I am trying to create a test suite in Azure DevOps by using the Rest API. But here I am not sure how to provide the security details.
They have mentioned below details in docs. I am passing it in Postman like this. I tried giving my credentials in client ID and Client Secret as well. Please guide
{"$id":"1","innerException":null,"message":"A potentially dangerous Request.Path value was detected from the client (&).","typeName":"System.Web.HttpException, System.Web","typeKey":"HttpException","errorCode":0,"eventId":0}
There are several ways to call Azure DevOps REST API, in your question, it uses Oauth 2.0 flow to authenticate, you could follow this doc to get the token and call the API.
In your case, if it is not necessary to use Oauth 2.0 flow to do the authentication, actually I recommend you to use PAT(personal access token) to call the API, just generate one and use it in the postman, refer to this doc.
Related
I'm trying to generate access token to access google APIs without the google consent screen. It will enable us to implement code which can automate certain actions in GCP like stopping a VM and lots more. I prefer to use dotnet core for this implementation.
I except to generate a bearer auth token through which I can access Google rest APIs without any environment setup or Google OAuth consent screen.
I have found answer for this question and it will be useful for the community members who are working on GCP or google APIs.
First you have to download json credentials for your gcp account, please refer to this documentation Download service account keys
Please refer to this git repo gcp-auth , it's dotnet core class library which contains static method to GenerateJwt, ExchangeTokenAsync and GetAccessTokenAsync.
Let me explain each method for better clarity.
GenerateJwt - this method generates a signed JWT token from PrivateKey, PrivateKeyID, ServiceAccountEmail which are present in downloaded json from previous step and scope which will be different for different api endpoint like we have https://www.googleapis.com/auth/compute for google apis under compute.
ExchangeTokenAsync - this method need the generated JWT from previous step to generate the actual access token from google which will be valid to access google apis under that scope.
GetAccessTokenAsync - this is combination of above two methods, here you've pass parameters same as passed in GenerateJwt.
Please let me know if it requires any further explanation.
On our existing AAD, we are trying to integrate with FIDO2 authentication.
As part of this integration b/w AAD & FIDO, in azure portal under "Security
Authentication methods | Authentication method policy (Preview)" AD Admin have been provided UI options to enable FIDO Authentication either for a particular user or group which will be followed by end user side set up process using MS self service portal "https://myprofile.microsoft.com"
Are the above steps involved in AAD & FIDO integration, can be accomplished programmatically via graph api endpoints or any other rest end points?
Is AAD having its own API public endpoints apart from Graph API endpoints?If not why AAD not having its own API public endpoints?
The above steps for AAD and FIDO integration can be done via portal at this point . The underlying functions involved are not exposed through any API at this point . the feature is still in preview and is a work in progress. This may change a little more before it goes GA depending upon existing feedback by the users/customers and internal tests.
There is older API called Azure AD graph API but its not being actively developed for any new features. The Microsoft Graph API is the newer API and it is being designed as a single consolidated API (single endpoint https://graph.microsoft.com) with a robust back-end to interact with Microsoft 365 cloud Services. Earlier Micrsooft had many different APIs to manage end user experiences and Identities however as we evolved a lot of customers/partners demanded consolidation so that it was easier for them to write their customer code for management and build any software on top of Microsoft Azure AD hence one single API backend was built and released as Microsoft Graph .
As for the programmatic access to FIDO settings , I would suggest you to upvote an existing feature request related to the same on Azure feedback site. The Azure Feedback uservoice site is periodically reviewed by the product group and it helps in prioritization of requested features for development.
I got 401 unauthorized when trying to export a report from Power BI online by using the Power BI REST API.
My access token works fine with other API methods. I am also setting full API access in App registrations.
When I logged in by using the same account and use 'try', the access token provided in this test actually works.
https://learn.microsoft.com/en-us/rest/api/power-bi/reports/exportreport
Has anyone successfully used this method?
You will need to create an Authentication app and provide the right privileges corresponding to the REST API you are loading from. For this particular API Microsoft suggests to provide Report.Read.All or Report.ReadWrite.All privileges.
You can achieve this directly by creating an authentication application from https://dev.powerbi.com/apps.
You will also need to make sure you grant the admin consent once your app is up and running.
Also, make sure the request you are creating is in the right format. If you match your request with the one specified here : https://learn.microsoft.com/en-us/rest/api/power-bi/reports/export report and test to check if it working with your parameters and login, you should be able to make it work with your code. Also test it with Postman to make sure you are entering the right configuration in the request and you know what you are requesting.
Once you have all this in place, you should not have any issues accessing the right data.
I have created a RESTful API for all the WSO2 store APIs by using the swagger definition. (https://raw.githubusercontent.com/wso2/carbon-apimgt/v6.1.66/components/apimgt/org.wso2.carbon.apimgt.rest.api.store/src/main/resources/store-api.yaml)
The GET call which does not require any scope, can be called easily from the Stores API console but when trying to call the APIs which have the (apim:subscribe) scope I get "Unauthenticated Request".
NOTE: I am able to use the curl commands to access the STORE APIs by creating tokens but here I am trying to use the swagger file to publish the Store APIs. I have noticed that in the store under the Application-> Production Keys -> Scope there is the apim:subscribe scope available after I've created this API via the swagger file but even when I try to access the APIs using this scope, I still get the "Unauthenticated Request" error.
Can someone tell me what I am missing or doing wrong?
The Swagger specification has a Security Definitions Object:
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-definitions-object
Once you configure it correctly you will have some new elements in the UI, you should see the Authorize button on the top left, and to the right of each action that requires authentication you should see a lock.
See the petstore demo:
http://petstore.swagger.io/
Here are a few more examples:
http://turoapi.azurewebsites.net/swagger/ui/index
This one has an API Key Authentication
http://swagger-net-test.azurewebsites.net/swagger/ui/index
This one has an OAuth2 Implicit Grant
I'm trying to Enable/Disable a logic app on Azure using the management APIs. I always get a 403 saying the client: with object id does not have authorization to perform 'Microsoft.Logic/workflows/disable/action' ...
I do use the authentication token in my request and so far have been able to use the API to list all workflows, get trigger histories and in/out messages using the same method.
Any suggestion?
I've seen this issue a lot before if you are calling the http:// instead of https:// - we are looking into automatically redirecting, but for now you will need to make sure you are calling the https:// endpoint with the correct method (in this case a PUT)
EDIT: We discovered the issue was the account being used to perform the enable/disable didn't have contribute permissions.