I try to use OAuth 2.0 to Access Google APIs (Google Analytics API v4) in Apache Nifi.
I using Service Account basing on this document: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
There is one specific moment if using OAuth 2.0 for Service Account (Google API):
These service-account scenarios require creating and cryptographically signing JSON Web Tokens (JWTs).
The best example of OAuth access will be using NiFi + JWT:
Create a JWT
Request an access token from the Google OAuth 2.0 Authorization Server
Handle the JSON response from Authorization Server
Point 1 (about JWT) is most interesting.
Are there any examples of already implemented flows exactly For Google Analytics?
Thanks
I don't know of any specifically for Google Analytics, but there are plenty of examples of OAuth 1.0/2.0 access using Apache NiFi. In general, you will use the InvokeHTTP processor to perform GET/POST/etc. HTTP operations against the remote endpoint.
Without specifying an issue you are encountering, I would suggest you read these articles:
HCC: Using GetHTTP for Salesforce Integration with OAuth2.0 authentication parameter
OAuth 1.0A with Apache NiFi (Twitter API example)
How to set Twitter OAuth attributes to InvokeHttp processor for fetching twitter user profiles
NiFi OAuth 2.0 Template
Google Vision & Apache NiFi - Making Advanced Computer Vision Feasible
Related
I’m trying to setup authentication & authorization for my Express based Node JS, REST API with azure AD. I’m not sure if that is possible without 3rd party libraries like Auth0.
API will be invoked from both client side (react, angular) & server side(asp.net, RPA) applications. I’d appreciate if you can share some tips on the architecture, examples and where authentication and authorization can be done. I think authentication will happen in the front-end(????).
End of the day I need these apis to be invoked only by authorized applications, users and I should be able to identify user’s invoking these apis.
you can get your NodeJS apis protected with Azure AD. To achieve this, you can either use MSAL-Node or Passport-Azure-AD libraries. Once these APIs get protected by AAD, any front-end apps or back-end services calling your AAD protected APIs must fetch an access-token from AAD first and then use that access-token as bearer and call the AAD-protected APIs.
To get you started, you can refer to the following quickstart guides for both the libraries:
Quickstart guide for MSAL-Node: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-webapp-msal
Quickstart guide for Passport-Azure-AD: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-webapp
I'm not using the enterprise edition Dialogflow but I still can't see the developer and client access tokens.
I'm creating my own custom integration and I have been using the client access token that I could see in the General settings. Now both the client and developer access tokens aren't there.
Dialogflow v2 no longer uses developer/client access tokens. Those were for v1 only.
You need to setup authentication and download private keys now to access the API endpoints.
Is it possible to authenticate and get the access token only using CLI? I don't have a browser (for the OAuth2 consent part) and i need to authenticate and request resources using the REST API.
The short answer is no. Google OAuth for User Credentials is performed by a web browser.
If you also have a Google Cloud account, there are ways to create OAuth Access Tokens, but these are short-lived (3600 seconds). Then there is G Suite Domain-Wide delegation that uses a Google Cloud Service Account.
I wrote an article on how to do OAuth using curl but this still requires a web browser, but you can save the tokens and use on a remote device. link.
I am trying to publish SOAP APIs in WSO2 using the endpoint security scheme. I am using it as basic authorization and putting in credentials, but it seems to not be calling the backend API with those creds. Right now I can as a workaround pass in the basic auth headers myself, along with an Oauth2 token (in the header) to hit the published API in the store.
Am I just going about this wrong?
Using WSO2 API Manager 1.6
EDIT: I have replicated this issue in WSO2 API MANAGER 1.8. Viewing the packets in wireshark, it is making the request without adding the authorization. Restful calls with embedded authentication on the WSO2 layer seem to be working fine.
You can publish SOAP/REST APi's in WSO2 API Manager. You need to pass in the username password, along with the Authorization header which is base64 encoding (consumer key:consumer secret), You can follow the blog post [1] on how to consume a SOAP API & [2] for more information on tokens.
[1] http://charithaka.blogspot.com/2012/07/consuming-soap-service-using-wso2-api.html
[2] http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html
The above blog [1] &[2] refers to a API Manager older release, hence you will need to refer to WSO2 API manager 1.6 releases documents [3] for API key generation etc.. However, to find out how to publish SOAP API's you could use the blog pointed out.
[3] https://docs.wso2.com/display/AM160
We are migrating our Google Apps Marketplace Apps to OAuth2 authentication.
We have figured out some of difference in migration process such as replace OAuth1 two-legged authentication with Service Account OAuth2 strategy to impersonate domain and perform some background task.
In our current OAuth1 apps we have some queries to customerLicense service to check if some domain removed our App from Marketplace.
I have seen this is not possible to do with OAuth2 by the moment. Is there any Service with Service Account OAuth2 that replace this mechanism to check customerLicense for a specific Application?
Since I am using only service account keys I have not found documentation about how to consume this API with these type of credentials. In fact documentation says only Oaurh two legged keys are able to consume this API.
Can you send me some link where I can read about consuming this API with service account Keys?
Best,
You should be able to use the same API with OAuth2. If there are any issues please let us know.