I'm integrating jet.com APIs. the very first step is to generate token.
for this i need API user as username and secret as password.
don't know where to get API user and secret..
Example given:
https://developer.jet.com/security
You can retrieve your user and secret keys in the "API" Tab on the left hand nav of https://partner.jet.com/.
You can generate your token by serving a POST Request to https://merchant-api.jet.com/api/token with your secret and user.
Related
i'm pretty desperate right now. I'm trying to send GET request to my shopify shop and the authorization (Basic Auth) of the request is not working:
("errors": "[API] Invalid API key or access token (unrecognized login or wrong password)").
I just don't get it, which username and password do i have to use? Are the App Credentials (API key, API secret key) not right? If not, what's the right password and how do i get it?
Thanks in advance!
I have a requirement where I need to get an access token of a user.
I am aware of the admin username and password and hence can get the access token of the admin.
Is there any rest API that can provide me access token a user using the above data?
There are two ways to get access token. One with Rest client (keycloak Rest API) and other through java keycloak-admin-client library.
1. Keycloak Rest API:
URI: http://keycloak:8080/auth/realms/myrealm/protocol/openid-connect/token
Type: POST
Content-Type: application/x-www-form-urlencoded
grant_type:password
username:user
password:user_password
client_id:client_id
secret_id:client_secret
2. Keycloak admin client (JAVA)
Keycloak instance = Keycloak.getInstance("http://keycloak:8080/auth", "myrealm", "user", "user_password","client_id", "client_secret");
TokenManager tokenmanager = instance.tokenManager();
String accessToken = tokenmanager.getAccessTokenString();
I have the same requirement, however we dont want to pass this Clear Text Password in either of the above approach. We are thinking following approach but want suggesting if any best practices are already in place.
Step-1: Create a secured end point at server end to return token from Keycloak.
Step-2: While calling this end point first, Encrypt the password using some shared key at client end.
Step-3. At the receiving/server end decrypt the password with same shared key.
Step-4. Fetch the token from KeyCloak at server end and return it.
If there are any other better approach, we should follow.
At my company, we need to extract the roles of the logged in user from the REST API that Keycloak provides. We have looked through the Keycloak documentation but can't find the answers we are looking for. Let me explain the flow we want to implement: A user logs in to a client defined in Keycloak and receives a JWT which is stored in the applications web client. The user is not an admin in Keycloak. When the web client makes a request to the backend server, the backend server queries Keycloak for the user's roles. And, this is the point where we have trouble. We can't figure out the correct URL for the REST API or which token to add to the authentication header.
To summarize: we need help with the URL which is needed to query for user roles and what token to send to authorize against the API. I'm aware that the roles can be retrieved from the JWT, but we are afraid that the payload will become to big over time. A user may have multiple roles in different departments.
The roles should be in the JWT payload, this should be configured in the keycloak service. The flow should be something like this:
User is authenticated by the front end and the JWT token returned by keycloak is stored
The front end hits the back end including the token in the request header
The back end takes the token, validates it using the public key (the public key is provided by keycloak), if the token is valid, the roles are taken from the token payload and the authorization process is executed
I need to create an API for login for my website.
There can be 3 ways for a user to login:
via Username/Password combination
via Google+ Token and EmailId
via FB Token and EMailId
Should there be a single API for this or should all the above exist as separate APIs? The output for the Login API will always be a token that will be used to make further authenticated requests.
I think it's more a matter of taste. I'd have a generic ProviderAuthentication API endpoint that receives a token id and another Authentication API endpoint that receives username & password. But you can also aim towards REST level 1 and have some generic Login resource (that contains username, password, providerToken & token properties) to work with a generic Login API endpoint.
I want to create an app that will authenticate with my server using oauth.
My question is how will this work?
My client side will communicate using HTTPS with Facebook and get an Access Token. Then it should send it to my server side to authenticate? My server should save the token in the db? How it can validate the token?
how will this work. ?
When the client needs authorization to access some information about the user, the browser (user agent) redirects the resource owner to the OAuth authorization server. There, the user is faced with an authentication dialog (this dialog is not shown if the user is already authenticated), after which he or she is presented an authorization dialog explaining the permissions that the client is requesting, the information that it needs to access or the actions that it needs to do on his or her behalf.
Access Token should send it to my server side to authenticate? or server should save the token in the db?
From what you describe I'd suggest to use a server-side login flow.
-so that the token is already on your server, and doesn't need to be passed from the client. If you're using non-encrypted connections, this could be a security risk.
(after a user successfully signs in, send the user's ID token to your server using HTTPS. Then, on the server, verify the integrity of the ID token and retrieve the user's ID from the sub claim of the ID token. You can use user IDs transmitted in this way to safely identity the currently signed-in user on the backend.)
-See
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2#login
How to validate token ?
you can follow this link , you will get your step by step solution for an app.
Facebook access token server-side validation for iPhone app