When trying to get the details for a specific pull request (via a call to ocktokit.pulls.get, I get the error "Resource not accessible by integration". Doing the exact same thing for an issue (octokit.issues.get) works as expected. I'm using the createAppAuth authorization strategy:
const octokit = new Octokit({
authStrategy: createAppAuth,
auth: {
id: APP_ID,
privateKey: PRIVATE_KEY,
installationId: INSTALLATION_ID,
clientId: CLIENT_ID,
clientSecret: CLIENT_SECRET,
},
})
Authorization can't be the issue since I can get details for a (non-PR) issue. How can I get details for a pull request?
Related
I'm following through this link: https://developers.google.com/identity/protocols/oauth2/service-account#httprest_1 in order to have my flutter app log to a log bucket in a google cloud project. Currently getting a
{
"error": "invalid_client",
"error_description": "The OAuth client was not found."
}
when I run the code below to get the access token in dart:
var jsonFile =
await File(jsonPath).readAsString();
var map = jsonDecode(jsonFile);
final jwt = JWT(
{
'iss': map['client_email'],
'sub': map['client_email'],
'aud': map['token_uri'],
'iat': (DateTime.now().millisecondsSinceEpoch / 1000).floor(),
'exp':
(DateTime.now().add(Duration(hours: 1)).millisecondsSinceEpoch / 1000)
.floor(),
},
issuer: map['private_key_id'],
);
final token = jwt.sign(SecretKey(map['private_key']));
print(token);
final accessToken = await http.post(
Uri.parse(map['token_uri']),
headers: {
HttpHeaders.contentTypeHeader: 'application/x-www-form-urlencoded',
},
body: {
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': token,
},
);
The JSON file is the credentials of a service account with logging admin role in the GCP project.
Invalid client means that the client id or the client secret that you are using are not valid.
As per the official documentation,
When attempting to get an access or refresh token, you will get an
"Invalid client" error if you provide an incorrect OAuth 2.0 Client
Secret. Make sure the client_secret value you're using in access and
refresh token calls is the one for the OAuth 2.0 Client ID being used,
as found in your GCP Credentials page.
Also refer to this SO link Github link for more information.
Strapi Version: 4.1.5
Operating System: Debian GNU/Linux 9
Database: PostgreSQL 13
Node Version: v14.16.0
NPM Version: 6.14.11
Yarn Version: v1.22.5
Hi everyone, I can’t seem to find consistent information on how to use permissions with a custom plugin in Strapi. I want to make an endpoint available to my front-end (Next.JS) application, but only when the front-end application has authenticated as a user and using the JWT that is returned from authenticating with Strapi. I keep getting a 401 returned.
Here’s what I’m doing:
I used this page to set up authentication in Strapi. I have a user created in Strapi, and from the front-end, I can authenticate and it returns a JWT token. When I set up collection types to only be accessible with the “authenticated” role, I can access those collection types in the api using this JWT token. So all of that works. The problem is that I can’t get this to work with my custom plugin, and I’m not sure why. I still get a 401 error instead.
Here’s how I set up the permissions:
Based on this page, I initially tried to leverage the isAuthenticated permission that the Users & Permissions plugin provides:
{
method: "GET",
path: "/progress",
handler: "memberProgress.getProgress",
config: {
policies: ['plugins::users-permissions.isAuthenticated']
},
},
Unfortunately, this did not work. The server raised an error, saying that this could not be found. So back on the document linked above, I decided to take the approach of creating my own gloabl permission. I created src/policies/is-authenticated.js with the following contents:
module.exports = (policyContext, config, { strapi }) => {
if (policyContext.state.user) { // if a session is open
// go to next policy or reach the controller's action
return true;
}
return false; // If you return nothing, Strapi considers you didn't want to block the request and will let it pass
};
Then, I modified my plugin’s route as follows:
{
method: "GET",
path: "/progress",
handler: "memberProgress.getProgress",
config: {
policies: ['global::is-authenticated']
},
},
This is all based on that document I linked to. Unfortunately, this still does not work. It seems to find the permission (server doesn’t raise an error about it), but when I try to access my plugin’s endpoint with the JWT token, I just get a 401 error.
Here is how I’m trying to access the endpoint on the front-end:
// VERIFIED, auth works and I get the expected jwt
const strapiAuth = await strapiApiAuth();
if ( strapiAuth && strapiAuth.hasOwnProperty("jwt") ) {
try {
const response = await axios.get(
`${process.env.STRAPI_BACKEND_URL}/member-progress/progress?year=2022&name=&pageSize=10&page=1`,
{
headers: {
Accept: "application/json",
Authorization: `Bearer ${strapiAuth.jwt}`
},
timeout: 500,
}
);
console.log(response);
} catch (error) {
// This is where I land with the 401 error
console.log(error);
}
}
Strapi check if you have a valid jwt by default with "authenticated" role, but you must mark the permission to your custom endpoint in "Settings→User & Permission Plugin→Roles" of admin panel also.
update: even such a request get bad credential ==>
curl -H "Authorization: token [token]" https://api.github.com
===============
I made a request for GitHub OAuth like this in my iOS app:
URL: https://github.com/login/oauth/authorize,
params: client_id: ****, redirect_uri: app_url, scope: "repo", state: "0"
After redirection from Safari I get a code. I need to access to two things:
User data, like email and etc. Also updating user data.
List of repositories and commits in public and private repos.
I make following requests:
URL: https://api.github.com/user, get and patch
Header: Authorization: token [code]
URL: https://api.github.com/repos/:username/:repoName
Header: Authorization: token [code]
But unfortunately, I get the following error:
401, Unauthorized
{
"message": "Bad credentials",
"documentation_url": "https://developer.github.com/v3"
}
What is the problem and how can I solve it?
As it is said in this blob (NOT the main documentation) you have to exchange token (which is temporary) with a bearer token via this api:
the main api
Here comes the documentation for others:
Github blob documentation
The following curl command works:
curl -u your_git_name:your_personal_access_token https://api.github.com/user
I am using OneDrive api to upload files in my Ruby on Rails application and OneDrive API started giving the unauthenticated error on uploading file using the endpoint /drive/root:/#{filename}:/content. The error is given below:
{"error"=>{"code"=>"unauthenticated", "message"=>"Must be authenticated to use '/drive' syntax"}}
Then I got a new refresh_token by following the OneDrive Docs using scope files.readwrite offline_access.
For OneDrive authentication, I am sending POST request to the endpoint https://login.microsoftonline.com/common/oauth2/v2.0/token to get access_token using the refresh_token with the following headers and body:
headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
body = {
'client_id' => "<Client ID>",
'grant_type' => "refresh_token",
'redirect_uri' => "<Redirect URI>",
'client_secret' => "<Client Secret>",
'refresh_token' => "<Refresh Token>",
}
Am I using the correct endpoint to get access_token from refresh_token?
The base uri I am using to upload files to OneDrive is https://api.onedrive.com/v1.0
Can anyone please help me why I am I getting unauthenticated error or how can I use '/drive' syntax for authentication?
Thanks in advance!
Solved:
In my case, I was using "Code flow" for the Authentication and using the following url to get code in parameter:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=CLIENT_ID&scope=files.readwrite offline_access&response_type=code&redirect_uri=REDIRECT_URI
Visiting the above url opened the redirect url with a long code parameter which I was using to get access_token and refresh_token but that access_token was not working on uploading files to OneDrive and retuning "unauthenticated" error mentioned in question.
After doing research, I found that the url I am using to get code for OneDrive authentication is for Microsoft Graph. The correct url for Microsoft Account is given below:
https://login.live.com/oauth20_authorize.srf?client_id=CLIENT_ID&scope=onedrive.readwrite offline_access&response_type=code&redirect_uri=REDIRECT_URI
Visiting the above url in browser redirected me to the page with code parameter as well but it was small code like K9vb4e786-afg6-1a3b-1234-12abc01234ca.
I used this code to get access_token and refresh_token using the below POST request:
body = {
client_id: "CLIENT_ID",
redirect_uri: "REDIRECT_URI",
client_secret: "CLIENT_SECRET",
code: "CODE",
grant_type: "authorization_code"
}
headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
r=HTTParty.post('https://login.live.com/oauth20_token.srf', headers: headers, body: body)
This request returned access_token and refresh_token in response. I used this refresh_token to get an access_token in each request and file uploaded successfully.
Conclusion: I was using Microsoft Graph authentication process ie, https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/graph-oauth which was incorrect. Then I followed Microsoft Account authentication ie, https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/msa-oauth which resolved the issue.
Update:
Later I used my Office-365 business account for OneDrive file uploading. For this account, OneDrive authentication process is different ie, https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/aad-oauth and it worked.
I am trying to get all the issues with respect to a project by exposing the sentry api hosted on a private server but getting below response even after using basic auth.
{
"detail": "Authentication credentials were not provided."
}
And after generating api key, getting invalid key.
Thanks
You should add this header:
header = {'Authorization': 'Bearer TOKEN'}
to your request.