Thinksboard - Authentication in API rest call failing - rest

I have to use thingsboard by rest API as it is showed on the guide https://thingsboard.io/docs/reference/rest-api/
In particular, I have a live-demo server and a custom user with administration permission.
I can authenticate it with the username/password on the thingsboard interface
Unfortunately, when I try the following command
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"username":, "password":}' 'https://THINGSBOARD_URL/api/auth/login'
I receive the following output:
{"status":401,"message":"Authentication failed","errorCode":10,"timestamp":"..."}
Anybody can help me?
I will glad,
Gianluca

Solved
It was certifciate problem,
I bypass it by the following command:
tokenAuthResp = requests.post(url, headers=headers, json=loginJSON, verify=False).json()

Related

Postman works, but the "Code snippet" generated no. cURL

From my computer the query via postman to my endpoint works, it returns the expected result.
but the code generated by "code snippet" does not work, what could be the cause ?
--That code doesnt work. But in postman yes (same laptop)
curl --location --request POST 'https://service' \
--header 'Ocp-Apim-Subscription-Key: myKey' \
--header 'Content-Type: audio/mpeg' \
--data-binary '#/path/audio_test.mp3'
Error: curl: (28) Failed to connect to <service> port 443: Timed out
To check that it is not a problem with my end, I tried another service that works in postman and the code generated by postman through "code snippet" works as well.
-- That works in postman and in my consol --
curl --location --request POST 'https://´service' \
--header 'Key: myKey' \
--header 'Content-Type: application/json' \
--data-raw '{"text":"myText",
"language": "en"
}
'
its return the expected result
Does anyone have any idea where I could look? Thanks
curl: (28) Failed to connect to port 443: Timed out
This will likely be a connection error either due to the client context (application/terminal) or the client host (the device itself). I assume the second request doesn't try to hit the same location or it was ran from another context.
Check your connection first and then troubleshoot from your way up. To do so, in the same exact place you're running your curl run the following:
telnet service 443
Where service is the endpoint you are using in the request. If that still gives the same error then the issue is down to a networking problem. Check from other clients, check VPNs or other applications that could be causing the blockage.

PCF p-config-server /decrypt api returning 403 forbidden error

While trying to use encryption/decryption feature of spring cloud config server with Pivotal Cloud Foundry's p-config-server service which is configured with a symmetric key for encryption, I am getting a 403 forbidden response which calling /decrypt on config server .
I am able to call the /encrypt endpoint successfully for encrypting values using below sample curl -
curl --location --request POST 'https://config-xxxx.apps.xxx.com/encrypt' \
--header 'Authorization: bearer <cf oauth_token here>' \
--header 'Content-Type: text/plain' \
--data-raw 'sample data'
But when trying to decrypt those values using /decrypt, I am getting 403 Forbidden error -
{
"error": "access_denied",
"error_description": "invalid issuer"
}
Sample curl for decryption -
curl --location --request POST 'https://config-xxxx.apps.xxx.com/decrypt' \
--header 'Authorization: bearer <cf oauth_token here>' \
--header 'Content-Type: text/plain' \
--data-raw '<encrypted value from previous step>'
In pivotal's config server documentation though there are reference to /encrypt but nothing related to /decrypt pivotal config server
Any pointers ?
In the Pivotal/Tanzu Spring Cloud Services (commercial product), the /encrypt API is exposed to anyone with the admin scope or to anyone that is a Space Developer in the space of the service.
The /decrypt endpoint is not exposed specifically, so you're not allowed to access with the same credentials, hence why you're seeing a 403.
My quick read of the code is that you'd need a token with scope config_server_<guide>.read to access that endpoint. Where <guid> is the config server's service guide (run cf service --guid <name> to obtain the guide).
To make that work, you'd need to get a token from the bound service or a service key, the latter is easier:
Run cf create-service-key <service_instance> decrypt-key
Run cf service-key <service_instance> decrypt-key
Run export TOKEN=$(curl -vv <access_token_uri> -d 'grant_type=client_credentials' -d 'client_id=<client_id>' -d 'client_secret=<client_secret>' | jq -r .access_token) where the values in <...> are from the output of #2.
Run curl -vv '<uri>/decrypt' -H "Authorization: bearer $TOKEN" -H 'Content-type: text/plain' -d '<encrypted-value>'
These depend on a Bash shell. You can do them on Windows, but the commands will vary. It also uses jq to make extracting the token easier. You could split the command in step #3 into two steps, fetching with curl and manually exporting TOKEN.

Update actions.json withouth using gactions CLI

I've built an Action on Google using the Actions SDK. I want to be able to update the actions.json programmatically on my server. I don't want to have to use the Assistant CLI. Is there a REST API or some other way of updating that file?
I was able to sniff the communication between Google and the actions cli.
Updating the action
Here is the curl request which you can use. Don't forget to add your Bearer (authorization) and after --data-binary you will include your actions.json. The last thing is, to change the endpoint URL at the end with your action id (replace testskill).
curl
-H 'Host: actions.googleapis.com'
-H 'content-type: application/json'
-H 'authorization: Bearer AuthorisationKeyAsRandomStrings'
-H 'user-agent: Gactions-CLI/2.2.4 (darwin; amd64; dev/NsZwRCulTKhlPxMfp)'
--data-binary '{"localizedActionPackages":{"de":{"actions":[{"description":"Default welcome intent","fulfillment":{"conversationName":"testskill"},"intent":{"name":"actions.intent.MAIN","trigger":{"queryPatterns":["sprechen mit test skill"]}},"name":"MAIN"},{"description":"test intent","fulfillment":{"conversationName":"testskill"},"intent":{"name":"test_intent","parameters":[{"name":"color","type":"org.schema.type.Color"}],"trigger":{"queryPatterns":["suchen ein $org.schema.type.Color:color schuhe","kaufen ein $org.schema.type.Color:color shuhe","kaufen"]}},"name":"Test"},{"description":"ciao","fulfillment":{"conversationName":"testskill"},"intent":{"name":"ciao_intent","trigger":{"queryPatterns":["ciao","bye","pa"]}},"name":"Ciao"}],"conversations":{"testskill":{"name":"testskill","url":"https://ae8e6xx.ngrok.io/testskill"}},"locale":"de"}},"name":"agents/testskill"}'
--compressed 'https://actions.googleapis.com/v2/agents/testskill:batchUpdateAllDraftActionPackages'
But there is no guarantee, that this will work in the future because Google can change the endpoint without notifying anybody. So I recommend to stick with actions cli.
Obtaining token without gactions CLI
You need to visit this url:
https://accounts.google.com/signin/oauth/oauthchooseaccount?access_type=offline&client_id=237807841406-o6vu1tjkq8oqjub8jilj6vuc396e2d0c.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Factions.builder&state=state&o2v=1&as=ZmeGyvTUA3FLgRPS1_rd1A&flowName=GeneralOAuthFlow
After authorization you will get the token. This needs to be send with another curl request. You need to replace PlaceYourUrlEncodedTokenHere with your token, but it needs to be url encoded.
curl
-H 'Host: accounts.google.com'
-H 'content-type: application/x-www-form-urlencoded'
-H 'authorization: Basic MjM3ODA3ODQxNDA2LW82dnUxdGprcThvcWp1YjhqaWxqNnZ1YzM5NmUyZDBjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOjZ1TlVQakZvd3pVRThTbGlWWlg2a2VZMA=='
-H 'user-agent: Go-http-client/2.0'
--data-binary "code=PlaceYourUrlEncodedTokenHere&grant_type=authorization_code&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob"
--compressed 'https://accounts.google.com/o/oauth2/token'
After that you will receive json response from google which conatins access_token. This you will add to your request as Bearer.
Since yesterday i'm having a problem with actions cli, when i try to update my actions.json i have this error with oauth
Error 401: disabled_client
The OAuth client was disabled.
enter image description here

Keycloak admin API flow bindings

I've created custom authorization flow and I'd like to change browser binding flow to this custom made with API call.
I've figured that out if anyone's interested.
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer $KEYCLOAK_TOKEN" -d '{"browserFlow": "Custom flow"}' 'http://keycloak:8080/auth/admin/realms/master/'

Creating authorization token for google cloud sql

I am writing an application to fetch query logs from google cloud sql using stack driver monitoring. I am able to retrieve the logs using API explorer. I will be using a curl call to download the logs.
curl --header "Authorization: Bearer ACCESS_TOKEN" --header
'Content-Type: application/json' --header 'x-referer:
https://developers.google.com' -X POST --data
'{"resourceNames":["projectname"],"filter":"logName=logname"}'
"https://content-logging.googleapis.com/v2/entries:list?fields=entries(jsonPayload%2ClogName%2Coperation%2CreceiveTimestamp%2CtextPayload%2Ctimestamp)&key=APIkey"
API key is available in the interface. I have downloaded the json with client details. But I am not able to find any documentation on how to generate ACCESS_TOKEN in this case. Can someone please help me on this?
You can try:
curl -H "Authorization: Bearer "$(gcloud auth application-default
print-access-token) ...
or set:
ACCESS_TOKEN="$(gcloud auth application-default print-access-token)"
and then:
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" ...