What am i doing wrong in blogger api. Sample code is below - oauth2-playground

DELETE /blogger/v3/blogs/5513539034599838234/posts/4774307106656272015?key=AIzaSyC0W3U9uPnhVADKMhIb5Uj0EmunOsAh7oc&access_token= HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: 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
HTTP/1.1 403 Forbidden
Content-length: 281
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Wed, 15 Jun 2022 09:08:50 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-type: application/json; charset=UTF-8
`{
"error": {
"status": "PERMISSION_DENIED",
"message": "The caller does not have permission",
"code": 403,
"errors": [
{
"reason": "forbidden",
"message": "The caller does not have permission",
"domain": "global"
}
]
}
}'

Related

Where is the {userId} and {dataSourceId} found in the OAuth 2.0 Playground

https://fitness.googleapis.com/fitness/v1/users/{userId}/dataSources/{dataSourceId}/dataPointChanges
I could not find the data for the place holders in this link.
Could someone please point out where to find the dataSource and userId.
Thank you
I thought that that information would auto fill. But this is the response that I am receiving
HTTP/1.1 403 Forbidden
Content-length: 281
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Thu, 16 Feb 2023 20:21:30 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "PERMISSION_DENIED",
"message": "The caller does not have permission",
"code": 403,
"errors": [
{
"reason": "forbidden",
"message": "The caller does not have permission",
"domain": "global"
}
]
}
}

How to set up dredd to ignore headers in the assertion

I am using Dredd to test one of my endpoints. I think the test is failling due to the headers, because I'm getting the following expected:
headers:
Content-Type: application/json
body:
[
{
"id": 15107,
"name": "Route Name",
"date": "2022-01-27T09:00:00",
"full_user_name": "Test Admin",
"url": "api/2/users/1/routes/15107"
}
]
statusCode: 200
And the following actual:
statusCode: 200
headers:
date: Wed, 02 Feb 2022 12:54:11 GMT
server: WSGIServer/0.2 CPython/3.6.9
content-type: application/json; charset=utf-8
vary: Accept, Cookie
allow: GET, POST, PATCH, HEAD, OPTIONS
access-control-allow-origin: None
access-control-allow-methods: POST,GET
access-control-allow-headers: Origin,Content-Type,Accept,Accept-Encoding
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
content-length: 136
bodyEncoding: utf-8
body:
[
{
"id": 15107,
"name": "Route Name",
"date": "2022-01-27T09:00:00",
"full_user_name": "Test Admin",
"url": "api/2/users/1/routes/15107"
}
]
The only difference I see is the headers. Is there any way to ignore those? Like, for instance, content-length header. Maybe I only need to include the auth header in the Open API file. Right now I have specified documentation as follows:
...
securitySchemes:
ApiKey:
type: apiKey
name: Authorization
in: header
description: Authentication token
security:
- ApiKey: []
And running dredd as follows with a python server:
dredd oas-routes.yaml http://127.0.0.1:8000/api/2/users/1/routes --header="Authorization: Token 6b232e1c00bbc8b12d0066a483bf401009fbdb21"
Any idea how to do this correctly? I'm quite new to testing with dredd to be honest.

Cant decode client response on vapor swift post request

I am making a post request using vapor swift client. My code looks like this
_req.client.post("https://oauth2.googleapis.com/token") { req in
try req.content.encode( [
"code": code,
"grant_type": "authorization_code",
"redirect_uri": "http://localhost:8080/googleAuth"
])
}.flatMapThrowing { response in
try response.content.decode(AccessToken.self)
}.map{ json in
print(json)
}
The flatMapThrowing returns the full http response, but when I try to decode it with .map I get a nil.
This is the response I get from flatMapThrowing
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Date: Fri, 23 Apr 2021 16:03:57 GMT
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Server: scaffolding on HTTPServer2
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"access_token": "...",
"expires_in": 3599,
"refresh_token": "...",
"scope": "...",
"token_type": "Bearer",
"id_token": "..."
}
But when I try to decode it with this model I got an empty var
import Fluent
import Vapor
struct AccessToken: Content {
var access_token: String
var expires_in: String?
var refresh_token: String?
var scope: String?
var token_type: String?
var id_token: String?
}

As told by Nick, the model had an error in the expires_in: String?, I decoded the json changing my model to:
import Fluent
import Vapor
struct AccessToken: Content {
var access_token: String?
var expires_in: Int?
var refresh_token: String?
var scope: String?
var token_type: String?
var id_token: String?
}

Is it safe to send ODATA rest batch requests in HTTPS Body via POST and get response in the same

We are planning use below rest request for SAP-Successfactor, which send bulk request at a time in Body
Please find Example below :
OData API POST Request : https://<>/odata/v2/$batch
Body Start :
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=6119L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=6000L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=1588L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=1234L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b
Content-Type: application/http
Content-Transfer-Encoding: binary
GET getUsersByDynamicGroup?groupId=123L&$format=json HTTP/1.1
Content-Type: application/json;charset=UTF-8
--batch_36522ad7-fc75-4b56-8c71-56071383e77b--
Body End :
Response in Body :
--batch_c96b193b-b98c-4a4b-b479-696536f72239
Content-Type: application/http
Content-Transfer-Encoding: binary
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
DataServiceVersion: 1.0
Content-Length: 133
{
"d" : [
{
"firstName" : "Automation", "lastName" : "User9", "middleName" : "Test", "userId" : "103272", "userName" : "103272"
}
]
}
--batch_c96b193b-b98c-4a4b-b479-696536f72239
Content-Type: application/http
Content-Transfer-Encoding: binary
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
DataServiceVersion: 1.0
Content-Length: 127
{
"d" : [
{
"firstName" : "Ava", "lastName" : "Johnston", "middleName" : null, "userId" : "ajohnston", "userName" : "Ava"
}
]
}
When we send request in Post, I know its secure
but still I was just thinking is safe to do all this ?
Please ignore me I am asking some basic question .
Please enlighten me if you have something to share regarding this.

Loopback get multipart form-data parameters

I have a file container hosting my images. I did create some additional properties for that container using slc loopback:property and put in a string types such as: title, description, date(date). I am able to upload my image via api/containers/{container}/upload
Using Advanced REST Client, I add an HTTP Header: application/x-www-form-urlencoded
I then input data into my forms. I add my image and send, here is my response:
```
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
X-Xss-Protection: 1; mode=block
X-Frame-Options: DENY
X-Download-Options: noopen
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Content-Length: 205
Etag: W/"cd-dUHU2bNp6fDC61813wVPRw"
Date: Fri, 24 Jun 2016 20:52:13 GMT
Connection: keep-alive
```
```
{
"result": {
"files": {
"fileUpload2": [
{
"container": "images",
"name": "pnw.png",
"type": "image/png",
"size": 269360
}
]
},
"fields": {
"created": [
"04/20/2016"
],
"title": [
"title"
],
"description": [
"this is a description"
]
}
}
}
```
I am curious, is the fields object stored somewhere? (I do have mongo connector good to go) or is this in memory? I can't seem to find it anywhere and not sure how to do a GET req. My ultimate goal is to do one image post with additional parameters/properties and retrieve the same in one instance. Thanks!

I will go another route as I do not think I am understanding content-disposition correctly.