I deployed the network to query from the REST client and launched the REST instance. I wanted to use Google Oauth for the authentication needs but there happens to be an authentication error.
The network is on the localhost:3000 and looks fine; however, when I import a business card and "try it out" the /system/historian I get this response body:
"error": {
"statusCode": 500,
"name": "Error",
"message": "Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Enrollment failed with errors [[{"code":20,"message":"Authorization failure"}]]",
"stack": "Error: Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Enrollment failed with errors [[{"code":20,"message":"Authorization failure"}]]\n at client.getUserContext.then.then.catch (/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:395:34)\n at \n at process._tickDomainCallback (internal/process/next_tick.js:228:7)"
The expected behaviour was to get a set of transactions showed up
I checked the wallet, thinking I might have a problem with the card but there seems to be no problem. The code is 200 which is expected, and here is the response body:
[
{
"name": "liner1",
"default": false
},
{
"name": "liner1#iot-perishable-network-advanced",
"default": true
}
]
If you have got as far as importing a card to a Wallet, then your Google Oauth config is fine.
This looks like a problem with the card you have imported. When the Identity is Issued (and the Card is created) a one-time secret is created. When the card is used for the first time the secret is exchanged for Certificates/Keys and the the one-time secret is invalidated.
I'm guessing that you have imported a .card file for a user which has already been used, so now the secret is invalid. If I'm right, you need to export the card from the place where it is working to a new .card file that contains the certificates/keys, and import that new .card file into the REST server wallet. Maybe the command composer card export is what you are looking for.
There is more information on cards in the Composer Knowledge Wiki.
Related
i am trying to hit https://playdeveloperreporting.googleapis.com/v1alpha1/apps/com.example/anrRateMetricSet.
It returns 403: permission denied
Here i am trying to capture the health metrics for my android app from Google console.
Reference:https://developers.google.com/play/developer/reporting/reference/rest/v1alpha1/vitals.anrrate/get?hl=en_GB
So i have Service account created on google console under "I AM and Admin"
I am trying to hit "https://playdeveloperreporting.googleapis.com/v1alpha1/apps/com.example/anrRateMetricSet"
By using access token created from key.JSON downloaded from linked Service account to the project.
But i am getting
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Could n't understand what might be the issue. Since the Service account is linked to project.
Your help is highly appreciated . Thank you
We has been using ShareFile API for downloading the Citrix Attachment. We are using Oauth 2.0. The general flow is - our clients will authorize the our Citrix ShareFile App to grant permission for accessing their files. Oour ShareFile app should already have the required permission\scopes because with the same app we are successfully downloading attachment files of our customers. However, we are having some problems with one client.
When we tried to download that attachment with the access token, we are getting the following error:
Request:
https://myclientdomain.sf-api.com/sf/v3/Shares(sfe78bf8c64fc465caf1c368cc61fdd0e)/Download(fie36670-d35a-a180-e24e-e13643a70d9e)
Response:
{
"code": "Forbidden",
"message": {
"lang": "en-US",
"value": "Share download requires defining Name, Email and Company"
},
"reason": "NotAuthorized"
}
I refreshed the new token from Postman and after that, the token can download the same attachment. But the surprising point is - the same access token will not work after a few hours and started to see the same error.
I would also like to know what the error message "Share download requires defining Name, Email and Company" refers to.
Please also note that the customer had reauthorized the app but even with that new access token, we are getting the error.
Any help would be highly appreciated!!
I have configured our Azure Data Factory with a REST Link Service. I have obtained a valid token from the end service.
The token successfully works when using the token with POSTMAN, but the token returns Error status code 401 Unauthorized with Azure Data Factory.
As you can see with POSTMAN when I send a GET request with the Token I get data back:
However, with Azure Data Factory I get the error:
{
"errorCode": "2200",
"message": "Failure happened on 'Source' side. ErrorCode=RestCallFailedWithClientError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Rest call failed with client error, status code 401 Unauthorized, please check your activity settings.\nRequest URL: https://pm2.preqinsolutions.com/apiCore/api/countries.\nResponse: ,Source=Microsoft.DataTransfer.ClientLibrary,'",
"failureType": "UserError",
"target": "Copy data1",
"details": []
}
The ADF Link Service is a follows:
Can someone see something obvioius that would prevent access due 401 Unauthorized status with ADF?
I have also tried the following ADF configuration. However, I'm getting the same error:
Please try changing the authHeader name to Authorization and the value to Bearer <your API key>. I suspect from the screenshot of Postman that is what it’s doing. If that does not work then please provide a link to the documentation. This explains Bearer tokens.
You might also check the lifetime of your access token and make sure it doesn’t expire after an hour, for example.
I did a quick test against a REST API I know (Power BI REST API). The linked service looks like this and the value for the Authorization header was Bearer MY_ACCESS_TOKEN_HERE.
The dataset looks like:
The source of the Copy activity looks like:
This succeeded.
I would suggest you contact pm2.preqinsolutions.com support to see if they can provide more information on your access token / API key and have them confirm that the API isn't restricted to be accessed from only certain allowed API addresses. (ADF will not be accessing it from an on-premises IP address like your laptop.) You might also change the REST API linked service to use a self-hosted integration runtime instead of an Azure integration runtime to validate the IP address the API is called from isn't the issue.
I am working on a colab project with google cloud bucket. At first, I use my own Gmail account A, but I notice that I need a google service account for some operations. So I activate a service account B and I successfully log in with this service account.
But here are still a permission error:
tensorflow.python.framework.errors_impl.PermissionDeniedError: Error executing an HTTP request: HTTP response code 403 with body '{
"error": {
"code": 403,
"message": "gmailaccountA#gmail.com does not have storage.objects.list access to the Google Cloud Storage bucket.",
"errors": [
{
"message": "gmailaccountA#gmail.com does not have storage.objects.list access to the Google Cloud Storage bucket.",
"domain": "global",
"reason": "forbidden"
}
]
}
}
When I double check and run the "gcloud auth list", I get two active accounts, one is my gmail account A and one is my service account B. How could I make sure I am using the service account?
In order to set the account you want to use you can first list them to check the ones available using
gcloud auth list
and to set the chosen one use:
gcloud config set account ACCOUNT
You can read more about the gcloud config set command and its properties here
I'm attempting to use http://code.google.com/p/gwt-oauth2/ to connect to Azure AD. I know I have the url & client ID (and I added the ability to add a response type and state to the outgoing URL) set correctly because I connected and got an authorization failure for my app, talked with the admins, got them to authorize my app, and now connect through.
The problem is that I get the error message "Could not find access_token in hash", followed by a completely empty hash, with the AD connect.
Google connect works just fine. For Azure AD I'm using "code" as the response_type and "oauth2" (I've also tried "openid", no difference) as the scope