I am trying to establish a Business On Behalf Of relationship,I follow this document,Business on behalf of, ended up getting an error -You couldn't create the client business on behalf of your client successfully error code- 42004
the error occurred when I call this endpoint
curl -i -X POST \
"https://graph.facebook.com/v4.0/<PARTNER_BM_ID>/managed_businesses?existing_client_business_id=<CLIENT_BM_ID>&access_token=<USERS_ACCESS_TOKEN>"
PARTNER_BM_ID - my apps business manager
CLIENT_BM_ID - business manager of client connected
USERS_ACCESS_TOKEN - access token of the client
the error is documented here, but the error message is not helping me to debug what is the issue.
Related
Recently,I needed to access HUAWEI AppGallery Connect API
and create a product through the PMS API (server API). However, when Postman
was used for basic service interconnection tests,
the error message "403 client token authorization fail" was displayed.
how can i fix it?
Based on the error code included in your screen captures, the error was caused by an authentication failure.
To solve the problem, you first need to confirm that the client ID used for applying for the token has sufficient permission.
HMS official document suggested that the project associated with the API client be selected as N/A. You need to create an API client and associate it with a project. E.g. An app ID in the project was 100xxx591. However, the app ID in the Postman service request was 101xxx531, which would cause the authentication failure.
Also, to fix the above, you need to create an API client and selected N/A (indicating that all projects are supported), and use the client to request a token. The process should work well after this.
In general, if Huawei's 403 authentication failure occurs, you can verify the permission first, and then check the associated projects.
For more details about the PMS API, please refer to this link.
I am studying jBPM (KIE Server and Business Central) and Keycloak. In isolation, I managed to run all this software with success. However, when I try to integrate between them, the authentication of users on the website works (Keycloak login page to access the Business Central site), however it seems that the authentication of the REST services call, both from the KIE Server and from the Business Central, stops working (unauthorized) and the KIE Server is unable to synchronize with its Controller (Business Central).
Below are more details on the subject.
I have been searching for a few days for a solution to the problem but without success.
Although I have already consulted this excellent site, this is my first question and I do not have much reference on which file is recommended to attach to the question. If you see a specific file, please sign that I will attach it.
I appreciate any help.
Notes (useful information) about the environment and problems encountered:
Only 1 Wildfly 20.0.1 environment (server) hosting KIE Server 7.43.1.Final, Business Central 7.43.1.Final and Keycloak 11.0.2, with the Keycloak adapter installed, on Windows 10.
In Keycloak, Realm was created with the name VHLLEmpresaRealm and 2 clients (applications):
VHLLEmpresaKIEServer: with public access.
VHLLEmpresaBusinessCentral: with confidential access.
In the Keycloak, the user kieserver with password kieserver1! was created and assigned to various roles (both Realm and Clients), among them: admin, rest-all, kie-server, kiemgmt and user.
Authentication with kieserver User and your Password on the Business Central website working properly integrated with Keycloak (Keycloak login page). Authentication with Google (social login) working properly.
Business Central configured to show and manage the users registered in the Keycloak.
Problems observed:
When starting the Wildfly server, the KIE Server is unable to synchronize with the Controller Business Central (see the Startup Log - Doc 06). The attempt below is repeated at startup several times without success, followed by NullPointerException with lines copied below:
17:13:30,057 INFO [org.kie.server.controller.websocket.client.WebSocketKieServerControllerImpl] (KieServer-ControllerConnect) Kie Server points to non Web Socket controller 'http://localhost:8080/business-central/rest/controller', using default REST mechanism
17:13:30,214 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-6) Uncaught server error: java.lang.NullPointerException
at org.keycloak.storage.StorageId.isLocalStorage(StorageId.java:77)
at org.keycloak.credential.UserCredentialStoreManager.getStoreForUser(UserCredentialStoreManager.java:54)
...
17:13:30,214 WARN [org.kie.server.services.impl.controller.DefaultRestControllerImpl] (KieServer-ControllerConnect) Exception encountered while syncing with controller at http://localhost:8080/business-central/rest/controller/server/wildfly-kieserver error Error while sending PUT request to http://localhost:8080/business-central/rest/controller/server/wildfly-kieserver response code 401
Link to complete file:
https://drive.google.com/file/d/1kr47ap9frsCQB8oyQE2dEm2gfl7__s0G/view?usp=sharing
On the Business Central website, on the Deployments page (which shows the Servers too), the KIE Server server does not appear as available (see Doc 07).
Link to complete file:
https://drive.google.com/file/d/1lKiCZdOp7yRvHibfgJ8ZOE_dZIAnkE6U/view?usp=sharing
In the CURL command to access the Business Central REST services, even if the kieserver user and password are passed, the answer is NOT authorized (see Doc 08).
COMMAND: curl -X GET http://kieserver:kieserver1!#localhost:8080/business-central/rest/repositories -v
RESPONSE: ErrorUnauthorized
Link to complete file:
https://drive.google.com/file/d/1V_CH_hiTkhLh-AtgRvP0YkZ3afwBc4tZ/view?usp=sharing
Other Files:
Wildfly Settings - STANDALONE-FULL.XML
https://drive.google.com/file/d/1f0xvRDPiId1RymZkMGIUaIMB_EuGpbud/view?usp=sharing
I'm not sure if this is the correct way to solve the problem, but after continuing my studies and research for a few more days, using the CURL command to call a Business Central service (below), I obtained the Access Token and through the website jwt.io, I noticed in the content of this Token that the audience (aud) field was not filled in with the Keycloak Client ID that requested the Token.
curl -d "grant_type=password" -d "client_id=VHLLEmpresaBusinessCentral" -d "client_secret=020c8841-50ee-437e-af16-XXXXXXXX" -d "username=kieserver" -d "password=kieserverXXXXX" -d "scope=VHLLEmpresaEscopo" http://localhost:8180/auth/realms/VHLLEmpresaRealm/protocol/openid-connect/token
So, I created a Client Scope, I created a Mapper for the Audience to add the Client's own ID and associated this Client Scope to the corresponding Client.
The second change that was necessary was to override the Direct Grant Flow with the "direct grant" value for each Client involved.
With the two changes above, the synchronization between KIE Server and Business Central has returned to work.
From yesterday I am facing this error code 401 while accessing token from server using this API: https://oauth-login.cloud.huawei.com/oauth2/v3/token
Just for your information I am using Postman. Can anybody help me with this.
Error 401 usually means “unauthorized” or “request denied” because a request lacks valid credential. Although this error code is not listed in Account Kit server api, a developer can find it in other kit document - https://developer.huawei.com/consumer/en/doc/development/HMSCore-References-V5/webapi-error-code-0000001050163432-V5. Basically, a developer need to make sure that their API key and/or token is valid.
while using huawei auth service if error code 401 returned it means access token becomes invalid and we need to obtain a new token. Token Validity is 60 mins.
I'm using Azure Media Services. I have an encoded asset placed there with Content Key and Asset Delivery Policy. I'm also using the Token restriction.
I am able to stream the video well on localhost but as soon as I deployed the application to the server it stopped streaming and giving an error code: 0x20500006 (of Azure Media Player).
When I checked all the requests I found that there is a request to Key Delivery service with some KID and it returned the following response:
<Error>
<Message>
Failed authorization policy evaluation.
</Message>
<Code>
Unauthorized
</Code>
</Error>
I am using the HTTPS protocol on the server also tried over HTTP as well but got no response.
I responded to your post on MSDN. Posting on here for visibility.
"There are different reasons for the unauthorized error. It may be due to one of the following reasons:
Missing authentication header.
Bad authentication header value.
-The token has expired.
-The token contains an invalid signature.
Policy misconfiguration
No token in the request
Please double check to make sure your token has not expired. Also, for the Media Services REST request to succeed, the calling user must be a Contributor or Owner role in the Media Services account it is trying to access. For more information, see this documentation about Access control."
I am trying to get realtime updates from facebook for my application as documented in https://developers.facebook.com/docs/reference/api/realtime/. I am struggling now when it comes back to the Subscription Verification. I have set up a callback server which accepts both GET and POST requests. I verified that the server works by making curl requests to it.
However, I stil get this error when attempting to create a subscription issuing the POSt request below
{"error":{"message":"(#2200) callback verification failed:
","type":"OAuthException","code":2200}
From what I read in the documentation and other threads, I assume that this means that the single GET request to my callback URL fails. The callback url does not get requested by neither GET nor POST requests indeed. I suppose that facebook is somehow blocked from accessing the endpoint. However, I am able to auth as a user using the auth dialog (https://developers.facebook.com/docs/reference/dialogs/oauth/) where I pass a callback url on the same server as well. The server runs http (for now).
This is the curl I am using to post the subscription. Host file has an entry to redirect dev.minggler.com to localhost =>( 127.0.0.1 dev.minggler.com)
curl -XPOST 'https://graph.facebook.com/256139341164822/subscriptions?callback_url=http%3A%2F%2Fdev.minggler.com%3A3000%2Ffacebook%2Frealtimeupdates&object=user&fields=friends&verify_token=abcd123&access_token=$MYTOKEN'
Can anybody help me out on this?
finally found the problem. the server wasn't reachable from outside. resolving it solved the problem