I'm trying to use the Firebase REST API by creating an anonymous user by calling:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=[API_KEY].
No problem there, response (modified it abit for secrecy):
{
"kind": "identitytoolkit#SignupNewUserResponse",
"idToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjM0NTBiMGJhOWUzMTcyMmUwOTBlZDIxMzViY2RiN2MxNzdhMzJmMjcifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vZmlzaGluYy1hcHAiLCJwcm92aWRlcl9pZCI6ImFub255bW91cyIsImL1ZCI6ImZpc2hpbmMtYXBwIiwiYXV0aF90aW1lIjoxNTAzMDQ1NjY4LCJ1c2VyX2lkIjoiQ2hKRUJ3Vk5HeVA0NmtEQzA3d1VKMUJ3Y3Q3MyIsInN1YiI6IkNoSkVCd1ZOR3lQNDZrRENwN3dVSjFCd2N0NzMiLCJpYXQiOjE1MDMwNDU2NjgsImV4cCI6MTUwMzA0OTI2OCwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6e30sInNpZ25faW5fcHJvdmlkZXIiOiJhbm9ueW1vdXMifX0.jdMuPVGvMT6qZoxynpGMqURqg9zrVbPl1kXxmbHoglGgi9u1HHwQft5hhKIS3QbS87-rr5BcEitCu5seHcDlWl3rzEx87fctHmY4z-vDqUUKIqjKHfB0q04SbzBKVUvuUg9O-ACWMDLWFZ54U4ALK7kFdlBti3600kqw_4-UGURa2jIPpOse9f8HIz_qGaO_5kptjO6v4drLhY6PPH_h1kO4p1DITWt6pfdn_E_tAqXZgsCK3iKhu4bYUc2DgiUfR7q3dfzravQyz2nrpDN6S3Z_NdzxiKRuyasPr7kpeqxGaAPCYX84P_GL6r-EEFCcVeouRukRvloRpoezOSkeRg",
"refreshToken": "APRrRCIqIUK5BiJIjpIt-ZtSdvn6ybONtTccCPOzIWAxg9qsClqdR82vqYmb0TMS1xngpCvlbIzgTSDTycvSoSYgua1r-6RlAt83Z2jXKTAnGalAHQLsC_gpUeF7js9PWl8O8PP5KF64coel22pgysd39QwC2Z2yf6zJj7xoozF0eaLjmkyvzqs",
"expiresIn": "3600",
"localId": "ChJEBwVNGyP46kDC07wUJ1Bwct73"
}
I was under the impression that I've now got an "authed"/logged in user. And that I can read data from the Realtime DB by using the idToken (provided that the only rules are that the user is authed).
But this doesn't seems to be the case (receive "Unauthorized request.") , or am I missing something. After googling it seems that I need a custom backend to "convert" the idToken into an access token. Is that correct?
Uhhh. It seems the documentation is a bit confusing, which says:
Supported by all request types. Authenticates this request to allow
access to data protected by Firebase Realtime Database Rules. See the
REST authentication documentation for details.
curl
'https://[PROJECT_ID].firebaseio/users/jack/name.json?access_token=CREDENTIAL'
But using the access_token parameter is wrong (in my case at least), in which I needed to use "auth" instead.
So this will work:
curl 'https://[PROJECT_ID].firebaseio/users/jack/name.json?auth=myIdTokenHere'
Related
I need to configure Keycloak to get a JWT token as in this blog post, but I have to do it with cUrl. They create a client and then update it setting access type to confidential, Direct Grant Flow to direct grant, and Browser Flow to browser. The PUT request from the web UI that does this has some uuids that they seem to have pulled out of nowhere. Here is the relevant part of the payload:
"authenticationFlowBindingOverrides":{"browser":"6d77c4c7-15cf-4474-9b9f-7439dbc83b83","direct_grant":"5cb10cdb-9902-4f7f-b9da-68f887c49a75"}
The docs for the ClientRepresentation are no help. They show all fields are optional, which doesn't make sense, and the authenticationFlowBindingOverrides is a Map, but the link in their docs for the Map is dead.
Does anyone know where they get the uuids for browser and direct_grant from?
There is also nothing in the PUT payload that sets the Access Type to confidential.
If anyone has a cUrl implementation of the UI steps in the blog post that would be greatly appreciated.
The PUT request from the web UI that does this has some uuids that
they seem to pull out of nowhere.
Those uuids are generated by keycloak to get them you need to call the endpoint:
GET KEYCLOAK_HOST/auth/admin/realms/<YOUR_REALM>/authentication/flows
From the JSON response you need to parser it and get the field id of both the alias: "browser" and the alias: "direct grant".
After that call the endpoint:
PUT KEYCLOAK_HOST/auth/admin/realms/<YOUR_REALM>/clients/<YOUR_CLIENT_ID>
with the following payload:
'{"publicClient":false,"clientAuthenticatorType":"client-secret","authenticationFlowBindingOverrides":{"direct_grant":"<DIRECT_GRANT_ID>","browser":"<BROWSER_ID>"}}'
There is also nothing in the PUT payload that sets the Access Type to
confidential.
You need to set the field publicClient to false.
I few days ago I configured my AzureAd to get Id_Tokens for my app also with groupIds claims within the token.
Everything works fine, but if I add more than 5 groups to an user it fails because azure add the "hasgroups": "true" claims because token is to big to add it in the URL so I have to perform another request.
The point is that I am not be able to perform the request to then obtaining the groups. The token ID_TOKEN I have received is the following:
for the backend and front end azureAD filter this token is perfect and works fine
Then as it it said in the official Microsoft azure docs I have to perform another request to https://graph.microsoft.com/v1.0/users/{userID}/getMemberObjects
As you can see the aud claim is the same as my app client ID:
I am trying to perform the request with postman because I need it and this is the result
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"date": "2020-07-08T13:56:50",
"request-id": "6b2f3374-33e4-4a1a-9709-b8111cd2bc66"
}
}
}
As you can see the aud is not invalid because is the same as client_id
What am I doing wrong>? I have spent a lot of time dealing with that and I can't find the solution.
I have also tried with POST request and BODY
UPDATE
I found the problem, the problem was that I was using an id_token instead of a access_token. But for me ot would be ususer to be able to extract such information only by using id_token.
I still have a horrible inconvenience, because if you can only use access token I will have to change half the application because is only the front end which have access token and in backend I have aspects that were using id_token with the group information contained and did not need the access token at all .Now front end should have to add access token in every request header to be captured in backend to run son filters and aspects that are executed and require such information
Is it possible to get the same info but with id_token instead?
Instead of Get request use Post request for below query
Post https://graph.microsoft.com/v1.0/users/{userID}/getMemberObjects
{
"securityEnabledOnly": true
}
Please refer to this document
If you want to try with Graph explorer here is the link
I am new to .net-core and docker. The problem I am going to explain here is a bit tricky, but if you have any type of questions please do ask me and I will explain it more clearly.
So, I have a docker container running on my localhost for whatsapp business api, as explained in Whatsapp Business Api Documentation.
I have already downloaded Postman Collection of Whatsapp Business Api from Whatsapp Business Postman Collection.
Everything seems to be working perfectly fine. But now I want to call these pre-built apis with .net-core and get the responses. As I couldn't find anything good, or also as a newbie it's difficult for me to understand. So for some knowledge I would like to know How can I call them and get the effective response. For example, take an example of a post request for admin login
API:
{{URL}}/v1/users/login
Authorization -> (Basic Auth)
username: admin
password: ****
RESPONSE:
{
"users": [
{
"token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJpYXQiOjE1NTk5MTE1NTUsImV4cCI6MTU2MDUxNjM1NSwid2E6cmFuZCI6LTQxMzgyNDE0MjYwMDI5NjA1OTl9.PYAhEilXX3GDhRo0O-M0V0aXWfL5THJkG65LfIesxh4",
"expires_after": "2019-06-14 12:45:55+00:00"
}
],
"meta": {
"version": "v2.23.4",
"api_status": "stable"
}
}
the images for more explanation can be seen below in the request and response links.
The Login Authentication UI Image.
The Login Authentication Postman Image.
The Login Authentication Response New Password UI Image.
The Login Authentication Response Postman Image.
Now with this token I can create more users by other api calls.
How can I call an api like this and get the response with token and use that token for more functionalities or api calls with .netcore.
Thank you.
Your question is very broad, but in general, you want to create a service class where you inject a typed HttpClient instance (see: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-requests?view=aspnetcore-2.2#typed-clients).
The token can be stored on a private field or property in that service class. Then, just create a private method like GetTokenAsync in the service class, where you will either get the value from the field, or if it's null, then call the API to get it. All your other methods will then call GetTokenAsync to get the token they need, and make their own calls. Finally, inject the service class where you need it.
I'm a newbie to access with DropBox's Api (See: https://www.dropbox.com/developers-v1/core/docs#oauth2-methods). Now there's a problem rocking me——
1) I get an access_token successfully.
2) I wanna see the user's detailled info by directly calling "https://api.dropboxapi.com/1/account/info". However the result is:
{"error_description": "No auth function available for given request", "error": "invalid_request"}
It seems that I should give the address something to make sure that I'm already authenticated. But how? I didn't see anything in Documents……? Any where?
Thanks
The API uses OAuth 2, so you'll want to attach an "Authorization" header with the value "Bearer ACCESSTOKEN", where ACCESSTOKEN is the access token you obtained through the OAuth process.
https://github.com/merle-/silhouette-rest-seed
I am trying to use this as I don't want to use the scala.html template files, and this seemed to do exactly what I wanted. I can CURL to create a user and get a token, but I don't know what to do with the redirects when trying to authenticate with a social provider, such as Facebook. There don't seem to be any instructions, either. Any help would be appreciated.
The readme gets you to the point where you have signed up a user and with the credentials POST retrieved the X-Auth-Token.
After a little debugging you will submit a POST request to the auth/link route to associate the user with the returned X-Auth-Token with a social provider as in:
http :9000/auth/link/facebook 'accessToken=xxxxx' X-Auth-Token:tokenfromearlier
Note the syntax of httpie is specific and must use = for json and : for headers. You obtain accessToken from here: https://developers.facebook.com/tools/access_token/
This will return the following JSON:
{
"message": "link with social completed!",
"status": "ok"
}
Not yet sure how to accomplish the next step which is to invoke the
/auth/signin/facebook POST route as this requires the ID of the provider and I am still figuring out the fb graph access approach.