I do the following steps usiong the Bluemix CLI.
I issue bx login with my apikey
I issue bx sl init using my SoftLayer username and API Key from SoftLayer
I issue bx sl vlan list, I get the following response.
SoftLayer_Exception_EncryptedToken_InvalidToken: The token has
expired. (HTTP 500)
what Token has expired?
Repeat the softlayer login procedure.
bx sl init
This will repeat the login and create a new token.
If that somehow fails, remove ~/.bluemix/plugins/softlayer/config.json to force it to re-intialize.
Related
Based on the doc (https://learn.microsoft.com/en-us/rest/api/azure/devops/tokens/pats/update?view=azure-devops-rest-7.1&tabs=HTTP) provided by MS, i'm trying to update my Token expiration date through the api. I made a sample request using a full access token to authenticate and passing the authorizationId of the token i want to update in the body:
My sample request using Postman
And it keeps returning Error 403, I've checked my organization policies and tried by adding or removing parameters from body but it din't work.
I've also made another request to get the list of tokens on my organization with the same token authorization and api version and that went well.
According to your screenshot you are using the Basic Auth with PAT.
Please note that you must authenticate with an Azure AD token to use this API instead of a PAT token. In order to call the API directly, you need to provide an Azure AD access token as a Bearer token in Authorization header of your request. Please see Manage personal access tokens (PATs) using REST API and Q: Can I use basic auth with all Azure DevOps REST APIs? for details.
You can follow below steps to get the AAD Bearer token:
Install the Azure Az PowerShell module.
Login with a user account which has the permission in your DevOps org (Owner or PCA) with command Connect-AzAccount
1.) Alternately login from the cloud shell with command Connect-AzAccount -UseDeviceAuthentication, you will see the following message:
2.) Then copy the url https://microsoft.com/devicelogin and open in a new tap, enter the code IVR7VRWJQ to authenticate.
3.) Login with the Azure DevOps organization owner or other PCA account. After successful login you will see the account info, then follow below steps to get the Bearer Token.
Get the Bearer token:
$token = (Get-AzAccessToken -ResourceUrl "499b84ac-1321-427f-aa17-267ca6975798").Token
$token
Copy and use the token in script or Postman to update the PAT.
I'm trying to get the Tenant.Read.All and Tenant.ReadWrite.All scopes when authorizing with the PBI REST API but I can't figure it out. I can get a token using Postman that contains every other scope but the two required for Admin calls to the API. I'm not using a service principal, just signing in when Postman gets a new token.
due to the lack of INTROSPECT_ENDPOINT in azure AD, I am unable to validate the token.
How to validate the Azure Access token in Java?
Usually, the ADAL or the MSAL SDK will take care of it. But, you can still manually validate the access token you get. Here is the official tutorial: Validating tokens.
In summary, there would be 3 steps:
Get the kid in token header, and the tid in token payload.
Get all sign keys from https://login.microsoftonline.com/{tid_here}/discovery/v2.0/keys, and find the key with kid
x5c in the key is the public certificate. You can use it to verify the signature of a token.
I am trying to access my emails through Gmail API (through AWS lambda), using service account credentials. I do not have a GSuite account, so I cannot delegate domain-wide authority and impersonate my user#gmail.com account.
I resorted to Service account authorization without OAuth, using a signed JWT directly as a bearer token. [see]: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#jwt-auth
I also enabled all access to Gmail to the application and made service account an owner role in the console.
I am using google.auth.jwt module, but struggle to understand the documentation fully: [see docs]: https://google-auth.readthedocs.io/en/latest/reference/google.auth.jwt.html#module-google.auth.jwt
This is what I tried:
from googleapiclient.discovery import build
from httplib2 import Http
from google.auth import crypt
from google.auth import jwt
audience = 'https://mail.google.com/' ## full access scope
credentials = jwt.Credentials.from_service_account_file(
'credentials.json', audience=audience) # json credentials from api console - for service account
service = build('gmail', 'v1', credentials=credentials)
This gives me a 401 error:
googleapiclient.errors.HttpError: <HttpError 401 when requesting https://www.googleapis.com/gmail/v1/users/me/messages?alt=json returned "Invalid Credentials">
credentials object return appears as valid, with all necessary elements, however, I don't know how to make it "impersonate" my personal email.
Invalid credentails normally means that the credentials.json is not the correct type for the code you are using.
Make sure that you have downloaded the credentials.json for a service account.
I have a federated (corporate) id for IBM bluemix. I want non-browser access to a Bluemix client / API. I am trying to use this POST command (using curl) - POST http://iam.ng.bluemix.net/oidc/token ; but I get following error and message:
"errorCode":"BXNIM0608E"
"errorMessage":"You cannot authenticate with username and password, as you are a federated user"
Then I came across this post: https://developer.ibm.com/devops-services/2016/06/23/whats-federated-authentication-and-how-does-it-affect-me/
As mentioned at beginning of it, I need to use "IBM Bluemix Continuous Delivery" website (IBM Bluemix DevOps) to get the access token.
Can you please let me know where exactly on that website I can get the access token?
Regards,
Amit
It seems you need to follow the instructions for IAM at https://console.ng.bluemix.net/docs/iam/apikeys.html#manapikey
That's where you can generate your API keys. I then found instructions to use the key to login as mentioned in https://console.ng.bluemix.net/docs/cli/reference/cfcommands/index.html#cf_login
bash$ cf login -u apikey -p $API_TOKEN