I have created the service account and can see the details in admin console, I need to get the service accounts userid without going to admin console. Is there a api call for that?
Yes, you can use the Get Current User API call:
https://developer.box.com/reference/get-users-me/
The response will contain the ID for the current user, which is normally your service account when using JWT Auth:
https://developer.box.com/guides/authentication/jwt/with-sdk/
Here is a recent forum post which is similar:
https://support.box.com/hc/en-us/community/posts/360049526313-How-to-create-an-email-alias-for-a-JWT-app-
The mailid/userid will be visible to the admin in admin console. The easiest way is to contact the admin to get it.
Related
I using back4app service and as admin I would like to fetch PFUser records and delete some of them if needed.
Currently I am getting error:
User cannot be deleted unless they have been authenticated.
I logged in as a PFUser. Is are any possibilities to do it via masterKey or smth like this?
The best option I see here is to use cloud code as you would not want to give authenticated users permission to delete other users.
So basically you would have to write a Cloud code function where you retrieve users and delete them.
Have a look at this guide below
https://help.back4app.com/hc/en-us/articles/360045500871-How-to-update-a-user-
I have been trying to automate the addition of users to many tagmanager accounts through powershell.
I have manged to get myself through oauth setup, got the access token and refresh token.
However when I go to try and list all the accounts, I get a 403 response, when I look at this in the play ground its working.
Now when I look at GCP, I can see the consent page want to do some domain verification, as I have apparently added sensitive scopes. However I am not building a app, I am just running the scripts as a management/administrative exercise. So I am not sure what i can as the consent form wants me to supply domains, home pages, etc.
Anyone have any ideas?
Regards
Allan
As John said is recommended to use a Service Accounts for non-human users:
https://cloud.google.com/docs/authentication/#principals
https://developers.google.com/tag-manager/api/v2/authorization
Did you fix it?
I have been experimenting with the REST API using my logged in user account's token to then make PUT requests on my user record to update some custom attributes.
In order to get to this work I had to grant my user account the manage-users role in Keycloak, prior to this I was getting forbidden responses back.
I can now make the PUT request successfully, and after logging out and logging back in I can see the updated attributes I set in my PUT request.
But I have now allowed my user to be able to manage all users in my realm, which I dont want to allow.
Instead I only want to be able to update my own account details.
I know the user can view their own profile and make changes on the Keycloak provided screens. But for certain custom attributes I want to be able to do this from the client side application they are logged in to, so using the REST API but not granting them a role that could allow them to update other users details.
Is this possible?
According to the User section Keycloak's Admin REST API, this is not possible.
One solution would be for your client app to send the update request to a backend. The backend will verify that the update request is legit (aka the JWT is verified and the update does apply to the user requesting the change).
Another solution would be to theme the User Account Service's screens to add input fields for your custom attributes, as the documentation says that:
This screen can be extended to allow the user to manage additional attributes. See the Server Developer Guide for more details.
The second option seems the more secure. I hope that helps.
This seems to be possible with the Account Management API.
Unfortunately, I didn't find any official documentation about that. However, there's an example in Keycloak that demonstrates how to do it.
Below rest api provides the membership details of a box user:
https://api.box.com/2.0/users/335014321/memberships
Is there a similar api that will fetch folders connected to box user?
I have tried below rest endpoint but gave response status:
405,"code":"method_not_allowed".
https://api.box.com/2.0/users/335014321/folders
You would probably not be able to get the folders connected to a box user without the oauth token from that user.
If you are an admin of a box enterprise account. You can use the As-User header. You can take a look at this
https://box-content.readme.io/reference#as-user-1
You would have to get an access token as an admin to be able to use the As-User call as well as sending a Support Ticket to Box Support to ask them to activate your application to allow the usage of As-User.
I'm calling
https://graph.facebook.com/<user_id>/?access_token=<valid_token>
or just
https://graph.facebook.com/me/?access_token=<valid_token>
and getting back json object that doesn't contain primary user email which I need.
I setup email permission for the app and no effect.
What can be wrong?
Did you remember to ask for the email permission in the login request? You do this by adding the scope parameter like this in the login request (&scope=email):
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_REDIRECT_URI&state=SOME_ARBITRARY_BUT_UNIQUE_STRING&scope=email
Facebook API reference
You probably do not have email permissions in your access token.
You can verify it with the Acess Token Debugger
I believe that your question is, even after granting permission to access email, you are not able to get email information through the Graph API. In newer versions, you need to pass fields param to the API to get additional information such as email. By default, it only provides id and name in response. Please find a sample below on how to get other info from graph :
https://graph.facebook.com/me?fields=id,email,first_name,gender,last_name,link,locale,name,timezone,updated_time,verified&access_token=<value of access_token>&debug=all
Hope this helps.
It is possible that the email is not verified in facebook. In this case facebook doesn't make it available via the API. Make sure your code handles this case.
Since the release of API version 2.5 you can get user email like this: https://graph.facebook.com/v2.5/me?fields=id,name,email