Does keycloak support
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer'?
In my tests I receive status: 400 and msg
{'error': 'unsupported_grant_type', 'error_description': 'Unsupported grant_type'}. Also in documentation, I was not able to find any information about this type of grant type.
Thanks
Looks like this is what you are looking for - https://www.keycloak.org/docs/latest/securing_apps/#client-authentication-with-signed-jwt
I have not tried it myself yet, but accordingly to the specification "grant_type" has to be "authorization_code", but "client_assertion_type" is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
Related
I am using JWT strategy for authorization. I'm using the token to validate the user in all controllers. And I've successfully managed to get the desired response in postman after setting the token in Auth Bearer Token.
But After Setting the token in swagger as given bellow
I'm getting an Unauthorized response. The reason must be, that somehow inside the swagger my controllers are not getting access to the token.
Following is the code for swagger documentation.
export function createDocument(app:INestApplication): OpenAPIObject{
const builder = new DocumentBuilder()
.setTitle(SWAGGER_CONFIG.title)
.setVersion(SWAGGER_CONFIG.version)
.addBearerAuth({
type:"http",
scheme:'bearer',
bearerFormat:'JWT',
} ,'access-token')
const options = builder.build();
return SwaggerModule.createDocument(app, options);
}
Following is a example of a controller
#ApiTags("Users")
#Controller('users')
export class UserController {
#UseGuards(JwtAuthGuard)
#Get('me')
#ApiOkResponse({ description:"Successfully returned response"})
#ApiForbiddenResponse({ description: "Forbidden" })
async profile(#Req() request, #Res() response){
some code}
following is a example of one of the swagger route
please let me know where am I getting it wrong
any help would a appreciated
I've been given access to an okta token endpoint. I would like to use this service to request a token. I was given a url, client id, client secret, scope and grant type. I can use postman to make a POST call to the url (/v1/token) and pass the above info (client id, client secret, scope and grant type) and I get an access token back.
I can easily make this call in java with RestTemplate or equivalent, but I would like to use an API that would manage the token for me.
I've found JJWT. All the examples I see out there show me how to create a JWT using JJWT. What I would like to do is to get my access token, but I'm not sure how to do that. I mean i get that JJWT is an API to create JWT, but then how can I use the JWT to get my access token?
Any help/clarification/direction is much appreciated.
We using JWT with the node.js, to create new Token jwt.sign(data, key) takes at least to an argument, the fist must be some credential like userId, email..., the second will be key to verify later. to verify the token is it valid we use jwt.verify(), the first argument is token (where the jwt.sing() give you) and the second is the key (where you provide when creating);
example:
Creating JWT token:
var jwt = require('jsonwebtoken');
cosnt token = jwt.sign({ email: 'test#test.com', userId: '993333' }, 'secretkey');
verifying Token:
try {
const decodedToken = jwt.verify(token, 'secretkey');
}
catch(err) {
throw new Error(err)
}
// once verified
conosole.log(decodedToken)
I found this post how to create and verify token using java, thanks!
I'm trying to build a gRPC client for Google's Firestore API in Elixir.
Before starting to write some code , I thought that it would be wise to first start with BloomRPC in order to debug the issue.
As base url, I'm using https://firestore.googleapis.com where I pinned the rot certificate.
As auth I'm using an access_token obtained using oauth with the following 2 scopes: "https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/datastore"
being passed as a Authorization header:
{
"Authorization": "Bearer 29ya.a0AfH6SMBDYZPsVgQv0PMqyGRXypc3DfWF_2jbvAJKMquTaryCvxEB7X1Rbprfk1Ebrwid2bXbcR3Aw-d1Tytlo_lThkyqRDRIbnSz5-nQ3xWklkmjyFMAuQtFCoz01hk3vbgBwd2gdbFNNWiOU_8NqPC_vElyz2-cQ34"
}
And I get back:
{
"error": "3 INVALID_ARGUMENT: Missing required project ID."
}
So clearly I should be passing the project ID somehow but I can't find it anywhere in the docs. Anybody any clues?
I just figured out what I was doing wrong.
Basically the Bearer token I was using is correct (obtained via the OAuth Playground).
The trick was to specify the PROJECT_ID in the parent parameter of the request:
{
"parent": "projects/[project-id]/databases/(default)/documents",
"page_size": 10
}
I should have just read the docs properly :)
I'm working on Odoo version 12.0, developing the process of Refund Sale Transaction using their API. I've taken reference from the following link: https://developer.paypal.com/docs/api/payments/v1/#sale_refund
But there is some authorization issue with their API of the refund transaction.
I've example request/response parameters like the following:
import requests
headers = {'Content-Type': 'application/json','Authorization': 'Bearer Access-Token'}
data = '{\n "amount": {\n "total": "2.34",\n "currency": "USD"\n },\n "invoice_number": "INV-1234567"\n}'
response = requests.post('https://api.sandbox.paypal.com/v1/payments/sale/2MU78835H4515710F/refund', headers=headers, data=data)
It gives me the following response:
{'message': 'Authentication failed due to invalid authentication credentials or a missing Authorization header.', 'links': [{'rel': 'information_link', 'href': 'https://developer.paypal.com/docs/api/overview/#error'}], 'name': 'AUTHENTICATION_FAILURE'}
Can anyone help me to resolve this issue?
And how to generate bearer token using PayPal Payment API?
The Authorization header needs to contain an actual Access Token after the word 'Bearer '. Sending the string 'Access Token' will not work.
Here is how to obtain an actual access token: https://developer.paypal.com/docs/api/overview/#get-an-access-token
I'm trying to create OpenTok session by Rest services with JWT object as suggested. I tried to generate session with Fiddler.
Here is my fiddler request (JWT string has been changed with *** partially for security reasons)
POST https: //api.opentok.com/session/create HTTP/1.1
Host: api.opentok.com
X-OPENTOK-AUTH: json_web_token
Accept: application/json
Content-Length: 172
eyJ0eXAiOiJKV1QiL******iOiJIUzI1NiJ9.eyJpc3MiOjQ1NzM******OiJkZW5l******XQiOjE0ODI3OTIzO***SOMESIGNEDKEYHERE***.izvhwYcgwkGCyNjV*****2HRqiyBIYi9M
I got 403 {"code":-1,"message":"Invalid token format"} error probably means my JWT object is not correct. I tried creating it using http://jwt.io (as opentok suggests) and other sites and all seems correct and very similar to the one on tokbox (opentok) site.
I need an explanation to fix it and create a session.
May it be because I am using opentok trial?
JWT creation Parameters
I had the same problem. I resolved the error by setting the correct key-value pairs for the payload part.
Example of my payload is as follows in C#:
var payload = new Dictionary<string, object>()
{
{ "iss", "45728332" },
{ "ist", "project" },
{ "iat", ToUnixTime(issued) },
{ "exp", ToUnixTime(expire) }
};
The value of the "ist" should be set to "project", not the actual name of your project.
Update: Looking at your screenshot, I can say you have not set the secret key (here, it's your ApiKeySecret from TokBox account > project) at the very bottom right.
OK I have found the answer at last,
Your Opentok API Secret key should not be used directly as Sign parameter. In java as shown below, it should be encoded first.
Base64.encodeToString("db4******b51a4032a83*******5d19a*****e01".getBytes(),0)
I haven't tried it on http://jwt.io and fiddler but it seems it will work on it too. Thanks. Full code is below;
payload = Jwts.builder()
.setIssuedAt(currentTime)
.setIssuer("YOUR_OPENTOK_KEY")
.setExpiration(fiveMinutesAdded)
.claim("ist", "project")
.setHeaderParam("typ","JWT")
.signWith(SignatureAlgorithm.HS256, Base64.encodeToString("YOUR_OPENTOK_SECRET".getBytes(),0))
.compact();
return payload;