Keycloak: All API response with 404 - keycloak

I followed this tutorial to setup Keycloak and create user but the response for the step of Generating Access Tokens With Keycloak's API 404. I'm using Keycloak version 18.0.0
In the logs of keycloak I found this error
2022-06-12 23:59:57,177 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-3) Error response 404: javax.ws.rs.NotFoundException: RESTEASY003210: Could not find resource for full path: http://localhost:8080/auth/realms/test/protocol/openid-connect/token

From keycloak 17+ there are changes in resource or token URIs. Try removing auth from your request URL.
If you are using Keycloak version < 17
curl -k -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=your-client" -d "username=some-user" -d "password=hardpassword" -d "grant_type=password" -X POST http://localhost:8080/auth/realms/yourrealm/protocol/openid-connect/token
If you are using Keycloak version > 17
curl -k -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=your-client" -d "username=some-user" -d "password=hardpassword" -d "grant_type=password" -X POST http://localhost:8080/realms/yourrealm/protocol/openid-connect/token

You did set in Headers instead of Body.
Move the Key & Values to Body.
You can verify Token URL by click "OpenID Endpoint Configuration" link
It will show Token URL

Related

Keycloak cannot verify user information with a valid token

I'm setting up Keycloak as an authentication server https://github.com/keycloak/keycloak/releases/download/12.0.0/keycloak-12.0.0.zip
Java 11
Documentation: https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/oidc/oidc-generic.adoc
I can generate the access_token via /realms/{realm-name}/protocol/openid-connect/token
but I cannot call the userinfo endpoint /realms/{realm-name}/protocol/openid-connect/userinfo using a valid access_token which I get from the first API.
POST http://127.0.0.1:8080/auth/realms/test/protocol/openid-connect/token
{
client_secret: ...,
grant_type: ...,
client_id: ...,
}
response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxOE..."
"expires_in": 3600,
"refresh_expires_in": 0,
"token_type": "Bearer",
"not-before-policy": 0,
"scope": "create"
}
But here is the result when I call the get user info API
GET http://127.0.0.1:8080/auth/realms/test/protocol/openid-connect/userinfo
Header: Bearer ${access_token}
Are there any suggestions?
Thank you
Post man test
Keycloak server's log is same
Keycloak bug
I think this is an issue on KC 12.0
When I use KC 11.0.3, above APIs work fine
https://github.com/keycloak/keycloak-community/issues/224
The Jira story:
https://issues.redhat.com/browse/KEYCLOAK-17217
Make sure you are calling the endpoint as follows.
First getting the token:
curl -d "client_id=$YOUR_CLIENT_ID" \
-d "client_secret=$YOUR_CLIENT_SECRET" \
-d "grant_type=client_credentials" \
http://127.0.0.1:8080/auth/realms/test/protocol/openid-connect/token)
Extract from the JSON response the access_token field (e.g., jq -r .access_token)
Then call the userinfo as follows:
curl -X GET http://127.0.0.1:8080/auth/realms/test/protocol/openid-connect/userinfo \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN"
With Postman:
For a setup with Realm Name = "test", client_id = "test", client_secret = "63b61af0-5a99-41d7-8f9b-4e3059b8b9ab" and using client_credentials grant_type.
Getting the token:
and getting the userinfo:
EDIT
The approach below works with Keycloak 10.0.x, and 11.0.x, but gets exactly the same issues as OP's for the version Keycloak 12.0.x (including the latest release Keycloak 12.0.2).
This seams to be regression added with Keycloak 12.0.0 follow this issue for update information.

Sonos Cloud API HTTP POST always returns 500

I'm trying to control my Sonos One (Gen 1) speaker through cloud APIs but all the POST request return 500 Internal Server Error without error message.
I generated an access_token as described in the documentation and was able to obtain information about the 'households' inside my network, finally both the group id and the player id.
I tried to obtain information about the status of the group by performing a GET on the following endpoint and it worked:
https://api.ws.sonos.com/control/api/v1/groups/{{group_id}}/playback
Same with other GET requestes (e.g. groupVolume).
The problem arise when I try to make a POST (e.g. changing the volume or playing an audioClip), it returns 500 Internal Server Error without any body.
For all the requests I am using Postman including as Headers:
Content-Type: application/json
Authorization: Bearer [token]
Content-Length: ??? (automatically inserted by postman)
while for the body of the change volume request I select the raw option and then select JSON(application/json) option.
The body is:
{
"volume": 80
}
The endpoint is the following: https://api.ws.sonos.com/control/api/v1/groups/{{group_id}}/groupVolume
I also tried controlling the player with node (Package) and it works.
Also tried to use Wireshark to see what requests the node-sonos package is performing but it seems it's not using the Cloud APIs.
I expect the player to change volume, but the API doesn't do anything and doesn't return any error message.
EDIT:
The cURL request from POSTMAN is the following:
curl -X POST \
https://api.ws.sonos.com/control/api/v1/players/<playerID>/audioClip \
-H 'authorization: Bearer XXX' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H 'postman-token: XXX' \
-d '{
"appId": "edu.myInstitute.myName",
"clipType": "CUSTOM",
"name": "Test",
"streamUrl": "http://...mp3_file_url"
}'

Create a PostMan GET Request with JWT

I am new using PostMan; normally I use curl:
this one to get the JTW
curl -X POST -H "X-Requested-With: XMLHttpRequest" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "username": "peris","password": "3nRam0nD3L3s0l1v3s" }' "http://139.152.231.107:1133/canPeris/auth"
and this other one using the JTW obtained before
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciJIUzUxMiJ9.eyJzdWIiOiJsb3Blei5hbnRvbmlvODVAZ21haWwuY29tIiwiZXhwIjoxNTkwMDQ3NTg4LCJpYXQiOjE1Mh9.3vlQBgfA22ffJZqNic2lVSHiMR6YudlCFoldfwzdk-clz6_XyOvCVTrMihXtYBaJuPI515zTwAnaQBV_h4yquA" "http://139.152.231.107:1133/canPeris/api/v1/users/3/menus/vegans"
I am using this to generate the token
return io.jsonwebtoken.Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(createdDate)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
but in the postMan Signature method I haven't found the HS512
I think this can solve your problem.
Goto to Auth tab and select Bearer Token:
Add your Token:
Add the header Content-Type: Application/json, if necessary:
Send your request.
If you planing automate the access token acquisition and use in another request, I recommend read about postman tests and variables: https://medium.com/#codebyjeff/using-postman-environment-variables-auth-tokens-ea9c4fe9d3d7

"The revision must be specified." error with status 400 Bad Request when delete controller-services and connections

I try export and import nifi templates via nifi rest api; but when i tried to delete controller-services, connections or import a template i get the response message "The revision must be specified." with '400 bad request' status from nifi rest api. I didn't understand what i have to do.
This my request for delete a control-service,
request "/controller-services/{id}" (id is, The controller service id.)
curl -X DELETE \
http://localhost:8090/nifi-api/controller-services/015b1030-a099-13d3-812c-77772afcaeb0 \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
and the response is "The revision must be specified."
status : "400 Bad Request"
Any idea please?
I finally got some answers about my mistake after reading this article
It seems you have to add two information to request url; version and clientId.
After make a call and get a component form nifi instance, it sends a version number inside a DTO to you as explained here
like this:
and finally i made a call like below and it worked:
curl -X DELETE \
'http://localhost:8090/nifi-api/controller-services/015b1030-a099-13d3-812c-77772afcaeb0?version=0&clientId=5ed15669-015d-1000-99cf-bc9c6f378085' \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \

PayPal Invoicing API error ID 580001

The example call in the PayPal Invoicing API documentation is returning an error?
Request
curl -s --insecure -H "X-PAYPAL-SECURITY-USERID: caller_1312486258_biz_api1.gmail.com" -H "X-PAYPAL-SECURITY-PASSWORD: 1312486294" -H "X-PAYPAL-SECURITY-SIGNATURE: AbtI7HV1xB428VygBUcIhARzxch4AL65.T18CTeylixNNxDZUu0iO87e" -H "X-PAYPAL-REQUEST-DATA-FORMAT: JSON" -H "X-PAYPAL-RESPONSE-DATA-FORMAT: JSON" -H "X-PAYPAL-APPLICATION-ID:APP-80W284485P519543T" https://svcs.sandbox.paypal.com/Invoice/CreateAndSendInvoice -d {\"requestEnvelope\":{\"errorLanguage\":\"en_US\"},\"invoice\":{\"merchantEmail\":\"caller_1335455804_biz#x.com\",\"payerEmail\":\"sender_1335455648_per#x.com\",\"currencyCode\":\"USD\",\"paymentTerms\":\"DueOnReceipt\",\"itemList\":{\"item\":[{\"name\":\"BananaPlant\",\"quantity\":\"1\",\"unitPrice\":\"38.95\"},{\"name\":\"PeachTree\",\"quantity\":\"2\",\"unitPrice\":\"14.95\"}]}}}
Response
{"responseEnvelope":{"timestamp":"2013-08-22T23:58:47.340-07:00","ack":"Failure","correlationId":"4838886d6636b","build":"7236486"},"error":[{"errorId":"580001","domain":"PLATFORM","subdomain":"Application","severity":"Error","category":"Application","message":"Invalid request: {0}"}]}
Try wrapping the payload in the -d switch within "". Running the curl snippet with the -v switch as-is will show you that the payload gets truncated and hence the "Invalid request" error.
Also, you will see a "Invalid token" error when the merchantEmail in the request is not the same as the API caller. If you need to generate invoices on behalf of a third party (in which case the API caller and merchantEmail are naturally different), you must obtain third party permissions and attach a X-PAYPAL-AUTHORIZATION header to your request.