Bitbucket API - Unable to Generate Access Token from JWT - jwt

I'm using Bitbucket Connect App and getting JWT token from webhook event.
When I am using the latest JWT to get access token, the access token API returning blank in response.
API:
curl -X POST -H "Authorization: JWT {jwt_token}" \ https://bitbucket.org/site/oauth2/access_token \ -d grant_type=urn:bitbucket:oauth2:jwt
Example:
curl -X POST -H "Authorization: JWT ey*****XVCJ9.eyJpc3MiOi****asdfQ.**BBD**" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=urn:bitbucket:oauth2:jwt
Response
{blank}
API Reference:
https://developer.atlassian.com/cloud/bitbucket/oauth-2/
Thanks

I had the same problem until I added the sub key to the payload. Set the value to the value received in clientKey during the app installation lifeycle event.

I followed this documentation to generate Access Token and it worked.
https://pawelniewiadomski.com/2016/06/06/building-bitbucket-add-on-in-rails-part-7/
Most of the Part for generating access token using Bitbucket Cloud API
def get_access_token
unless current_jwt_auth
raise 'Missing Authentication context'
end
# Expiry for the JWT token is 3 minutes from now
issued_at = Time.now.utc.to_i
expires_at = issued_at + 180
jwt = JWT.encode({
iat: issued_at,
exp: expires_at,
iss: current_jwt_auth.addon_key,
sub: current_jwt_auth.client_key
}, current_jwt_auth.shared_secret)
response = HTTParty.post("#{current_jwt_auth.base_url}/site/oauth2/access_token", {
body: {grant_type: 'urn:bitbucket:oauth2:jwt'},
headers: {
'Content-Type' => 'application/x-www-form-urlencoded',
'Authorization' => 'JWT ' + jwt
}
})
if response.code == 200
Response.new(200, response.parsed_response)
else
Response.new(response.code)
end
end

Related

What is the reason for JWT Authentication Required error?

I have created a JWT using the guide at the end of the page. However, when I make a request, I get back the code "AuthenticationRequired" and the message "Authentication required." I have verified that it is a valid JWT with RS256 algorithm. What could be the reason for the JWT to not be recognized?
I am able to make the same request with an access token but not JWT. I am using jsonwebtoken npm library, but I have also used PyJWT and received the same error.
Edit: JWT does work for Google Cloud Storage.
curl --request GET \
--url <https://storage.googleapis.com/{bucket}/{path}> \
--header ‘Authorization: Bearer <JWT>’ \
--header ‘Content-Type: text/plain’
jwt code:
var jwt = require('jsonwebtoken');
const acc = '<service-account-email>'
const iat = Math.floor(new Date() / 1000)
const exp = Math.floor(iat + (365 * 86400))
const PRIVATE_KEY_ID_FROM_JSON = '<key-id>'
const PRIVATE_KEY_FROM_JSON = '<private_key_from_json>'
const additional_headers = { 'kid': PRIVATE_KEY_ID_FROM_JSON }
const token = jwt.sign({
'iss': acc,
'sub': acc,
'aud': 'storage.googleapis.com',
'iat': iat,
'exp': exp
}, PRIVATE_KEY_FROM_JSON, { header: additional_headers, algorithm: 'RS256' });

Consuming method auth Yodlee API

I am new to using this Yodlee tool, I created my developer account, and I am wanting to consume the sandbox APIs.
I am not being able to consume by rest with the Talend Api not even the initial method of "auth" (https://sandbox.api.yodlee.com/ysl/auth/token) to obtain the token; I'm passing the loginName, Api-version: 1.1, and content-type in the header as specified, then the clientId and the secret in the body.
The error message it returns is:
{
"errorCode": "Y303",
"errorMessage": "clientId or secret is missing",
"referenceCode": "rrt-8413800343306027303-c-gce-12663 ....."
}
Maybe the sandbox account doesn't allow me to do this, or am I forgetting something?
I just got the same issue. I am using RestSharp.
Finally found out that's a mismatched Content-Type.
It works after adding the header: Content-Type: application/x-www-form-urlencoded
For anyone having this issue with Google Apps Script, this is how I did it:
/************************************************************************************
*
* This function starts the app, replace variables as necessary
*
************************************************************************************/
function primaryFunction() {
// Declare variables
var yodleeToken = {};
var loginName = "ENTER_LOGIN_NAME";
var clientID = "ENTER_CLIENT-ID";
var clientSecret = "ENTER_CLIENT_SECRET";
var yodleeURL = "https://sandbox.api.yodlee.com/ysl/";
// Generate user token
yodleeToken = getUserToken(loginName, clientID, clientSecret, yodleeURL);
}
/************************************************************************************
*
* Creating function to get user token
*
* #params loginName {String} Login name provided by Yodlee API
* #params clientID {String} Client ID provided by Yodlee API
* #params clientSecret {String} Client Secret provided by Yodlee API
* #params yodleeURL {String} Yodlee API Endpoint
*
* References
* https://av.developer.yodlee.com/
*
************************************************************************************/
function getUserToken(loginName, clientID, clientSecret, yodleeURL) {
// Specify headers
var headers = {
'Api-Version': '1.1',
'Content-Type': 'application/x-www-form-urlencoded',
'loginName': encodeURIComponent(loginName)
};
// Build params
var parameters = {
'method': 'POST',
'headers': headers,
'payload': encodeURI("clientId=" + clientID + "&secret=" + clientSecret),
'redirect': 'follow',
'timeout': 0,
// 'muteHttpExceptions': true,
};
// Call API with params
var response = UrlFetchApp.fetch(yodleeURL + "auth/token", parameters);
var responseJSON = JSON.parse(response);
// return JSON response with Link Token
return responseJSON;
}
You need to pass clientId and secret key in data-urlencode and remaining keys in header then it will return token
curl --location --request POST 'https://sandbox.api.yodlee.com/ysl/auth/token' \
--header 'Api-Version: 1.1' \
--header 'loginName: From your dashboard (Sandbox only)' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'clientId=Your clientId' \
--data-urlencode 'secret=Your secret'

How can I authenticate with google cloud in Unity?

I'm trying to use google automl object detection in a Unity project.
Here is the google curl command example:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
-H "Content-Type: application/json" \
https://automl.googleapis.com/v1beta1/projects/${PROJECT_ID}/locations/us-central1/models/model-id:predict \
-d '{
"payload" : {
"image": {
"imageBytes" : "/9j/4AAQSkZJRgABAQAAAQ … "
},
}
}'
After some googling, I start to create a UnityWebRequest to test response:
WWWForm form = new WWWForm();
var postUrl = "https://automl.googleapis.com/v1beta1/projects/1043345783500/locations/us-central1/models/IOD1798528344157847552:predict";
using (UnityWebRequest www = UnityWebRequest.Post(postUrl, form))
{
www.SetRequestHeader("Authorization", #"Bearer $(gcloud auth application-default print-access-token)");
yield return www.SendWebRequest();
if (www.isNetworkError)
{
Debug.Log(www.error);
}
else if (www.isDone)
{
Debug.Log(www.downloadHandler.text);
}
}
So the response from google is:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I understand that, I am not unauthenticated but couldn't understand how I can authenticate. Do I have to make an authentication request? How? Do I have to post something to get an access token? Then where should I send it?
I downloaded some credentials from google server but I really don't have any idea how to use it...

How to get correct Auth0 bearer token?

I want to get the Auth0 bearer token for my node.js app.
I got the bearer token by doing this:
curl https://myproject.eu.auth0.com/oauth/token --data "client_id=ID&client_secret=SECRET&type=web_server&grant_type=client_credentials"
Which returned me:
{
"access_token": *BEARER TOKEN*,
"token_type": "Bearer"
}
Though, if I use that token with postman in the Auth header, it tells me:
Invalid token. So how do I get the correct bearer token then?
My server looks like that:
const koa = require('koa');
const route = require('koa-route');
const jwt = require('koa-jwt');
const testRoute = require('./testRoute');
const app = koa();
//Copy pasted those values from my auth0 dashboard
const authentication = jwt({
secret: new Buffer(*CLIENT_SECRET*, 'base64'),
audience: *YOUR_CLIENT_ID*
});
app.use(authentication);
app.use(route.get('/test', testRoute));
app.listen(3000);
I followed this guide to set it up: https://auth0.com/docs/quickstart/backend/nodejs/.
The access_token is an opaque token, not a JWT which your application is expecting. If you use scope=openid when making the call to /oauth/token you'll get back an id_token as well, which is a JWT that your API should accept.
You can read more about how the scope parameter works in the context of Auth0 here: https://auth0.com/docs/scopes

Uber API: Endpoint requests returns Not supported in sandbox environment

I have successfully completed the first three steps of the authentication process: step one(authorize), step two (receive redirect ) and step three (get an access token).
But, doing the following request gives me an error:
curl -H 'Authorization: Bearer xxxxoKnAKxxxxxndQNRZgRa0Dxxxxx' 'https://sandbox-api.uber.com/v1/requests'
Response:
{"message":"Not supported","code":"not_found"}
I have the same message with all required params:
curl -H 'Authorization: Bearer xxxxoKnAKxxxxxndQNRZgRa0Dxxxxx' 'https://sandbox-api.uber.com/v1/requests?product_id=5b451799-a7c3-480e-8720-891f2b51abb4&start_latitude=48.869576&start_longitude=2.30825&end_latitude=48.84839&end_longitude=2.395921'
Am I missing something?
Edit:
Ruby version with HTTParty:
def request(bearer, product_id="5b451799-a7c3-480e-8720-891f2b51abb4", start_latitude=48.869576, start_longitude=2.30825, end_latitude=48.84839, end_longitude=2.395921)
parameters = { product_id: product_id,
start_latitude: start_latitude,
start_longitude: start_longitude,
end_latitude: end_latitude,
end_longitude: end_longitude
}
self.class.post('/v1/requests', query: parameters, headers: { "Authorization" => "Bearer #{bearer}", 'Content-Type' => 'application/json' })
end
A GET to 'https://sandbox-api.uber.com/v1/requests' won't work since you need to include a such as https://sandbox-api.uber.com/v1/requests/request_id
A POST to 'https://sandbox-api.uber.com/v1/requests' requires you to post the parameters as part of the JSON body.
Once you have the request ID as part of the response, you will able poll for details using the first command.