I have created a JWT using the guide at the end of the page. However, when I make a request, I get back the code "AuthenticationRequired" and the message "Authentication required." I have verified that it is a valid JWT with RS256 algorithm. What could be the reason for the JWT to not be recognized?
I am able to make the same request with an access token but not JWT. I am using jsonwebtoken npm library, but I have also used PyJWT and received the same error.
Edit: JWT does work for Google Cloud Storage.
curl --request GET \
--url <https://storage.googleapis.com/{bucket}/{path}> \
--header ‘Authorization: Bearer <JWT>’ \
--header ‘Content-Type: text/plain’
jwt code:
var jwt = require('jsonwebtoken');
const acc = '<service-account-email>'
const iat = Math.floor(new Date() / 1000)
const exp = Math.floor(iat + (365 * 86400))
const PRIVATE_KEY_ID_FROM_JSON = '<key-id>'
const PRIVATE_KEY_FROM_JSON = '<private_key_from_json>'
const additional_headers = { 'kid': PRIVATE_KEY_ID_FROM_JSON }
const token = jwt.sign({
'iss': acc,
'sub': acc,
'aud': 'storage.googleapis.com',
'iat': iat,
'exp': exp
}, PRIVATE_KEY_FROM_JSON, { header: additional_headers, algorithm: 'RS256' });
Related
I'm using Bitbucket Connect App and getting JWT token from webhook event.
When I am using the latest JWT to get access token, the access token API returning blank in response.
API:
curl -X POST -H "Authorization: JWT {jwt_token}" \ https://bitbucket.org/site/oauth2/access_token \ -d grant_type=urn:bitbucket:oauth2:jwt
Example:
curl -X POST -H "Authorization: JWT ey*****XVCJ9.eyJpc3MiOi****asdfQ.**BBD**" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=urn:bitbucket:oauth2:jwt
Response
{blank}
API Reference:
https://developer.atlassian.com/cloud/bitbucket/oauth-2/
Thanks
I had the same problem until I added the sub key to the payload. Set the value to the value received in clientKey during the app installation lifeycle event.
I followed this documentation to generate Access Token and it worked.
https://pawelniewiadomski.com/2016/06/06/building-bitbucket-add-on-in-rails-part-7/
Most of the Part for generating access token using Bitbucket Cloud API
def get_access_token
unless current_jwt_auth
raise 'Missing Authentication context'
end
# Expiry for the JWT token is 3 minutes from now
issued_at = Time.now.utc.to_i
expires_at = issued_at + 180
jwt = JWT.encode({
iat: issued_at,
exp: expires_at,
iss: current_jwt_auth.addon_key,
sub: current_jwt_auth.client_key
}, current_jwt_auth.shared_secret)
response = HTTParty.post("#{current_jwt_auth.base_url}/site/oauth2/access_token", {
body: {grant_type: 'urn:bitbucket:oauth2:jwt'},
headers: {
'Content-Type' => 'application/x-www-form-urlencoded',
'Authorization' => 'JWT ' + jwt
}
})
if response.code == 200
Response.new(200, response.parsed_response)
else
Response.new(response.code)
end
end
I'm trying to create an user authentication system using Auth0 in my Flutter app. The Auth0 REST documentation gave an example of cURL but I didn't find any flutter package which does the job of cURL. So, I used http.
Here's the code:
Future<String> getToken(String userId) async {
final response = await http.post(
Uri.parse('https://my-auth0-subdomain.auth0.com/oauth/token'), // I used my real subdomain
body: jsonEncode({
'grant_type=client_credentials',
'client_id=my_project_client_id', // I used my real client id
'client_secret=my_project_client_secret', // I used my real client secret
'audience=https://my-auth0-subdomain.auth0.com/api/v2/' // I used my real subdomain
}),
headers: {
'content-type: application/x-www-form-urlencoded'
},
);
final token = jsonDecode(response.body)["access_token"];
return token;
}
This gives me an error that The argument type 'Set<String>' can't be assigned to the parameter type 'Map<String, String>'. on line 10 (headers: {...}). I can resolve this error by using headers: {'content-type': 'application/x-www-form-urlencoded'},.
But this then gives the error from Auth0 {"error":"access_denied","error_description":"Unauthorized"}. The API is set up properly, because on running
curl --request POST \
--url 'https://my-auth0-subdomain.auth0.com/oauth/token' \
--header "content-type: application/x-www-form-urlencoded" \
--data grant_type=client_credentials \
--data 'client_id=my_project_client_id' \
--data client_secret=my_project_client_secret \
--data 'audience=https://my-auth0-subdomain.auth0.com/api/v2/'
it returns a "access_token", "scope", "expires_in" and "token_type".
Please help. It's very important.
Thanks in advance :)
Try to send data as url encoded using :
Map<String, String> myBody= {
'grant_type' : 'client_credentials',
'client_id' : 'my_project_client_id', // I used my real client id
'client_secret' : 'my_project_client_secret', // I used my real client secret
'audience ' : 'https://my-auth0-subdomain.auth0.com/api/v2/' // I used my real subdomain
};
Future<String> getToken(String userId) async {
final response = await http.post(
Uri.parse('https://my-auth0-subdomain.auth0.com/oauth/token'), // I used my real subdomain
body: myBody,
headers: {
'content-type: application/x-www-form-urlencoded'
},
);
final token = jsonDecode(response.body)["access_token"];
return token;
}
I am new to using this Yodlee tool, I created my developer account, and I am wanting to consume the sandbox APIs.
I am not being able to consume by rest with the Talend Api not even the initial method of "auth" (https://sandbox.api.yodlee.com/ysl/auth/token) to obtain the token; I'm passing the loginName, Api-version: 1.1, and content-type in the header as specified, then the clientId and the secret in the body.
The error message it returns is:
{
"errorCode": "Y303",
"errorMessage": "clientId or secret is missing",
"referenceCode": "rrt-8413800343306027303-c-gce-12663 ....."
}
Maybe the sandbox account doesn't allow me to do this, or am I forgetting something?
I just got the same issue. I am using RestSharp.
Finally found out that's a mismatched Content-Type.
It works after adding the header: Content-Type: application/x-www-form-urlencoded
For anyone having this issue with Google Apps Script, this is how I did it:
/************************************************************************************
*
* This function starts the app, replace variables as necessary
*
************************************************************************************/
function primaryFunction() {
// Declare variables
var yodleeToken = {};
var loginName = "ENTER_LOGIN_NAME";
var clientID = "ENTER_CLIENT-ID";
var clientSecret = "ENTER_CLIENT_SECRET";
var yodleeURL = "https://sandbox.api.yodlee.com/ysl/";
// Generate user token
yodleeToken = getUserToken(loginName, clientID, clientSecret, yodleeURL);
}
/************************************************************************************
*
* Creating function to get user token
*
* #params loginName {String} Login name provided by Yodlee API
* #params clientID {String} Client ID provided by Yodlee API
* #params clientSecret {String} Client Secret provided by Yodlee API
* #params yodleeURL {String} Yodlee API Endpoint
*
* References
* https://av.developer.yodlee.com/
*
************************************************************************************/
function getUserToken(loginName, clientID, clientSecret, yodleeURL) {
// Specify headers
var headers = {
'Api-Version': '1.1',
'Content-Type': 'application/x-www-form-urlencoded',
'loginName': encodeURIComponent(loginName)
};
// Build params
var parameters = {
'method': 'POST',
'headers': headers,
'payload': encodeURI("clientId=" + clientID + "&secret=" + clientSecret),
'redirect': 'follow',
'timeout': 0,
// 'muteHttpExceptions': true,
};
// Call API with params
var response = UrlFetchApp.fetch(yodleeURL + "auth/token", parameters);
var responseJSON = JSON.parse(response);
// return JSON response with Link Token
return responseJSON;
}
You need to pass clientId and secret key in data-urlencode and remaining keys in header then it will return token
curl --location --request POST 'https://sandbox.api.yodlee.com/ysl/auth/token' \
--header 'Api-Version: 1.1' \
--header 'loginName: From your dashboard (Sandbox only)' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'clientId=Your clientId' \
--data-urlencode 'secret=Your secret'
I'm trying to use google automl object detection in a Unity project.
Here is the google curl command example:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
-H "Content-Type: application/json" \
https://automl.googleapis.com/v1beta1/projects/${PROJECT_ID}/locations/us-central1/models/model-id:predict \
-d '{
"payload" : {
"image": {
"imageBytes" : "/9j/4AAQSkZJRgABAQAAAQ … "
},
}
}'
After some googling, I start to create a UnityWebRequest to test response:
WWWForm form = new WWWForm();
var postUrl = "https://automl.googleapis.com/v1beta1/projects/1043345783500/locations/us-central1/models/IOD1798528344157847552:predict";
using (UnityWebRequest www = UnityWebRequest.Post(postUrl, form))
{
www.SetRequestHeader("Authorization", #"Bearer $(gcloud auth application-default print-access-token)");
yield return www.SendWebRequest();
if (www.isNetworkError)
{
Debug.Log(www.error);
}
else if (www.isDone)
{
Debug.Log(www.downloadHandler.text);
}
}
So the response from google is:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I understand that, I am not unauthenticated but couldn't understand how I can authenticate. Do I have to make an authentication request? How? Do I have to post something to get an access token? Then where should I send it?
I downloaded some credentials from google server but I really don't have any idea how to use it...
I want to get the Auth0 bearer token for my node.js app.
I got the bearer token by doing this:
curl https://myproject.eu.auth0.com/oauth/token --data "client_id=ID&client_secret=SECRET&type=web_server&grant_type=client_credentials"
Which returned me:
{
"access_token": *BEARER TOKEN*,
"token_type": "Bearer"
}
Though, if I use that token with postman in the Auth header, it tells me:
Invalid token. So how do I get the correct bearer token then?
My server looks like that:
const koa = require('koa');
const route = require('koa-route');
const jwt = require('koa-jwt');
const testRoute = require('./testRoute');
const app = koa();
//Copy pasted those values from my auth0 dashboard
const authentication = jwt({
secret: new Buffer(*CLIENT_SECRET*, 'base64'),
audience: *YOUR_CLIENT_ID*
});
app.use(authentication);
app.use(route.get('/test', testRoute));
app.listen(3000);
I followed this guide to set it up: https://auth0.com/docs/quickstart/backend/nodejs/.
The access_token is an opaque token, not a JWT which your application is expecting. If you use scope=openid when making the call to /oauth/token you'll get back an id_token as well, which is a JWT that your API should accept.
You can read more about how the scope parameter works in the context of Auth0 here: https://auth0.com/docs/scopes