I'm having problems authenticating Azure Devops API using console applications
After call Get Projects API on AzureDevOps i get a redirect... to login page
curl -u :${B64_PAT} "https://dev.azure.com/xxxxxxxxxxxx/_apis/projects?api-version=6.0"
Return:
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://spsprodsbr1.vssps.visualstudio.com/_signin?rea
I need call this API from a "Java Server Application", but I'm having a problem with this return to the login page. But I would like to follow Device Authentication flow
I can reproduce your issue on my side, to solve the issue, please pass your PAT directly to the command without base64 encode.
curl -u :<PAT> "https://dev.azure.com/xxxxxxxxxxxx/_apis/projects?api-version=6.0"
Related
I'm attempting to create a Terraform-integrated script that will create and configure a Google Cloud VM that will install Github Runner as self-hosted. The repository is under my workplace's 'organization' and it is closed to the public. Everything goes smoothly until I need to configure the runner. In repository instructions for creating self-hosted runner written as this:
# Create the runner and start the configuration experience
$ ./config.cmd --url https://github.com/my_work_place_organizaiton_name/repository_name --token ASZER2QS4UVEAL3YLMZ3DIMUIC
The issue is that, because it is an unattended script, it will run entirely on its own with no strings attached, and everything should be generated as automatically as possible. So I need a way to generate/retrieve this token ASZER2QS4UVEAL3YLMZ3DIMUIC automatically.
I think I found a way (correct me if I wrong) here: Create a registration token for an organization. So far so good. I managed to create a powershell script to execute all steps in new Github self-hosted runner until the step where I need to generate token. Once I run the command (even in Github CLI) I get an error back like this:
gh api --method POST -H "Accept: application/vnd.github+json" /orgs/my_work_place_organizaiton_name/actions/runners/registration-token
{
"message": "Must have admin rights to Repository.",
"documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-an-organization"
}
gh: Must have admin rights to Repository. (HTTP 403)
gh: This API operation needs the "admin:org" scope. To request it, run: gh auth refresh -h github.com -s admin:org
I am an admin in this repository but not in the organization, and I am afraid that no one will grant me admin access to the organization, and even more, I cannot simply put admin:org credentials in some script - this is a "no go."
So, my question is, how can I fully automate the generation of this Github token (which is generated for everyone in the instructions page without any admin privileges)?
After a lot of try and catches it seems I found an answer. What is work for me is generating token for repository and not generating token for repository in organization.
According to Github documentation: Create a registration token for a repository this is a POST request you must send from Github CLI for example:
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
/repos/OWNER/REPO/actions/runners/registration-token
and according to documentation:
OWNER
string
Required
The account owner of the repository. The name is not case sensitive.
REPO
string
Required
The name of the repository. The name is not case sensitive.
So I put my organization name as an OWNER and not my username and voila ! it is worked !
so - instead sending request as:
/repos/my_user_name/REPO/actions/runners/registration-token
I send it as:
/repos/my_organization_name/REPO/actions/runners/registration-token
and immediately get a valid token back.
I followed the Azure DevOps docs for how to create a Personal Access Token, convert the token to Base64 and GET repo branches, but I cannot successfully request.
What am I missing?
PowerAutomate Action: HTTP Request
Where myOrg, myProject and myRepoID are actual values
Error: 302 Redirect
Error Text:
<html><head><title>Object moved</title></head><body>
<h2>Object moved to here.</h2>
</body></html>
EDIT 1:
Tried adding the Content-Type header and adding the auth as a special header
Still same error
EDIT 2:
Tried adding the PAT to Basic auth but the Username is required
EDIT 3:
I found that even though above action fails, the response Location header contains a URL that resolves correctly:
https://spsprodcus3.vssps.visualstudio.com/_signin?realm=dev.azure.com&reply_to=https%3A%2F%2Fdev.azure.com%2FmyOrg%2FmyProject%2F_apis%2Fgit%2Frepositories%3Fapi-version%3D6.0&redirect=1&mkt=en-US&hid=LONG_GUID&context=LONG_GUIDctx=LONG_GUID
BUT when this URL is piped to a subsequent HTTP action, it results in a 203 response that does not include the REST response!
EDIT 4: THIS WORKED
Added a . to the Basic username Authentication
Regenerated the ADO Personal Access Token, saved the new value in Key Vault
Thank you #GeralexGR and #jessehouwing , #SeaDude as you have confirmed your solution ,I am posting it as an answer to help other Community members for the similar issue so they can find and fix their issue as you have mentioned in comment.
I followed the Azure DevOps docs for how to create a Personal Access
Token, convert the token to Base64 and GET repo branches, but I cannot
successfully request.
What am I missing?
To achieve the above requirement try to add Authentication as BASIC and user add . .
And
Regenerate ADO Personal Access Token and save the new value in your Key Vault secret and resubmit flow.
For more information please refer this MICROSOFT DOCUMENTATION.
I am using Curl to make requests to the Jenkins API - which is being done over https.
Jenkins is setup in IIS using a reverse proxy as advised by Jenkins.
The Jenkins site has windows authentication.
I need to pass a Crumb with my request - 403 error.
However, when I request for the Crumb, it states that I need to provide a Crumb?
I need this to work via the command prompt/batch file.
Thanks
To be able to do API calls to Jenkins, you need to generate a token for a given user in Jenkins. For example, let's do it with user Foo. You'll need to sign in with Foo user and then in the web UI: Foo (right upper corner) > Configure > API token > Add new token.
When you have your token saved somewhere, you can retrieve the breadcrumb with this command:
curl --user Foo:<token> 'https://www.mysuperduperjenkins.com/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'
What this is doing basically is fetching the XML from Jenkins that contains the breadcrumb and getting the specific element where the breadcrumb is. The result of the command should be something similar to:
Jenkins-Crumb:<someLongLongLongToken>
You can save the breadcrumb into a variable, for example name it breadcrumb and then:
curl -u 'Foo:<token>' -X POST --data '<parameters>' -H '$breadcrumb' www.mysuperduperjenkins.com
In this curl we're using the breadcrumb as a header, obtained in previous step. If the crumb is valid you should be able to perform the request without 403/401 errors.
We are trying to ask get questions to the sharepoint api for example
https://domain.sharepoint.com/_api/web/lists/GetByTitle'('List')'/Items
We have been trying to access our sites API via REST API. We have tried many different ways and looked trough a lot of Microsoft Documentation but it seems we have misunderstood something in regards to how to authenticate us because we get
Access denied. You do not have permission to perform this action or access this resource
We use Office365 and Sharepoint Online. Can I not use username password somehow or do I have to design a flow for authentication using the token request etc? Can I in that case try it with curl somehow?
We have tried to use curl to simulate it:
curl https://domain.sharepoint.com/_api/web/lists/GetByTitle'('List')'/Items -v --ntlm --negotiate -u username:password
I have a federated (corporate) id for IBM bluemix. I want non-browser access to a Bluemix client / API. I am trying to use this POST command (using curl) - POST http://iam.ng.bluemix.net/oidc/token ; but I get following error and message:
"errorCode":"BXNIM0608E"
"errorMessage":"You cannot authenticate with username and password, as you are a federated user"
Then I came across this post: https://developer.ibm.com/devops-services/2016/06/23/whats-federated-authentication-and-how-does-it-affect-me/
As mentioned at beginning of it, I need to use "IBM Bluemix Continuous Delivery" website (IBM Bluemix DevOps) to get the access token.
Can you please let me know where exactly on that website I can get the access token?
Regards,
Amit
It seems you need to follow the instructions for IAM at https://console.ng.bluemix.net/docs/iam/apikeys.html#manapikey
That's where you can generate your API keys. I then found instructions to use the key to login as mentioned in https://console.ng.bluemix.net/docs/cli/reference/cfcommands/index.html#cf_login
bash$ cf login -u apikey -p $API_TOKEN