I'd like to be able to pull an IoT Edge device's module twin via an HTTPS GET request just like the Azure Portal does. In the portal, I see this firing...
https://my-hub.azure-devices.net/twins/my-device/modules/my-module?api-version=2020-09-30&_=164130947416
...and returning JSON. I'd like to do the same outside of the portal (like in Postman or something).
Obviously, by being logged in to the portal, I have credentials that permit that.
I've tried creating a Shared Access Signature and using it as a header like so...
"Authorization": "SharedAccessSignature sr=my-hub.azure-devices.net&sig=...
...but I get back ErrorCode:IotHubUnauthorizedAccess;Unauthorized
Am I missing something? Maybe a step where I use that SAS to get some additional credential or something?
Or maybe I can't create a SAS that works with any device-id?
In the end, I'd just like to be able to GET the reported properties for a module twin from any of my IoT Hub devices. No setting, no subscribing.
The API you're referring to is documented here. You're doing the right thing, but perhaps your method of creating a Shared Access Signature isn't working. One easy way to create a valid SAS token is by using the az cli command: az iot hub generate-sas-token -n <iot-hub-name>. By default it will create a token for the iothubowner policy, which should give you access to the module twin.
I used Postman, with the Authorization header as you mentioned to check the twin of my device $edgeHub module:
https://<my-iot-hub>.azure-devices.net/twins/<device-id>/modules/$edgeHub?api-version=2020-05-31-preview
Related
If I use a Personal Access Token, I can access all Azure DevOps REST APIS by including the PAT in the header. This works great from NodeJS, PowerShell and curl, but I want to do the same thing from JS running in a web-browser, without any server-side code. Just purely from the JS in the browser.
Now, I could prompt the user to enter their PAT and store it in local storage, but I'd rather not do that. Instead, I'd like to prompt the user to log in and get a token that way. Microsoft has the MSAL library to do that, and they have sample code on how to do this from JavaScript in the browser. Unfortunately, for some reason, they require that you also create an Azure AD Tenant along with a client ID. I don't want to use Azure cloud for anything. I just want my users to access an existing company Azure DevOps server. As I said I can already access these resources using a PAT that the user has to create from the portal themselves. I want to avoid that step and have them log in to get a token. Seems simple enough. Am I missing something?
Why is a tenant even needed for this?
From the doc: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki
Before using MSAL4J you will have to register your applications with
Azure AD.
In conclusion, to use MSAL to connect to Azure DevOps from vanilla JS in browser, you need to register your App with Azure AD first to acquire the client ID for authorization.
I am trying to change google identity platform configuration with cli using gcloud CLI SDK for linux.
to be specific I want to call these API getConfig and UpdateConfig
Is there a way to do this using gcloud cli? there seems to be a group called Identity as per the docs, but this does not seem to be doing what I want
I struggled using Google's Identity Toolkit/Platform and how these correspond with Firebase-Auth too.
The term is overloaded by Google and Cloud Identity, Identity Platform and Firebase Auth have overlapping sets of functionality.
Name
URL
Cloud Identity API
cloudidentity.googleapis.com
Identity Toolkit API
identitytoolkit.googleapis.com
NOTE Identity Toolkit is inaccessible through Google APIs Explorer
I wanted to be able to programmatically update Firebase Auth's authorized domains.
By observing the calls made by Firebase Console, I needed to use getConfig and updateConfig too.
These aren't surfaced through gcloud.
Essentially:
GET the response from getConfig
I used jq to transform it into my desired state
PATCH config1 using an updateMask
1 The endpoint for the updateConfig method is actually (just) config
This worked for me and hopefully helps you better understand how you can use these methods directly.
I blogged about it more comprehensively here
Trying to make use of the Server to Server OAuth flow defined here:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Since I'm running from a local dev environment, I've created a service account in GCP and downloaded the JSON file with the private key, but cannot find any Node.js code examples on how to:
1) load the json file
2) set delegated credentials (for G Suite domain-wide authorization)
Places I've looked (besides stackoverflow) are Google's git wiki for the node.js client library, which does talk about server to server auth, but seems to assume you're running from appengine or google cloud and don't need to load a key file:
https://github.com/googleapis/google-api-nodejs-client#service-to-service-authentication
The Admin SDK Activities Reports API has a Node example, but it's using the web-based flow assuming a user is present:
https://developers.google.com/admin-sdk/reports/v1/quickstart/nodejs
Buried deep in the Node.js samples is use of the Directory API, which does seem to take a keyfile as input, but when I try running locally it says getClient is not a constructor, and still this example doesn't show how to set the G Suite admin user for context (which is generally when a refresh token and access token are loaded into the app):
https://github.com/googleapis/google-api-nodejs-client/blob/master/samples/directory_v1/group-delete.js
So... does anybody have an example of this? I really don't want to switch to a Python runtime but Google seems to have left out important examples on this topic.
In cloud foundry how can I get the client_id and client_secret code.
This will be used in Basic authentication instead of passing the user and password for respective api calls
In general, this is something that you would get from your platform administrator. He or she would be able to provide you with a properly configured client id and client secret to fit your needs. If you are not the administrator, then you won't be able to do this.
If you are an administrator, read on. There are many existing client and secret pairs within a Cloud Foundry platform. It's also possible, and suggested, to create custom client and secret pairs for use with non-platform apps. You shouldn't use a platform client for your custom app, you should use your own custom client, that way if the client is compromised you can delete it or change the secret.
All of this, viewing & managing client data, is done through UAA, so I'd recommend starting with the docs on UAA. Make sure that you understand the concepts. You may even want to take a step further back and review concepts of OAuth2 as well. Understanding OAuth2 will make working with UAA much easier.
https://docs.cloudfoundry.org/uaa/uaa-overview.html
After that, you'll need the uaac (i.e. UAA client) installed.
https://github.com/cloudfoundry/cf-uaac
Once you're familiar with UAA & have the client installed, this doc on how to manage clients should provide you with instructions to view or create a new client.
https://github.com/cloudfoundry/uaa/blob/master/docs/Sysadmin-Guide.rst#manage-client-registrations
You will need admin role to be able to create a client or get its details.
Refer https://docs.cloudfoundry.org/api/uaa/version/4.7.1/index.html#clients to see various api to manage and create clients.
You can also use the uaa client to get the client details.
Refer https://docs.cloudfoundry.org/uaa/uaa-user-management.html for more info.
I configured my Bitbucket repo to be read-only accessible via REST API publicly. There are some JSON configuration files that I need to read the content using GET HTTP method.
https://<bitbucket-repo-url>/config.json?raw
I want to switch to a secure method using Access Keys.
I want to try to test this using curl, but I don't know the arguments on including the access keys. Can anyone help?
Access keys are for SSH only. They will not work with any HTTP-based utilities (like curl) or endpoints (like the one you list in your example).
Is this Bitbucket Server (the on-premise version)? If so, https://confluence.atlassian.com/bitbucketserver/permanently-authenticating-with-git-repositories-776639846.html?_ga=2.188793826.854670382.1505151098-758028192.1431549295 may be helpful for you.