I'm developing an application based on Stalker Portal API v3. I'm following the guidelines as given here: https://wiki.infomir.eu/eng/ministra-tv-platform/ministra-setup-guide/rest-api-v1#RESTAPIv1-Authentificationandauthorization
The problem I'm facing is authorization. I'm doing request to API URL with authorization header like the following (I've changed the actual base64 encoded string.):
Authorization: Basic YeRtd462Q==
But it always says:
{"status":"ERROR","results":"","error":"401 Unauthorized request"}
The hash is defined by
base64_encode("$admin:$password"); // written in php language.
How can it can be solved? Will it be different username/password than what I used to login at: http://127.0.0.1/stalker_portal/server/adm/
(I tried to add tags like: stalker, stalker-api but I don't have enough reputation to create these missing tags.)
Though it is not well documented, I've managed to find the username/password that should be used. It is not the administrative login credentials, rather username & password that is set in file:
/path/to/stalker_portal/server/custom.ini
Here is the snippet of the configuration file:
[server_api]
; API required for tv archive, pvr and billing
enable_api = true
enable_soap_api = false
; For security reasons it is highly recommended to use HTTP authentication
api_auth_login = <username>
api_auth_password = <password>
That's it.
Using these in my request authorization header solves the problem. And don't forget to set enable_api = true to enable the REST API.
Related
I am developing a ui5 app using the managed app router to try to consume destinations from the BTP. The destination uses a BasicAuthentication with a technical username and password and the connection works but when I am trying to access the data from my UI5 app I get a 401 Unauthorized response code.
In the xs-app.json of my app is the authenticationType xsuaa. I can provide some file and snippets if this helps.
Does anyone have an idea what the problem is? Thanks for your help.
yes, you need to have your SAPUI5 app send the HTTP Authentication header in the request. You can use Chrome DevTools to see that HTTP header; it should have the name 'Authorization' followed by a 'Basic' + basic64 cipher.
(exemple here How to hide the basic authorization credential in browser response header? )
About Basic Auth : https://learn.microsoft.com/en-US/aspnet/web-api/overview/security/basic-authentication
Instead of setting directly that HTTTP header (with username/password) in your app, I'd recommend to use your server authentication default process.
I am very new to shiro and keycloak, I don't know how to add JWT configuration into shiro.ini for authenticating user using keycloak as authorization server.
What you are trying to archive with your resource and authorisation server looks like the rfc6749 Implicit Grant. Shiro brings no filter implementation for anything like this out of the box. You might have to write your own custom Filter, Realm, Token, Info, Matcher and Principal for this.
Alternatively there is a oAuth2 Server and Client example on GitHub using Shiro and implementing the mentioned classes. Its outdated but still gives the basic idea what you need to do.
If you don't like to follow the rfc6749 specification you can simply implement an AccessControlFilter and redirect your user to the authorisation server if no bearer is present in the Authorization header of the request. There is already an tutorial on how to achieve this here. In particular you should look at the onAccessDenied code from the examples JWTVerifyingFilter since this is the method where your redirect should take place.
I suggest you follow the buji-pac4j-demo and take a look at the shiro.ini file there. it has a implementations for different web service authentication protocols (including JWT).
I believe this is the relevant snippet:
signingConfig = org.pac4j.jwt.config.signature.SecretSignatureConfiguration
signingConfig.secret = 12345678901234567890123456789012
encryptionConfig = org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration
encryptionConfig.secret = 12345678901234567890123456789012
jwtAuthenticator = org.pac4j.jwt.credentials.authenticator.JwtAuthenticator
jwtAuthenticator.signatureConfiguration = $signingConfig
jwtAuthenticator.encryptionConfiguration = $encryptionConfig
parameterClient = org.pac4j.http.client.direct.ParameterClient
parameterClient.parameterName = token
parameterClient.authenticator = $jwtAuthenticator
parameterClient.supportGetRequest = true
parameterClient.supportPostRequest = false
I am trying to do basic authentication to call a rest service.
On service doc the procedure mentioned for CURL is like this
curl -X POST https://secure.clientservice.com/api/transactions.json -u [TOKEN]:[KEY] -H 'Content-type: application/json' \
-d "{\"transaction_type\":\"request\",\"amount_in_cents\":\"3000\",\"email\":\"user#example.com\"}"
I got stuck how to send the [TOKEN]:[KEY] for authentication from chrome rest client.I am having both user token and key and doc is saying i have to do Http Basic access authentication
On rest explorer i am trying like below
But this is giving un authorized access as seems to be the Authorization header is wrong where i am encoding [axkKtfBAaPABCh59SA]:[S7RwBG2eZ3y8mDs8VS] this value to base 64. Am i doing in right way or am i missing something.
Add the Authorization header: Header Forms --> ADD HEADER --> Begin typing in Authorization.
and add the basic auth info by clicking on the Edit (pencil) button on the right. A form to fill credentials will pop up:
Advanced REST Client will take care of encoding
I think should encode without the "[" “]“, it could be your problem. Also verify that your token is still valid (it could be expired)
if this doesn't solve your problem can you provide me the error message you get (in your picture the result seems to be ok).
This is an Old question, and has been answered as to how this should be done in Advanced REST Client. But i would still like to point out that you need to enter the basic Authentication Header like this:
Header Name: Authorization
Header Value: Basic
so if your username was user1 and password was abc then you would need to find the base64 encoded value of "user1:abc" which is "dXNlcjE6YWJj" (you can do this in one of many online tools available, just serach for "base 64 encode online").
In this case your header will become like:
Authorization -> Basic dXNlcjE6YWJj
When I try to access rest API using iPhone I have passed following parameter in URL and used both methods POST and GET but it displays Access Denied.
oauth_version="1.0",
oauth_signature_method="HMAC-SHA1",
oauth_nonce="B0dlzkfMWCAn0TJ",
oauth_timestamp="1366280813",
oauth_consumer_key="klkjylsiozbv6vfdsqtuheqo3kmqqzv2",
oauth_token="t9pefrwylmg7webyepsqepotlhzbytkp",
oauth_signature="NeOwbCLUPbIyF9ErnHoFQOl9%2Bwo%3D"
I have worked with REST Client plugin available for Firefox and Chrome, REST API is work well using REST Client plugin but not accessible in iPhone.
I am generating a random value for oauth_timestamp, oauth_signature and oauth_nonce then also REST API is displaying Access Denied.
Please provide suggestions.
//here final_sign is signature generated from following procedure.
$nonce = substr(md5(uniqid('nonce_', true)),0,16);
$temprealm="http://magentohost/api/rest/products";
$realm=urlencode($temprealm);
$oauth_version="1.0";
$oauth_signature_method="HMAC-SHA1";
$oauth_consumer_key="dfddfgdgdfgddf6qgygmyvw7e3";
$oauth_access_token="fdgdfgfdgdfg357gimpdnuejvcbtk51ni";
$oauth_method="GET";
$oauth_timestamp=time();
$algo="sha1";
$key="sb88hfdihyg25ipt1by559yzbj2m3861&s7uhaheu8nrx961oxg6uc3os4zgyc2tm"; //consumer secret & token secret //Both are used in generate signature
$data="oauth_consumer_key=".$oauth_consumer_key."&oauth_nonce=".$nonce."&oauth_signature_method=".$oauth_signature_method."&oauth_timestamp=".$oauth_timestamp."&oauth_token=".$oauth_access_token."&oauth_version=".$oauth_version;
$send_data=$oauth_method."&".$realm."&".urlencode($data);
$sign=hash_hmac($algo,$send_data,$key,1); // consumer key and token secrat used here
$fin_sign=base64_encode($sign);
echo $fin_sign;
From your question I understand that you use a random value for the signature and the nonce.
The latter would be fine, but a random signature would lead the receiver not to trust you as a legitimate client.
So, actually, you get the response you requested (;-)). But that does not solve your problem.
You have to generate a valid signature for the magento system.
There are many other question related to this, but they didn't help me fix my problem.
I'm using the Facebook server-side login for a website, which I want to test locally. The path that initiates the login action is [http://localhost:8080/fblogin] (this redirects to the Facebook login dialogue, and goes from there).
I can successfully get the code, but when I try to exchange that for an access token, I get the following error:
{"error":{"message":"Missing redirect_uri parameter.","type":"OAuthException","code":191}}
I am providing the redirect_uri, url encoded and it is the same as the one I use to get the first code. Here is the url I'm using to request the access token (with the all-caps query string parameters replaced with their actual values, of course):
https://graph.facebook.com/oauth/access_token?client_id=CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ffblogin&client_secret=CLIENT_SECRET&code=CODE_FROM_FB
I suspect this might have to do with how my app is set up on Facebook. Here are the values I have set:
Display Name: (an actual display name here)
App Domains: localhost
Contact email: (an actual email here)
Site URL: [http://localhost:8080/fblogin]
What do I need to tweak in the settings to get this to work? Or does this look correct?
By the way, if it makes any difference, I am using the Play! framework, version 2.0.1
After digging around a little more, I found that it was necessary for me to use POST when sending the request from my server to get the access token.
Interesting that using POST worked for you as this didn't for me.
In any case, did you add the query parameters using setQueryParameter()? (see How to make multiple http requests in play 2?)