDoctorService : HP Print Scan Doctor Service
ibtsiva : Intel Bluetooth Service
igccservice : Intel(R) Graphics Command Center Service
igfxCUIService2.0.0.0 : Intel(R) HD Graphics Control Panel Service
InstallService : Служба установки Microsoft Store
jhi_service : Intel(R) Dynamic Application Loader Host Interface Service
NVDisplay.ContainerLocalSystem : NVIDIA Display Container LS
RtkAudioUniversalService : Realtek Audio Universal Service
SEMgrSvc : Диспетчер платежей и NFC/защищенных элементов
SgrmBroker : Брокер мониторинга среды выполнения System Guard
Spooler : Диспетчер печати
stisvc : Служба загрузки изображений Windows (WIA)
Wcmsvc : Диспетчер подключений Windows
WlanSvc : Служба автонастройки WLAN
WSearch : Windows Search
YandexBrowserService : Yandex.Browser Update Service
BluetoothUserService_5ea74 : Служба поддержки пользователей Bluetooth_5ea74
cbdhsvc_5ea74 : Пользовательская служба буфера обмена_5ea74
CDPUserSvc_5ea74 : Служба пользователя платформы подключенных устройств_5ea74
OneSyncSvc_5ea74 : Синхронизация узла_5ea74
WpnUserService_5ea74 : Пользовательская служба push-уведомлений Windows_5ea74ошибки
check4game ver=2.2.8, uptime=21h 10m, ra
Процессор: Intel(R) Core(TM) i5-10300H CPU @ 2.50GHz
Видео: Intel(R) UHD Graphics / 27.20.100.8280 / 20200706
Видео: NVIDIA GeForce GTX 1650 / 27.21.14.5167 / 20200705
DeviceName: DISPLAY1, BPP: 32, P:True, 1536×864
OS(x64) Microsoft Windows NT 6.3.19041.662
OS Name: Windows 10 Enterprise 2009/ 10.12.2020
.NET 4.7.2+ (528372) / MEMORY: 8060 MB (4202 MB)
report Date: 20.06.2021 18-08-33 +05:00 GMT
игра: N/A, env: N/A, cfg: N/A, N/A
путь: C:UsersProfessionalDownloadscheck4game.2.2.8 -
Изучив вашу проблему могу предложить один способ починки клиента!
Если проблема не будет решена обратитесь Службу поддержки (https://ru.4gamesupport.com/).
В случае, если у вас нет возможности авторизоваться на сайте 4game для создания обращения в Службу поддержки — вы можете написать на почту ru.support@4game.com.
В письме необходимо подробно описать суть вашей проблемы, указать максимум данных, чтобы сотрудник поддержки мог вас идентифицировать.Последнее редактирование: 20 июн 2021
-
Пуссии
User- Регистрация:
- 20.06.21
- Сообщения:
- 4
- Симпатии:
- 1
Спасибо большое, проблема решена!
-
Была рада что смогла помочь!
Если возникнут вопросы / проблемы можете обратится буду рада помогать!Последнее редактирование: 20 июн 2021
-
Ой, а давайте без этого мертвеца) https://ru.4gamesupport.com/downloads/files/4game-supp вот его актуальный наследник.
-
Спасибо большое учту!
Можете закрыть тему вопрос решен)
- Статус темы:
-
Закрыта.
How do I troubleshoot «401 Unauthorized» errors from an API Gateway REST API endpoint after I’ve set up an Amazon Cognito user pool?
Last updated: 2022-08-18
I set up my Amazon Cognito user pool as a COGNITO_USER_POOLS authorizer on my Amazon API Gateway REST API. Now I get «401 Unauthorized» errors in the API response. How do I troubleshoot these errors?
Resolution
Note: API Gateway can return 401 Unauthorized errors for a variety of reasons. The following procedure shows how to troubleshoot 401 errors related to COGNITO_USER_POOLS authorizers only.
1. In the API Gateway console, on the APIs pane, choose the name of your API.
2. In the navigation pane, choose Authorizers under your API.
3. Review the authorizer’s configuration and confirm that the following is true:
The user pool ID matches the issuer of the token.
The API is deployed.
The authorizer works in test mode.
For more information, see Integrate a REST API with an Amazon Cognito user pool.
Note: If you can’t invoke your API after confirming the authorizer’s configuration on the API method, then check the validity of the security token.
Check the validity of the security token
When you check the validity of the security token, confirm that the following is true:
- The security token isn’t expired.
- The issuer in the security token matches the Amazon Cognito user pool configured on the API.
- The ID token and access token string values are valid.
Note: If the string values are valid, you can then decode the tokens. If the tokens aren’t valid, make sure that no spaces were added in the tokens when they were passed in the request header.
Important: If there are no additional scopes configured on the API Gateway method, make sure that you’re using a valid ID token. If additional scopes are configured on the API Gateway method, confirm that you’re using a valid access token. For more information, see Integrate a REST API with an Amazon Cognito user pool and using Amazon Cognito custom scopes in API Gateway.
Example security token payload
Id token payload:
{
"sub": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"aud": "xxxxxxxxxxxxexample",
"email_verified": true,
"token_use": "id",
"auth_time": 1500009400,
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_example",
"cognito:username": "janedoe",
"exp": 1500013000,
"given_name": "Jane",
"iat": 1500009400,
"email": "janedoe@example.com"
}
Access token payload:
{
"auth_time": 1500009400,
"exp": 1500013000,
"iat": 1500009400,
"iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_example",
"scope": "aws.cognito.signin.user.admin",
"sub": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"token_use": "access",
"username": "janedoe@example.com"
}Note the following claim names in the example security token payload:
- token_use indicates the type of token (ID or access token).
- exp indicates the token’s expiration time.
Note: The exp claim is represented as seconds since the Unix epoch (1970-01-01T0:0:0Z) until the date and time the token expires in Coordinated Universal Time (UTC). - auth_time indicates when the token was issued.
- iss indicates the domain of the user pool that issued the tokens.
Important:
- Make sure that the token that you’re using matches the user pool configured on the API Gateway method. If you’re still unable to invoke the API, confirm that you’re using the authorization header correctly.
- If you still receive 401 errors, make sure that your resource policies aren’t blocking the request.
If you’re using Postman to invoke the API
Use OAuth 2.0 authorization mode to use Amazon Cognito tokens directly. When you set up OAuth 2.0 authorization mode, confirm that the following is true:
- Grant type is Authorization code or authorization implicit, following your configuration on the user pool’s app client.
- The callback URL matches the redirected URL configured on the user pool’s app client.
- The Auth URL is in the following format:
https://mydomain.auth.us-east-1.amazoncognito.com/loginImportant: Replace mydomain with the domain name that you’re using to configure your user pool. Make sure that you enter the correct AWS Region that your API is hosted in.
- Client ID is the user pool’s app client ID.
Note: If a client secret is associated with the user pool’s app client, then make sure that you specify the client secret in the Authorization tab in the client secret field. If no client secret is associated with the user pool’s app client, then leave the client secret field blank. - Scope is configured as openid.
Note: The openid scope must be allowed on the user pool’s app client as well. - The correct Amazon Cognito user pool token endpoint is entered for authorization code flow.
Example Amazon Cognito user pool token endpoint
https://mydomain.auth.us-east-1.amazoncognito.com/oauth2/tokenNote: Postman might not pass the required content type to the token endpoint, which can result in a 405 error. However, you don’t receive the 504 error when you use implicit flow.
Did this article help?
Do you need billing or technical support?
AWS support for Internet Explorer ends on 07/31/2022. Supported browsers are Chrome, Firefox, Edge, and Safari.
Learn more »
This is totally possible but the docs are so bad and confusing.
Here’s how you do it:
There is an object called $context.authorizer that you have access to in your gateway responses template. You can read more about it here: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
Here is an examample of populating this authorizer object from your authorizer lambda like so:
// A simple TOKEN authorizer example to demonstrate how to use an authorization token
// to allow or deny a request. In this example, the caller named 'user' is allowed to invoke
// a request if the client-supplied token value is 'allow'. The caller is not allowed to invoke
// the request if the token value is 'deny'. If the token value is 'Unauthorized', the function
// returns the 'Unauthorized' error with an HTTP status code of 401. For any other token value,
// the authorizer returns an 'Invalid token' error.
exports.handler = function(event, context, callback) {
var token = event.authorizationToken;
switch (token.toLowerCase()) {
case 'allow':
callback(null, generatePolicy('user', 'Allow', event.methodArn));
break;
case 'deny':
callback(null, generatePolicy('user', 'Deny', event.methodArn));
break;
case 'unauthorized':
callback("Unauthorized"); // Return a 401 Unauthorized response
break;
default:
callback("Error: Invalid token");
}
};
var generatePolicy = function(principalId, effect, resource) {
var authResponse = {};
authResponse.principalId = principalId;
if (effect && resource) {
var policyDocument = {};
policyDocument.Version = '2012-10-17';
policyDocument.Statement = [];
var statementOne = {};
statementOne.Action = 'execute-api:Invoke';
statementOne.Effect = effect;
statementOne.Resource = resource;
policyDocument.Statement[0] = statementOne;
authResponse.policyDocument = policyDocument;
}
// Optional output with custom properties of the String, Number or Boolean type.
authResponse.context = {
"stringKey": "stringval custom anything can go here",
"numberKey": 123,
"booleanKey": true,
};
return authResponse;
}They key here is adding this part:
// Optional output with custom properties of the String, Number or Boolean type.
authResponse.context = {
"stringKey": "stringval custom anything can go here",
"numberKey": 123,
"booleanKey": true,
};
This will become available on $context.authorizer
I then set the body mapping template in gateway responses tab like this:
{"message":"$context.authorizer.stringKey"}
NOTE: it must be quoted!
finally — after sending a request in postman with Authorization token set to deny I now get back a payload from postman that looks like this:
{
"message": "stringval custom anything can go here"
}
Recently we needed to restrict access /add some basic level of security to an API we are providing to another department. The choice went for Basic Auth ( I know it’s kinda old and well.. basic, but the endpoint was supposed to be for internal use anyway )
In order to add this basic authorization in our Lambda handler, we implemented a Middy middleware.
This middleware is in charge of retrieving the authorized users from SSM ParameterStore and then find a match with the token received in the Authorization Header ( by using
basic-auth module )
Unit tests on the middleware as well on the handler were working.
Authorization header was properly parsed and the user was granted access or denied if not in the list ( or if no Auth token was passed)
Once deployed though, nothing was working.
While Testing with Postman the first thing we realized was that Authorization header ( all headers actually) were Capitalized, while the source code of basic-auth was checking for headers.authorization
Headers are case INsensitive.
According to the docs HTTP Headers are case insensitive (see also this discussion on stackoverflow) but honestly, this statement does not make much sense to me.
They might be case insensitive, but when you debug the object in your code, they are either capitalized or lowercase, therefore accessing the property as lowercase or capitalized makes indeed a difference.
It might be APIGateway or Lambda runtime or Node itself, I dunno, but since what we got as Lambda Event was headers.Authorization basic-auth could not find anything under headers.authorization.
I quickly run a test on Gateway API console to check if there was some conversion there:
Execution log for request 299538fb-5d1f-407d-8efb-aadf77e27ae6
Thu Aug 06 10:32:33 UTC 2020 : HTTP Method: GET, Resource Path: /MY_ENDPOINT
Thu Aug 06 10:32:33 UTC 2020 : Method request query string: {foo=1, bar=2}
Thu Aug 06 10:32:33 UTC 2020 : Method request headers: {authorization=*************************bzTjmQ=}
Thu Aug 06 10:32:33 UTC 2020 : Endpoint request body after transformations: {"resource":"/MY_ENDPOINT","path":"/MY_ENDPOINT","httpMethod":"GET","headers":{"authorization":" Basic *************************bzTjmQ="},"queryStringParameters":{"foo":"1","bar":"2"} [TRUNCATED]
Thu Aug 06 10:32:34 UTC 2020 : Endpoint response body before transformations: {"statusCode":401,"body":"Access denied"}
Enter fullscreen mode
Exit fullscreen mode
No, no conversion there.
By running a Sample Gateway APIProxy within the Lambda console though, it is clear that all headers are supposed to be capitalized
"headers": {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, sdch",
"Accept-Language": "en-US,en;q=0.8",
"Cache-Control": "max-age=0",
"CloudFront-Forwarded-Proto": "https",
"CloudFront-Is-Desktop-Viewer": "true"
}
Enter fullscreen mode
Exit fullscreen mode
It is therefore very likely that the event header passed to the handler has everything capitalized. Whatever, it is just a matter of reading the right property from basic-auth. Luckily they provide an additional method to parse the authorization from any path/object: quickly switch from auth to parse and deploy!
But… The APIGateway URL endpoint was working fine, still when invoking the API through Cloudfront the Access Denied error was still occurring.
After some investigation we found out that for GET requests Cloudfront removes the Authorization header field before forwarding the request to the origin. (see docs)[https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior]
GET and HEAD requests – CloudFront removes the Authorization header field before forwarding the request to your origin.
OPTIONS requests – CloudFront removes the Authorization header field before forwarding the request to your origin if you configure CloudFront to cache responses to OPTIONS requests.
DELETE, PATCH, POST, and PUT requests – CloudFront does not remove the header field before forwarding the request to your origin.
How to change this Behaviour?
Simply whitelist the Authorization header!
From UI Console go to Cache Behaviour Setting and Edit
select Whitelist under Cache Based on Selected Request and then add Authorization under Whitelist Headers
If, like us, you are deploying with AWS CDK specify which headers must be forwarded by the caching behavior:
{
behaviors:[
{
allowedMethods: CloudFrontAllowedMethods.ALL,
cachedMethods: CloudFrontAllowedCachedMethods.GET_HEAD,
defaultTtl: Duration.days(1),
pathPattern: "/MY-ENDPOINT",
forwardedValues: {
queryString: true,
queryStringCacheKeys: ["foo","bar"],
headers: ["Authorization", "authorization"]
}
}
]
}
Enter fullscreen mode
Exit fullscreen mode
Redeploy, wait a bit for CloudFront to invalidate the distribution and propagate the changes and
request authorization is validated and properly cached for the following request!
Hope it helps