I've created custom authorization flow and I'd like to change browser binding flow to this custom made with API call.
I've figured that out if anyone's interested.
curl -X PUT -H "Content-Type: application/json" -H "Authorization: Bearer $KEYCLOAK_TOKEN" -d '{"browserFlow": "Custom flow"}' 'http://keycloak:8080/auth/admin/realms/master/'
Related
I've published an API in WSO2 AM and now, when I try to test the API by curl, passing the token, it shows an error:
curl request:
curl -X GET "https://192.168.21.120:8243/ms-authorization/1.0.0/authorization/access-type/access-type"
-H "accept: application/json" -H "Authorization: Bearer eyJ4NXQiOiJNell4TW1Ga09HWXdNV0kwWldObU5Er0m9eU..
-iNxXl0D9to5ptemrd42itirPDJiYJJ_FkSMKSfQ6m78X2fr-Tag" -k
response:
{"fault":{"code":900902,"message":"Missing Credentials","description":"Authentication Error. Make sure your API invocation call has a header: testkey is missing"}}
Why is expecting a "testkey" in header?
If you are trying to test the API using the Publisher Test Console, you need to include the generated access token/test key in your curl with the header testkey.
eg:
curl -X GET "https://localhost:8243/napi/1.0/*" -H "accept: */*" -H "testkey: 032456ff-4764-4321-2348-e7ad1ac5t6g0" -k
I just enabled CORS configuration, redeployed the API and everything worked:
How I can set user attribute value using Keycloak Rest API?
Update: The /auth path was removed starting with Keycloak 17 Quarkus distribution. So you might need to remove the /auth from the endpoint calls presented on this answer.
To set a user attribute using the Keycloak Admin REST API; you use the endpoint:
PUT <KEYCLOAK_HOST>/auth/admin/realms/<YOUR_REALM>/users/<USER_ID>
with the payload
{"attributes":{"<ATTRIBUTE_NAME>":["<ATTRIBUTE_VALUE>"]}}
the <USER_ID> you can get it using the endpoint:
GET <YOUR_KEYCLOAK_DOMAIN>/auth/admin/realms/<YOUR_REALM>/users/?username=<THE_USERNAME>
from the JSON response, extract the field id.
Step-by-Step:
You can get that information using the Keycloak Admin REST API; to call that API, you need an access token from a user with the proper permissions. For now, I will be using the admin user from the master realm:
curl https://${KEYCLOAK_HOST}/auth/realms/master/protocol/openid-connect/token \
-d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password"
You will get a JSON response with the admin's token. Extract the value of property access_token from that response. Let us save it in the variable $ACCESS_TOKEN for later reference.
To get the user id from your realm $REALM_NAME:
curl -X GET https://${KEYCLOAK_HOST}/auth/admin/realms/${REALM_NAME}/users/?username=${USERNAME}&exact=true \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN"
From the response extract the user id for example as follows
jq -r .[].id
Or even cleaner is to passed to the
To set the user attribute:
curl -X PUT https://${KEYCLOAK_HOST}/auth/admin/realms/${REALM_NAME}/users/${USER_ID} \
-H "Content-Type: application/json" \
-H "Authorization: bearer $ACCESS_TOKEN" \
-d '{"attributes":{"<ATTRIBUTE_NAME>":["<ATTRIBUTE_VALUE>"]}}'
You can also have a look at setUser script on my GitHub repo.
I've built an Action on Google using the Actions SDK. I want to be able to update the actions.json programmatically on my server. I don't want to have to use the Assistant CLI. Is there a REST API or some other way of updating that file?
I was able to sniff the communication between Google and the actions cli.
Updating the action
Here is the curl request which you can use. Don't forget to add your Bearer (authorization) and after --data-binary you will include your actions.json. The last thing is, to change the endpoint URL at the end with your action id (replace testskill).
curl
-H 'Host: actions.googleapis.com'
-H 'content-type: application/json'
-H 'authorization: Bearer AuthorisationKeyAsRandomStrings'
-H 'user-agent: Gactions-CLI/2.2.4 (darwin; amd64; dev/NsZwRCulTKhlPxMfp)'
--data-binary '{"localizedActionPackages":{"de":{"actions":[{"description":"Default welcome intent","fulfillment":{"conversationName":"testskill"},"intent":{"name":"actions.intent.MAIN","trigger":{"queryPatterns":["sprechen mit test skill"]}},"name":"MAIN"},{"description":"test intent","fulfillment":{"conversationName":"testskill"},"intent":{"name":"test_intent","parameters":[{"name":"color","type":"org.schema.type.Color"}],"trigger":{"queryPatterns":["suchen ein $org.schema.type.Color:color schuhe","kaufen ein $org.schema.type.Color:color shuhe","kaufen"]}},"name":"Test"},{"description":"ciao","fulfillment":{"conversationName":"testskill"},"intent":{"name":"ciao_intent","trigger":{"queryPatterns":["ciao","bye","pa"]}},"name":"Ciao"}],"conversations":{"testskill":{"name":"testskill","url":"https://ae8e6xx.ngrok.io/testskill"}},"locale":"de"}},"name":"agents/testskill"}'
--compressed 'https://actions.googleapis.com/v2/agents/testskill:batchUpdateAllDraftActionPackages'
But there is no guarantee, that this will work in the future because Google can change the endpoint without notifying anybody. So I recommend to stick with actions cli.
Obtaining token without gactions CLI
You need to visit this url:
https://accounts.google.com/signin/oauth/oauthchooseaccount?access_type=offline&client_id=237807841406-o6vu1tjkq8oqjub8jilj6vuc396e2d0c.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Factions.builder&state=state&o2v=1&as=ZmeGyvTUA3FLgRPS1_rd1A&flowName=GeneralOAuthFlow
After authorization you will get the token. This needs to be send with another curl request. You need to replace PlaceYourUrlEncodedTokenHere with your token, but it needs to be url encoded.
curl
-H 'Host: accounts.google.com'
-H 'content-type: application/x-www-form-urlencoded'
-H 'authorization: Basic MjM3ODA3ODQxNDA2LW82dnUxdGprcThvcWp1YjhqaWxqNnZ1YzM5NmUyZDBjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOjZ1TlVQakZvd3pVRThTbGlWWlg2a2VZMA=='
-H 'user-agent: Go-http-client/2.0'
--data-binary "code=PlaceYourUrlEncodedTokenHere&grant_type=authorization_code&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob"
--compressed 'https://accounts.google.com/o/oauth2/token'
After that you will receive json response from google which conatins access_token. This you will add to your request as Bearer.
Since yesterday i'm having a problem with actions cli, when i try to update my actions.json i have this error with oauth
Error 401: disabled_client
The OAuth client was disabled.
enter image description here
I am writing an application to fetch query logs from google cloud sql using stack driver monitoring. I am able to retrieve the logs using API explorer. I will be using a curl call to download the logs.
curl --header "Authorization: Bearer ACCESS_TOKEN" --header
'Content-Type: application/json' --header 'x-referer:
https://developers.google.com' -X POST --data
'{"resourceNames":["projectname"],"filter":"logName=logname"}'
"https://content-logging.googleapis.com/v2/entries:list?fields=entries(jsonPayload%2ClogName%2Coperation%2CreceiveTimestamp%2CtextPayload%2Ctimestamp)&key=APIkey"
API key is available in the interface. I have downloaded the json with client details. But I am not able to find any documentation on how to generate ACCESS_TOKEN in this case. Can someone please help me on this?
You can try:
curl -H "Authorization: Bearer "$(gcloud auth application-default
print-access-token) ...
or set:
ACCESS_TOKEN="$(gcloud auth application-default print-access-token)"
and then:
curl --header "Authorization: Bearer ${ACCESS_TOKEN}" ...
I have tried few openid connect end points, but none of them seems working. For example, I tried For getting an authorization code:
https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize
For the token:
https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice
I have also tried these, without success:
https://api.sandbox.paypal.com/v1/identity/openidconnect/tokenservice
https://api.sandbox.paypal.com/v1/identity/openidconnect/authorize
please refer to
https://developer.paypal.com/docs/rest/api/identity/?mark=openid
For example:
curl -v --insecure https://api.sandbox.paypal.com/v1/identity/openidconnect/tokenservice -H "Accept: application/json" -H "Accept-Language: en_US" -d "client_id=<Client-Id>" -d "client_secret=<Secret>" -d "grant_type=authorization_code" -d "code=<Authorization-Code>"
Looking at the documentation, the authorize URI for the sandbox is:
https://www.sandbox.paypal.com/signin/authorize