I'm using keycloak to protect my restapi endpoints. I have a permission bot /bonuses/* permission and i can get result 200 for GET /bonuses/list endpoint.
But I'm getting an unauthorized errors for POST /bonuses/create endpoint.
I guess there is a restriction for POST request but I couldn't find it yet.
Thanks for your help.
I realized the problem, because of crsf is enabled. How can i configure CRSF ?
Related
Seattle 10
Chilkat
migrating sharefile api from V1 to V3.
Registered for API key and received credentials.
Code is successful in receiving authorization code and immediately after when sending a get request with header containing authorization code to receive list of items in a file using
GET','/sf/v3/Items('folderid)?$expand=Children&$select=Id,Name,Children,Children/Id,Children/Name',sbResponseBody)
I get a 401 error unauthorized. cannot find any help on the sharefile site.
response: Response Status Code = 401Response Header:Response Body:{"code":"Unauthorized","message":{"lang":"en-US","value":"[AUTH] Invalid Authentication"},"reason":"NotAuthenticated"}
response3:
Sorry for being verbose. Any help will be appreciated.
I'm posting the answer to my question in case somebody has a similar issue as mine.
My issue was that I was adding the word "Bearer" to the auth id which is returned by the http request while using that auth id to download my item from sharefile.
Unlike with some others I did not have to add the word bearer to the Oauthid as the http header did it for me.
I'm trying to test DRF login API on Postman but I'm getting 403 Forbidden CSRF token missing error. What I've done: Yes, I have CsrfViewMiddleware in settings. API works in browser but not on Postman or Flutter. I then followed these instructions: https://ourcodeworld.com/articles/read/1619/how-to-handle-postman-and-django-403-forbidden-error-csrf-verification-failed but the error remains. Any advice is appreciated.
Instead of adding the token to Headers in postman like the article suggested I added csrfmiddlewaretoken to Body and now I'm able to log in.
This post helped: How to Use Postman to Authenticate to Django REST Framework
I am trying to access the new account API (Not the Admin) in keycloak 4.8.3 . I am trying to do :
GET "/auth/realms/{realm}/account/credentials/password" endpoint (Based on the AccountRestServiceTest.java)
with the account owner's token. Getting a 404 error.
I have started the sever with preview features
bin/standalone.bat -Dkeycloak.profile=preview
I have tried to add profile.properites file with profile=preview options
and the user has "manage-account","view-profile" account roles
What am i doing wrong here?
I'm facing the same problem and i found a solution.
You need to add the HTTP header Accept with the value application/json to your request.
Because AccountRestService is only accessible if headers Accept or Content-Type are application/json.
It seems an HTTP response of 403 is accepted as the norm and correct handling of any calls made to a resource or endpoint that does not exist on an API Gateway setup (this post).
Example: a call to a non-existing endpoint on my Gateway would be;
GET -- https://{{MyGatewayDomain}}/api/v1/blah
This would return a 403 forbidden. Which can be rather confusing and misleading.
I'd like to know if anyone has managed to configure their API Gateway so that any call to a non-existing endpoint / resource, returns what I would have thought is a correct response of a 404?
Thanks in advance.
EDIT
As per bejos-aws's suggestion, I am able to override the default behaviour of the 403 Missing Authentication Token however, this will not solve my issue as then all the valid 403 errors would return a 404 response which is incorrect.
Also, my issue is regarding a 403 forbidden which doesn't exist in the default responses in the AWS Gateway Response's list (and even if it did, that wouldn't help).
Seems this is just not possible?
This is not currently a feature of API Gateway. However, there is a workaround. Using Gateway Responses, you can override the 403 Missing Authentication Token response with a 404 and supply whatever message you want as a response.
Note, this only works when the API stage is valid:
So if your API is deployed to a stage named v1
https://{MyGatewayDomain}/api/v1/somepath
And the caller supplies the wrong stage
https://{MyGatewayDomain}/api/invalidStage/somepath
Then the API will still respond with 403 Forbidden
I have a problem during authorization on StockTwits using API. When I make a request on
https://api.stocktwits.com/api/2/oauth/authorize
I receive an HTTP 404 error.
Has anything changed in StockTwits authorization process recently?
Thank you!
Our service was down temporarily while making updates to some packages. This is now working again.