Keycloak access token not working for dcos-cli - keycloak

I am trying to login to dcos-cli (OAuth enables).
When i type dcos auth login -> this gives me a URL
If i open the URL in browser and enter credentials a code (token) is being generated, using which i am able to log-in into the cli.
This has to be automated so i am sending a curl request
curl -s --data \
"grant_type=password&client_id=dcos&username=dcosuser&password=<>" \
-H "Content-Type: application/x-www-form-urlencoded" \
https://ip:port/auth/realms/DCOS/protocol/openid-connect/token \
| jq -r '.access_token'
But using this access token i am not able to login.
Can anyone please help.

Solved this by a java program which gets the access code from the keycloak-server .and then runs the dcos auth login.
The java code does a GET to https://<ip>/login?redirect_uri=urn:ietf:wg:oauth:2.0:oob
And then from the page extract the "action" attribute from the returned page and then from a POST request to the URL obtained from the "action" with other parameters like password.
Ex: https://<ip>:<port>/auth/realms/DCOS/login-actions/authenticate?code=erpkJ0BaLcp9VV2eTkY_a9xdpeNNzc375Ic7vHxhcMg.1b1461c6-51cd-484e-8c0e-a615600b7156&execution=8ad82be0-2471-40b1-b7e0-3192e0c8a381
Post parameters : username=dcosuser&password=<pass>&login=Log+in

Related

How to authenticate with TestRail API?

I'd like to use the TestRail API, but I am having authentication issues. I setup a Postman to play with the API and query it like:
https://my.testrail.io/index.php?/api/v2/get_users
I saw another SO question that used the Authorization header with basic authentication so I added that:
Authorization: Basic myemail#whatever.com:apikey
When I tried running this I got:
{
"error": "Authentication failed: invalid or missing user/password or session cookie."
}
I've also tried replacing the API key with my password, but that didn't work either. The cURL command generated by Postman is:
curl --location --request GET 'https://my.testrail.io/index.php?/api/v2/get_users' \
--header 'Authorization: Basic <EMAIL>:<APIKEY>' \
--header 'Cookie: tr_session=<GUID>'
I can go to https://my.testrail.io/index.php?/api/v2/get_users in my browser after logging in to TestRail and that does work.
You need to either add your email/key via "Authorization" tab in Postman or you need to encode them by yourself and put into "Authorization" header (Postman can do it for you when you use "Authorization" tab)

Keycloak impersonation API not implemented

I've been trying to use the Keycloak Impersonation API (semi-recent addition) to get an access token for another user. I have created a semi-successful CURL request based on the docs and another StackOverflow question. The CURL request (below) returns a 501 Not Implemented and I am trying to figure this out. If it would be another error I would assume I am doing something incorrectly, but this appears to be at least partially correct.
curl --verbose -X POST "http://localhost:8081/auth/realms/master/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
-d "client_id=admin-cli" \
-d "requested_subject={TARGET_USER_ID}" \
-d "subject_token={USER_MANAGER_TOKEN}"
My workflow so far has been to get the Keycloak master realm "admin" user's access token (successful) and use that in the impersonation request, along with the target user's Keycloak ID. Am I doing something wrong or missing a step?
I haven't changed any Keycloak permissions, is this required?
From my understanding and the documentation, impersonation is currently supported and enabled by default in Keycloak v5 - Sever Installation. However, another article (Keycloak v5 - Token Exchange) seems to indicate that the feature is disabled by default; could this be why I am getting the 501 Not Implemented?
EDIT: #qdivision mentioned that the Token Exchange needs to be enabled for this to work. However, we are using the jboss/keycloak Docker image and I am wondering where I should add the profile.properties file to enable this feature?
Impersonation is enabled by default, Token Exchange is not.
To enable start the server with -Dkeycloak.profile=preview or -Dkeycloak.profile.feature.token_exchange=enabled as mentioned in the docs
https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange

Uber Rush API Sandbox

Trying to test Uber Rush API (from localhost and from linux server).
Calling Token works - I get the token
trying to implement sanbox example:
curl -X "PUT /v1/sandbox/deliveries/{delivery_id}" \
-H "Authorization: Bearer <OAUTH TOKEN>" \
-d "{\"status\":\"en_route_to_pickup\"}"
with url https://sandbox-api.uber.com/
and I tried the same request with file_get_contents (in PHP)
So, I always get error "405 Method Not Allowed"
{"message":"Method not supported for this endpoint.","code":"method_not_allowed"}
What I need to do to get access to method from this sandbox example https://developer.uber.com/docs/rush/sandbox?
Corrent syntax
curl -X "PUT" -H "Authorization: Bearer <TOKEN>" -H "Content-Type: application/json" -d "{\"status\":\"en_route_to_pickup\"}" https://sandbox-api.uber.com/v1/sandbox/deliveries/DELIVERY_ID
EDIT: Updated to reflect both issues in your question...
You have a mismatch in your requests and an incorrect syntax for curl.
First off your CURL request is incorrectly specified. It should be:
curl -X "PUT" -H "Authorization: Bearer <OAUTH TOKEN>" -d "{\"status\":\"en_route_to_pickup\"}" https://sandbox-api.uber.com/v1/sandbox/deliveries/{delivery_id}
In addition, your curl command is trying to issue a PUT request to the uber sandbox PUT API. However, your PHP code is not setting the context correctly and so is probably issuing a GET request. I suspect that the server is therefore rejecting the request as a GET as not allowed to do this sort of operation.
To fix it, see Bad request using file_get_contents for PUT request in PHP. This should give you an example of how to pass in the necessary context to issue a PUT request using file_get_contents().

POST through SoapUI is unsuccessful, but the same request through DHC is completed successfully

I tested REST services with DHC application for Chrome, and POST requests were successful with these parameters:
DHC_successful_POST
But when I try to create the same request in SoapUI, I always get 500 error. Probably, there should be some other parameters or settings in SoapUI, but I cannot see it. What is wrong? Here is my request:
SoapUI_POST_500_fault
P.S.
In DHC there is such code for my request:
curl -i -X POST \
-H "Content-Type:multipart/form-data" \
-F "file=" \
-F "fileName=rich-text.zip" \
So, I just need to find settings for these parameters in SoapUI (free version).
Are there any suggestions?
As per this (see attachments section)you've to append file: to your parameter value to be able to send the content of file as multipart/form-data

facebook api hide comment

I'm trying to hide a comment in a post in my page, i've tried:
curl -X "POST" -k "https://graph.facebook.com/v2.4/[comment_id]/?access_token=[access_token]&is_hidden=true"
as stated in the documentation, i am getting this response:
{"error":{"message":"(#210) Updating is_hidden requires a Page access token","type":"OAuthException","code":210}}
also i tried sending the parameters using --data in curl but it didn't work too
Edit:
Note: the token is a page access token
The following should work:
curl -XPOST \
-k \
-F 'is_hidden=true' \
-F 'access_token=[access_token]' \
https://graph.facebook.com/v2.4/[comment_id]
Also, check your access token to comply to
Permissions
A user access token with publish_actions permission is required to edit a comment posted by that user.
A page access token with publish_pages permission is required to edit a comment posted by that Page.
See
https://developers.facebook.com/docs/graph-api/reference/v2.4/comment#updating