The bank sent me someone else’s statement

It has happened twice now on two different banks. These are e-statements: emailed PDF statements. I have reported the issue to both banks. Let’s see what they do.

It seems the issue is not new. Other customers with other banks have had it happen to them:

http://forums.moneysavingexpert.com/showthread.php?t=437431
http://lunaticoutpost.com/showthread.php?tid=221149

In my case, the banks have sent me password protected PDFs. When I could not open them, I got curious. I investigated it further, and that’s when I discovered what was going on. So, have you received an e-statement you could not open?

Implementing OAuth2 Learnings

I’ve just recently implemented OAuth2 using Flask and Authomatic to login users via Facebook and Google, and learned a few things in the process:

• the server IP whitelist in Facebook Developer settings does not have to be set. If it is set, FB will only allow incoming connections from these server addresses. Before I fixed this, I kept getting the result:

in login2() handler: Something went wrong: Failed to obtain OAuth 2.0 access token from https://graph.facebook.com/oauth/access_token! HTTP status: 400, message: {“error”:{“message”:”This IP can’t make requests for that application.”,”type”:”OAuthException”,”code”:5}}.

I was scratching my head, because no matter how I update the IP address whitelist on the FB dev console, I could not get the app to successfully authenticate.

• the app will need to go through FB status review so that the app can be available publicly, else only the developer account can connect via OAuth2
• For google, the API for google+ has to be enabled. Before doing this, I kept getting None user results.
• For both FB and google, the callback URL has to be properly set

I got some help from Peter Hudec and Migs Paraz while troubleshooting the problems.