How to prevent raw github tokens from expiring - github

I want to fetch a file from a github repository and read it from my application using http request url.
I tried using the below http url.,
Example:
https://raw.github.xxx.com/sample-repo/config-details/master/conf/application-dev.conf?token=ABAD5JUZ7O84U7CIKEU4MGY5UWJU6
It worked well, but after a week the token got expired. So I am getting "404: Not found" when I try to fetch the file.
Is there any way to prevent the token from expiring or any better solution to solve this problem?
Update:
Actually I am trying to implement a remote config server in play framework.
I am using play-rconf-http (a library which helps to fetch a config file hosted in a http server)
I will set the remote file url in my app's config file as below,
remote-configuration.http.url = "https://raw.github.xxx.com/sample-repo/config-details/master/conf/application-dev.conf?token=ABAD5JUZ7O84U7CIKEU4MGY5UWJU6"
So while my server starts it will fetch the file from the remote server and load the configuration.
It was working as I expected, but after few days the tokens are getting expired. So I need to solve it.

Related

download gitub artifact from url using wget

I am trying to follow these docs to download an artifact from github using githubs API:
https://docs.github.com/en/rest/actions/artifacts#download-an-artifact
I ran the curl command given in the docs, and it gave me the following url from which to download the artifact (I have replaced the specifics with ...)
https://pipelines.actions.githubusercontent.com/serviceHosts/..../_apis/pipelines/1/runs/16/signedartifactscontent?artifactName=my-artifact&urlExpires=....&urlSigningMethod=HMACV2&urlSignature=....
I am able to download the artifact by putting the URL into my browser (it automatically downloads when the URL is visited) however I tried to use wget to download it via console and got this error:
wget https://pipelines.actions.githubusercontent.com/... # the command I ran
HTTP request sent, awaiting response... 400 Bad Request # the error I got
How can I download a zip file to console? Should I use something other than wget?
I'd like to clarify that viewing this link in the browser is possible even when not logged in to github (or when in private browsing). Also, I can download the zip file at the link as many times as I would like before the link expires after 1 minute. Also my repo is private, which is necessary for my work. I need to use an access token when doing the curl command as described in the docs, however the link that is returned to me does not require any authentication when accessed via a browser.
The api docs seem a bit ambiguous here. It is possible that the redirect can only be accessed a single time in which case you should try generating the redirect and first using wget to parse it. You can then unzip the file using the unzip command.
If that is not the case I believe this statement in the api docs is key:
Anyone with read access to the repository can use this endpoint. If the repository is private you must use an access token with the repo scope. GitHub Apps must have the actions:read permission to use this endpoint.
My guess is that your repository is private and you are logged in on the browser to Github which allows you to be authenticated hence why you are able to download from the redirect link. I would suggest trying from incognito mode to test this.
Migrating the repository to public would allow you to bypass this issue. Alternatively you can pass the authentication token as a header to wget like so in order to authenticate with the server to pull the file.
header='--header=Authorization: token <TOKEN>'
wget "$header" https://pipelines.actions.githubusercontent.com/... -O output_file
The problem was that I didn't put quotes around my url. I needed to do this:
wget "https://pipelines.actions.githubusercontent.com/serviceHosts/..../_apis/pipelines/1/runs/16/signedartifactscontent?artifactName=my-artifact&urlExpires=....&urlSigningMethod=HMACV2&urlSignature=...."

Configuring Shibboleth Metadata File

We have recently migrated to a new hosting environment so have installed a fresh instance of Shibboleth. When we generate sp metadata files, the urls are non-secure (ie http) even though the url used to generate the metadata uses https.
When using the test connection from our own Azure AD system, we see the obvious error: "The reply URL specified in the request does not match the reply URLs configured for the application:"
I have limited knowledge of configuring the system beyond working on shibboleth2.xml and attribute-map.xml so would be very grateful if anyone can point me in the right direction to fix this.
I'm not sure if you managed to configure it but i'm currently working on this as well, and i think i can help.
So the ReplyURL you need to provide in the Azure Portal, is the reply URL that accepts the authentiaction reply message from the identity provider.
In the case of Shibboleth it is:
http[s]://yoursitename/Shibboleth.SSO/Auth/Saml
So if your webpage is for instance:
https://localhost/Foo
The replyURL should be:
https://localhost/Shibboleth.SSO/Auth/Saml
Notice that the page "Foo" is not in the replyURL.
After the authentication the browser should send the IDP reply to https://localhost/Shibboleth.SSO/Auth/Saml, after which Shibboleth should redirect you back to https://localhost/Foo
At least that's the default behaviour.

Gerrit Code Review - How to download a file with wget using http password?

I'd like to donwload a single file from a gerrit server which a no read access for anonymous users.
Therefore I set the http password for the user and tried something like:
wget --user=user --password=passwd "http://example.com:8443/gitweb/?p=...;a=blob_plain;f=...;hb=refs/heads/master"
HTTP request sent, awaiting response... 401 Unauthorized
Unknown authentication scheme.
Is this possible at all using the http password generated in the user settings of gerrit?
Thank you!
Yes, it possible to use the HTTP password generated in the user setting. Have a look at the Authentication documentation here.
However, Gerrit Code Review doesn't allow you to download a single file (unless you have a particular plugin installed to do so). Are you sure downloading a single file is what you want?
the following works for me:
http://your gerrit:8080/gitweb?p=your repository.git;a=blob_plain;f=path/to/file -O file

DocuSign JWT access toke call fails in Dev environment while successful in Local

We are trying to integrate with DocuSign, and using JWT authorization in Spring Boot application.
When I am running my application locally (running in local Tomcat) I am able to connect to DocuSign and email documents successfully. However, once I deployed the code to our Development environment (running Websphere), the call to request JWT token is returning below Exception. Keep in mind I am using the same base URL and Integrator key in both environments:
Exception: Error while requesting server, received a non successful HTTP code 401 with response Body: '{
"errorCode": "PARTNER_AUTHENTICATION_FAILED",
"message": "The specified Integrator Key was not found or is disabled. An Integrator key was not specified."
}'
Call to request JWT token:
ApiClient apiClient = new ApiClient(BASE_URL);
apiClient.configureJWTAuthorizationFlow(currentDir + PUBLIC_KEY_FILENAME, currentDir + PRIVATE_KEY_FILENAME, OAUTH_BASE_URL, INTEGRATOR_KEY, USER_ID, expireIn);
BASE_URL = https://demo.docusign.net/restapi
OAUTH_BASE_URL = account-d.docusign.com
I have values set for the rest of the variables as well; I'm just showing variable names only here.
I have already granted access by making the following call and logging in the browser by making the following call in a test class:
String oauthLoginUrl = apiClient.getJWTUri(INTEGRATOR_KEY, REDIRECT_URI, OAUTH_BASE_URL);
Desktop.getDesktop().browse(URI.create(oauthLoginUrl));
I'd appreciate any help. Thank you.
After days of trying out different things finally resolved my issue, posting the answer here in case it helps someone else.
In my dev env even though file name was loaded correctly apiClient could not load the correct file, and in local tomcat server that was not the case. After seeing the same exception when I changed the fileName in for local server, made a guess that server is failing to read the correct key files.
Instead of passing the file name directly I had to use Thread.currentThread().getContextClassLoader().getResource(publicKeyFileName).getPath(); for both public and private keys and that resolved the issue.

Issue in calling the OneDrive for Business REST API to upload image files

I am facing the issue in calling the OneDrive for Business API to work. Below are the steps I have followed till now:
Created a Web App/API application in Microsoft Azure Portal (A very tricky process). Gave all the permissions.
Got Application ID (A_ID) from there.
Went to the URL to get the 'code' via browser:
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=<A_ID>&redirect_uri=<URI>
Got the code. Did a callout via POSTMAN (using the code, client ID, client secret and redirect URI) to the URL: https://login.microsoftonline.com/common/oauth2/token
Received an Access Token (AT) and other details.
NOW, when I want to use this AT to upload a file, I am getting the error. The URI is: https://<tenant>/_api/v2.0/me/drive/root:/Abc.txt:/content. For headers, I am passing: Authorization-> Bearer AT; Content-Type -> application/octet-stream
The error is:
{"error":{"code":"unauthenticated","message":"Token contains invalid signature.","innerError":{"code":"invalidSignature"}}}
I don't know where the issue is. Is it in the tenant name I am using (There is a chance that I might be using it wrong!) OR is it in the permissions OR I have not set up the app in the Azure Portal correctly OR is it something entirely different.