AWS API Gateway fails to fetch Apple /.well-known/openid-configuration - aws-api-gateway

I have a SAM template that defines the following API:
MyApi:
Type: AWS::Serverless::HttpApi
Properties:
FailOnWarnings: true # <--- it succeeds without this
Auth:
Authorizers:
AppleSignIn:
JwtConfiguration:
audience:
- com.domain.MyApp
issuer: "https://appleid.apple.com"
IdentitySource: "$request.header.Authorization"
When I run this with FailOnWarnings:true, I get this warning (which is treated as an error):
Resource handler returned message:
Warnings found during import: Unable to create Authorizer
'AppleSignIn': Caught exception when connecting to
https://appleid.apple.com/.well-known/openid-configuration for issuer
https://appleid.apple.com. Please try again later. Error: Invalid
issuer: https://appleid.apple.com. Issuer must have a valid discovery
endpoint ended with '/.well-known/openid-configuration'. Ignoring.
(Service: AmazonApiGatewayV2; Status Code: 400; Error Code:
BadRequestException; Request ID: 409removed8b6;
Proxy: null) (Service: null; Status Code: 404; Error Code:
BadRequestException; Request ID: null; Proxy: null) (RequestToken: 43fremoved3b9, HandlerErrorCode:
GeneralServiceException)
However, as far as I can tell, https://appleid.apple.com/.well-known/openid-configuration is available and valid -- not sure why it would fail with 400 or 404. If I remove FailOnWarnings, it can deploy and the authorizer works, but I prefer to keep it strict.

Related

How to debug "Internal Server Error" in AWS Cloudformation (MWAA)

I try to deploy AWS MWAA via Cloudformation but come accross:
Resource handler returned message: "Invalid request provided: Internal server error (Service: Mwaa, Status Code: 500, Request ID: 21fea850-9cf7-4977-a947-d10dd3cc1a13)" (RequestToken: f2384bd0-68a6-44d3-d57d-fed3a52f817b, HandlerErrorCode: InvalidRequest)"
on the MWAA resource itself. The other ressources (LoadBalancer, Listener, etc...) are correctly deployed.
What are my solutions to debug this? Since the error message is not explicit and the resource is not created (so it has no logs).

Hashicorp Vault: 400 Bad Request Accept header is missing

I have enabled jwt auth on my dev vault instance
vault auth enable jwt
Success! Enabled jwt auth method at: jwt/
However, when I try to configure the jwks_url for the jwt auth I get the following error
➜ vault write auth/jwt/config jwks_url="<jwks_url>"
Error writing data to auth/jwt/config: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/auth/jwt/config
Code: 400. Errors:
* error checking jwks URL: fetching keys oidc: get keys failed: 400 Bad Request Accept header is missing
Any idea what might I be doing wrong?

"Access is denied due to invalid credentials" REST API error. How to solve?

I followed the documentation here: and here: Trying to integrate to a Personality Insights service via Android Java.
However, after the app runs, and using the correct username and password as mentioned in the guide... (the guide is not clear (2nd bullet point in "Before you begin") on which set of credentials to use - It says get the "service credentials" and credentials from the new service created - I tried with both and both fail with the same error below.)
Error:
12-11 01:49:56.201 29584-29632/? I/CredentialUtils: JNDI string lookups is not available. 12-11 01:49:56.269 29584-29632/? D/NetworkSecurityConfig: No Network Security Config specified, using platform default 12-11 01:49:56.723 29584-29632/? D/OkHttp: --> POST https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 http/1.1 (1297-byte body) 12-11 01:49:56.803 29584-29632/? D/OkHttp: <-- 401 Not Authorized https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 (78ms, unknown-length body) 12-11 01:49:56.863 29584-29632/? E/WatsonService: POST https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13, status: 401, error: Not Authorized 12-11 01:49:56.865 29584-29632/? E/ERROR: Unauthorized: Access is denied due to invalid credentials
com.ibm.watson.developer_cloud.service.exception.UnauthorizedException: Unauthorized: Access is denied due to invalid credentials at com.ibm.watson.developer_cloud.service.WatsonService.processServiceCall(WatsonService.java:492) at com.ibm.watson.developer_cloud.service.WatsonService$2.execute(WatsonService.java:254) at com.upen.personalityapp.MainActivity$RetrieveFeedTask.doInBackground(MainActivity.java:105) at com.upen.personalityapp.MainActivity$RetrieveFeedTask.doInBackground(MainActivity.java:87) at android.os.AsyncTask$2.call(AsyncTask.java:306) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:244) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:761) 12-11 01:49:56.866 29584-29584/?
This is the code I am using; I am trying to pass a "text" input to the service.
service = new PersonalityInsights("2017-10-13");
service.setUsernameAndPassword("{myUsername}", "{myPassword}");
Profile profile = service.getProfile(text).execute();
System.out.println(profile);
return profile.toString();
I am using the com.ibm.watson.developer_cloud:personality-insights:3.8.0 dependency.
I tried connecting to the URL in the error (https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 ) via a browser. It prompts for a username/password combo. I entered my details from my IBM Cloud Lite service but it throws the HTTP Error 405. Is this how it's supposed to work on the browser?
For someone in the future;
Instead of service.setUsernameAndPassword(username, password);, I tried service.setUsernameAndPassword("username", "password"); and it worked.

Rest API Token Based Authentication Mechanism with Swagger Not Working

I am trying to make an API call with rest token based authentication from swagger. But at server side, I don't find token in the request. I tried the same API call with poster and swagger. In Poster it works fine but in swagger it doesn't.
Below is my JSON file which I am using to make API call with token:
swagger: '2.0'
info:
title: City
description: City Information
version: 1.0.0
host: '127.0.0.1:8090'
schemes:
- http
basePath: /App
produces:
- application/json
paths:
/city/list:
get:
summary: city
description:
Show cities name and its attributes.
security:
- APIAuthKey: []
responses:
'200':
description: An array of city
default:
description: Unexpected error
securityDefinitions:
APIAuthKey:
type: apiKey
in: header
name: X-AUTH-TOKEN
And this is how swagger sends request with X-AUTH-TOKEN:
But, when I use the same API call wit same parameters and X-AUTH-TOKEN in Poster, It works fine. Below, I have highlighted that how I send request with Poster:
Can anyone please suggest if I'm doing anything wrong or missing something? Why am I unable to send token with request correctly to fetch at server side in request header?

Dropbox API returning http 500 status instead of http 400 status for a non-existant user in a team

Starting at around 21:00 PM GMT today , when we query for a user which doesn't exist in dropbox team, we are receiving an http 500 status with internal error message. In comparison earlier we use to receive http 400 message with message that user doesn't exist in team.
Has something regressed at dropbox end, or is this change intentional and hence we should consider http 500 internal error as equivalent to user not found?
For example RESPONSE#1 is what we expected as valid behavior , while RESPONSE#2 is what we are receiving currently
RESPONSE#1
Resource: https://api.dropbox.com/1/idm/get_profile?email=dummy#authentication.test
Operation: GET
Headers: Authorization: Bearer XXX
Content Type:
Data:
%% Time: 08/28/2014 17:06:51 GMT
Message: The remote server returned an error: (400) Bad Request. Web Response: {"error": "User not on this team"} ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.
RESPONSE#2
Resource: https://api.dropbox.com/1/idm/get_profile?email=dummy#authentication.test
Operation: GET
Headers: Authorization: Bearer XXX
Content Type:
Data:
Time: 08/28/2014 22:40:29
(500) Internal Server Error. Web Response: {"error": "Internal Server Error"} ---> System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
Thanks
Somesh