The bank sent me someone else’s statement

It has happened twice now on two different banks. These are e-statements: emailed PDF statements. I have reported the issue to both banks. Let’s see what they do.

It seems the issue is not new. Other customers with other banks have had it happen to them:

In my case, the banks have sent me password protected PDFs. When I could not open them, I got curious. I investigated it further, and that’s when I discovered what was going on. So, have you received an e-statement you could not open?


Implementing OAuth2 Learnings

I’ve just recently implemented OAuth2 using Flask and Authomatic to login users via Facebook and Google, and learned a few things in the process:

  • the server IP whitelist in Facebook Developer settings does not have to be set. If it is set, FB will only allow incoming connections from these server addresses. Before I fixed this, I kept getting the result:
  • in login2() handler: Something went wrong: Failed to obtain OAuth 2.0 access token from! HTTP status: 400, message: {“error”:{“message”:”This IP can’t make requests for that application.”,”type”:”OAuthException”,”code”:5}}.

    I was scratching my head, because no matter how I update the IP address whitelist on the FB dev console, I could not get the app to successfully authenticate.

  • the app will need to go through FB status review so that the app can be available publicly, else only the developer account can connect via OAuth2
  • For google, the API for google+ has to be enabled. Before doing this, I kept getting None user results.
  • For both FB and google, the callback URL has to be properly set

I got some help from Peter Hudec and Migs Paraz while troubleshooting the problems.