KeyCloak user aceess token issue - keycloak

Keycloak:token issue
Token API:
http://localhost:8081/auth/realms/zyter-api/protocol/openid-connect/token
Response:
{
"error": "invalid_grant",
"error_description": "Invalid user credentials"
}
in Keycloak server ,identity provider is OKTA . after login in redirecting URL , user created in Keycloak. same user is used to retrieve the access token but not able to get .got below error.
{
"error": "invalid_grant",
"error_description": "Invalid user credentials"
}

Related

Getting `The OAuth client was not found.` and `invalid client` error when trying to get access token for google cloud logging services in Dart

I'm following through this link: https://developers.google.com/identity/protocols/oauth2/service-account#httprest_1 in order to have my flutter app log to a log bucket in a google cloud project. Currently getting a
{
"error": "invalid_client",
"error_description": "The OAuth client was not found."
}
when I run the code below to get the access token in dart:
var jsonFile =
await File(jsonPath).readAsString();
var map = jsonDecode(jsonFile);
final jwt = JWT(
{
'iss': map['client_email'],
'sub': map['client_email'],
'aud': map['token_uri'],
'iat': (DateTime.now().millisecondsSinceEpoch / 1000).floor(),
'exp':
(DateTime.now().add(Duration(hours: 1)).millisecondsSinceEpoch / 1000)
.floor(),
},
issuer: map['private_key_id'],
);
final token = jwt.sign(SecretKey(map['private_key']));
print(token);
final accessToken = await http.post(
Uri.parse(map['token_uri']),
headers: {
HttpHeaders.contentTypeHeader: 'application/x-www-form-urlencoded',
},
body: {
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': token,
},
);
The JSON file is the credentials of a service account with logging admin role in the GCP project.
Invalid client means that the client id or the client secret that you are using are not valid.
As per the official documentation,
When attempting to get an access or refresh token, you will get an
"Invalid client" error if you provide an incorrect OAuth 2.0 Client
Secret. Make sure the client_secret value you're using in access and
refresh token calls is the one for the OAuth 2.0 Client ID being used,
as found in your GCP Credentials page.
Also refer to this SO link Github link for more information.

keycloak "error_description": "Missing form parameter: grant_type" error

AM currently trying to do token exchange from google to Keycloak, Now am facing this error "error_description": "Missing form parameter: grant_type".
postman body ****
content type****
This is my configuration in postman.
Keycloak setup
You should activate Content-Length in Headers.

how to specify a key file (key.json) in the url of creating a googlesheet

i have created a google service account, created a keyfile (key.json) and now I want to create a googlesheet using postman
https://sheets.googleapis.com/v4/spreadsheets?scope=https://www.googleapis.com/auth/spreadsheets&private-key-file=c:\temp\key.json
But I keep getting a 401 error - missing required credential
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid
authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
what's the syntax to pass the key file in the url/header or body ?
thanks !
just goto authorization header and add the key and value as api key and select add in as "query parameter"
You can also manually add key and value as query parameter
Both does the exact same thing

Using DialogFlow Rest API with API KEY

I'm trying to use DialogFlow REST API with api key auth method. For example
https://dialogflow.googleapis.com/v2/projects/projectId/agent?key=[YOUR_API_KEY]
but It desn't work. This is the result
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}

Upload a image to Google Cloud Storage using Rest end point via API-KEY

I am new to Google Cloud. I want to upload an image to my Bucket.
I did it successfully from the GCP Console and GCP Shell. However, I am unable to do it using REST Endpoint using API-KEY.
Here is my URL.
https://www.googleapis.com/upload/storage/v1/b/[MY_BUCKET]/o?uploadType=media&name=myhero&key=[MY_API-KEY]
I am getting the following message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Anonymous caller does not have storage.objects.create access to [MY_BUCKET]/myhero.",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Anonymous caller does not have storage.objects.create access to [MY_BUCKET]/myhero."
}
}
This is because the bucket currently does not allow any way to allow users with the API-KEY even though the API-KEY allows the user of this key to upload an object to the bucket.
What should I do
1) if I want to go with the API-key way.
2) if I want to go with service-account way. What is the best way to generate Authorisation token? I have come till this point
{"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5#developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp":1328554385,
"iat":1328550785
}.
But I am unable to generate {Base64url encoded signature} as I am unable to figure out the private and public keys...
You are getting “anonymous caller” because you are not properly authenticated. You can authenticate using a bearer token instead of the API-KEY.
You can run the following script:
BUCKET=<BUCKET_NAME>
OBJECT=<OBJECT>
TOKEN=$(gcloud auth print-access-token)
curl "https://www.googleapis.com/upload/storage/v1/b/$BUCKET/o?uploadType=media&name=$OBJECT" -H"Authorization: Bearer $TOKEN" -H'Content-Type: image/jpg' --data-binary #$OBJECT