I am checking the device access API.
There is a API of device access in SoftLayer_User_Customer.
but I can't find a API of "Automatically grant access when new devices are added".
where can I find that? or SoftLayer doesn't suppot that ?
You have to add permission to implement Automatically grant access when new device are added.
This is the rest api to add permission:
POST
https://[username]:[apiKey]#api.softlayer.com/rest/v3.1/SoftLayer_User_Customer/[userId]/addPortalPermission
Body: Json
{
"parameters": [
{
"keyName": "ACCESS_ALL_HARDWARE" // To add the “ACCESS_ALL_GUEST” and “ACCESS_ALL_DEDICATEDHOSTS” permissions you have to run the same request, changing
} // only the “keyName”.
]
}
To get the “keyName” of all the permission, use the following rest api:
GET
https://[username]:[apiKey]#api.softlayer.com/rest/v3.1/SoftLayer_User_Customer_CustomerPermission_Permission/getAllObjects
To verify that the permission were added, use this rest api:
GET
https://[username]:[apiKey]#api.softlayer.com/rest/v3.1/SoftLayer_User_Customer/[userId]/getPermissions
Related
My Application, needs to grant permission for users to add new work item type or to edit existing work item type of an existing process.
Is there an Azure devops rest API to manage the process level security ?
I could not find any such API in the documentation.
Any help would be appreciated.
Thanks in advance.
needs to grant permission for users to add new work item type or to
edit existing work item type of an existing process
To customize a process, you need to grant Edit process permissions to a user account for the specific process.
I grabbed the following api from the network of the browser to set the Edit process permission to Allow.
POST https://dev.azure.com/{org}/_apis/AccessControlEntries/2dab47f9-bd70-49ed-9bd5-8eb051e59c02?api-version=5.1-preview
Sample request body:
{
"token": "$PROCESS:adcc42ab-9882-485e-a3ed-7678f01f66bc:93xxxxe3-1510-4ae5-9019-f770318a3444:",
"merge": true,
"accessControlEntries": [{
"descriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00037FFE1EBE3CEA#Live.com",
"allow": 1,
"deny": 0,
"extendedInfo": {
"effectiveAllow": 1,
"effectiveDeny": 0,
"inheritedAllow": 1,
"inheritedDeny": 0
}
}]
}
Test in Postman:
Update:
The decoded form of GroupDescriptor can serve as IdentityDescriptor here.
Is it possible to update the value of custom attribute via Keycloak REST API?
For example, which endpoint to use and how to construct a request body for the attribute that was created here.
Thanks!
You have to use Keycloak Admin REST API :
PUT {host}/{basepath}/admin/realms/{realm}/users/{id}
e.g.
http://localhost:8080/auth/admin/realms/alumni-realm/users/cd57cfd8-cb1c-4025-abfd-67fe6b784d22
Request Body (JSON) :
{
"attributes": {
"DOB": "1984-07-01"
}
}
Authorization (Bearer Token) :
Use Admin user access_token for authorization.
If you want to allow User to update their own profile then you have to grant manage-users role in Keycloak. (That user will be able to update other users info hence it is not recommended)
You can use the API for user update with sending only the attribute to be changed:
PUT ../realms/{realm}/users/{userID}
Body:
{
"attributes": {
"myAttribute": [
"NewValue"
]
}
}
It Cause "ID" change when you update user custom attribute via Keycloak REST API PUT ../realms/{realm}/users/{userID}
and you need to GET /{realm}/users two times to get new value in the response
When I test the Graph API Explorer from facebook site and write the following parameters:
https://graph.facebook.com/'groupid'/feed?access_token='my access token'
it returns
{
"data":
[
]
}
I tried it with several group ids and all return the same result, while if I try members instead of feed it returns the list of members.
Is there a bug in the feed of a group?
Here is how you can generate the issue:
Get an access token: xxxxx
Get any Group ID: 123456
Make the graph api explorer call to retrieve the group's wall based on the group id
https://graph.facebook.com/123456/feed?access_token=xxxxxxx
The thing is I first thought the problem was from my code, but when I tried it from facebook graph api explorer I found out that its not returning any results.
Please I would really appreciate the help as this is part of my master's project and the due is within two weeks!!
Assume group id is 481298561918120, please visit https://developers.facebook.com/tools/explorer/?method=GET&path=481298561918120%2Ffeed
If you see
{ "data": [ ] }
, you should click the "Get access token" button on your right-hand, then click/check "user_groups". Finally, click "Get Access Token" and process the dialog to grant permission
After you granted the permission, try to click "Submit" button. Now you should able to see the feed.
Conclusion: make sure you have granted user_groups permission. You can check the permission on "Scope" field at https://developers.facebook.com/tools/debug
As of api version 2.8 the following requirements should be met.
Any valid access token if the group is public (i.e. the group's privacy setting is OPEN)
If the group is not public:
The user_managed_groups permission should be acquired
And user should be an admin of the group you are about read.
Here is the catch
To use the user_managed_groups permission you need to submit your app for review.
Login Review: https://developers.facebook.com/docs/facebook-login/review/what-is-login-review
Otherwise you are left with the response:
{
"data": [
]
}
Group Feed API Source: https://developers.facebook.com/docs/graph-api/reference/v2.8/group
I'd like my application could read the posts from a group.
To do it, I got the access token in the following url:
https://developers.facebook.com/tools/explorer?method=GET&path=404425692946289%2Ffeed
and I call que following url:
https://graph.facebook.com/404425692946289/feed?access_token=debug_token_generated_from_above_url
And it works like a charm.
But I can't get any results when I call the url above with the token that was generated using my application id and secret:
https://graph.facebook.com/oauth/access_token?client_id=myid&client_secret=mysecret&grant_type=client_credentials <--- The token generated by this url does not work! =(
I am receiving the following data:
{
"data": [
]
}
I supposedly have the read_stream extended permission configured on my application.
One way to check for your self what permissions the token in the API explorer has, is to call /me/permissions
In addition grant_type=client_credentials is for app tokens. You need a user token most likely. Please review the documentation where you got that information from.
I found this question, which has an answer, but facebook changed the token format since then, now it is something like:
AAACEdEose0cBACgUMGMCRi9qVbqO3u7mdATQzg[more funny letters]ig8b3uss9WrhGZBYjr20rnJu263BAZDZD
In short, you cannot infer anything from it.
I also found the access token debugger, which shows the information I am looking for if you paste a token in, which is nice, but does not help me do it programmatically.
Point is, if someone gets a token for a user, he can use it to access the graph, which is what I do in my application - I want to be sure that people are forwarding the token that was issued to them by my application, and not another.
My application flow is:
Get access token from facebook (nothing special, in the way it is described in here , Server-side Flow. (also iPhone and android and used, but they have similar flows if I recall correctly))
[device] <-> [facebook]
With that access token, the device will access my application server with the token
[device] <-> [Jonathan's application]
At my server I attach the access token to the user and use that to give permissions to that user in my application. (using the facebook connect to authenticate users)
My application is secured, and the access done is also authenticated regardless of facebook, BUT! in this flow, the a weak link I identified is that I cannot authenticate for sure that the access token I got was signed for my application - I do not like it because I cache the tokens for offline use, I want to be 100% sure they are for my application, with my permissions.
So what will be the (best) way to authenticate that the token I got is related to my application (for relation to user, I use the token to access /me and see which user this token is for)
I do not need to decrypt the token (i guess its some sort of AES), I am just looking for an endpoint that will tell me the token matched my application id.
(EDIT: Using the C# SDK, if it matters.. But a graph/rest call to give that info is just as good as well :) )
https://graph.facebook.com/app/?access_token=[user_access_token]
This will return the app this token was generated for, you can compare that against your app's id.
The official graph endpoint for inspecting access tokens is:
GET graph.facebook.com/debug_token?
input_token=[user_access_token]&
access_token=[app_token_or_admin_token]
Example response:
{
"data": {
"app_id": 138483919580948,
"application": "Social Cafe",
"expires_at": 1352419328,
"is_valid": true,
"issued_at": 1347235328,
"metadata": {
"sso": "iphone-safari"
},
"scopes": [
"email",
"publish_actions"
],
"user_id": 1207059
}
}
app_token_or_admin_token can be obtained using the Graph API call:
GET graph.facebook.com/oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
The debug_token endpoint will fail if that user_access_token doesn't belong to the app that generated the app_token_or_admin_token.
Relevant facebook documentation:
Inspecting access tokens:
https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/#checktoken
App Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
A documented way to ensure this is to use appsecret_proof.
GET graph.facebook.com/v2.5/me?access_token=[TOKEN]&appsecret_proof=[PROOF]
This verifies not only that it is a valid token, but also that the token belongs to the app. It also gets you user data in one go.
You can derive PROOF above in C# using this (from here):
public static string ComputeHmacSha256Hash(string valueToHash, string key)
{
byte[] keyBytes = Encoding.ASCII.GetBytes(key);
byte[] valueBytes = Encoding.ASCII.GetBytes(valueToHash);
byte[] tokenBytes = new HMACSHA256(keyBytes).ComputeHash(valueBytes);
valueBytes = null;
keyBytes = null;
StringBuilder token = new StringBuilder();
foreach (byte b in tokenBytes)
{
token.AppendFormat("{0:x2}", b);
}
tokenBytes = null;
return token.ToString();
}
ComputeHmacSha256Hash(accessToken, appSecret);
Why not to use official way of doing things? Here's the request from FB's own video about security.
Request:
https://graph.facebook.com/debug_token?input_token={token-to-check}&access_token={app_id}|{app_secret}
Response:
"data": { "app_id": {token-app-id}, "user_id": {token-user-id}, ... }
Link to an official video: https://www.facebook.com/FacebookforDevelopers/videos/10152795636318553/
I made a screenshot so that time is visible, and you can find more info if you are interested.