My authorization token is:
oauth_token=""
,oauth_nonce="<unique id>"
,oauth_consumer_key="<consumerKey>"
,oauth_signature_method="HMAC-SHA1"
,oauth_timestamp="<epoch timestamp>"
,oauth_version="1.0"
,oauth_signature="<generated signature>"
(one line, but it has been formatted for legibility)
to generate the signature I run the algorithm using the following message:
POST&https://oauth.intuit.com/oauth/v1/get_request_token&oauth_token="",oauth_nonce="<unique id>",oauth_consumer_key="<consumerKey>",oauth_signature_method="HMAC-SHA1",oauth_timestamp="<epoch timestamp>",oauth_version="1.0"
against my OAuth Consumer Secret and an empty string, like:
"<consumerSecretKey>&<empty>"
, empty because I'm still requesting the access tokens.
then I do a POST
URL:
https://oauth.intuit.com/oauth/v1/get_request_token?oauth_callback=<myCallbackURL>
Header:
Authorization :OAuth <authorizationToken>
Body:
<authorizationToken>
After this rather get the request tokens I get an 401 Unauthorized error (oauth_problem=token_rejected)
Can you please assist?
The get request token call is a GET call.
This is a sample raw request/response-
GET https://oauth.intuit.com/oauth/v1/get_request_token?oauth_callback=oob&oauth_nonce=34562646-ab97-46e1-9aa7-f814d83ef9d1&oauth_consumer_key=qyprd7I5WvVgWDFnPoiBh1ejZn&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1392306961&oauth_version=1.0&oauth_signature=0EtvSnzsuumeyib2fiEcnSyu8%3D HTTP/1.1
Host: oauth.intuit.com
HTTP/1.1 200 OK
Date: Thu, 13 Feb 2014 15:56:03 GMT
Server: Apache
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 150
Connection: close
Content-Type: text/plain
oauth_token_secret=dXhHHMS1EfdrQ32UabOMscIRWt5bLJNX3ZKljjBc&oauth_callback_confirmed=true&oauth_token=qyprdbwXdWrAt0xM2NgkLlJ79yCp4I2SmDg7tahDBPjA6Wti
Related
I have successfully installed IBM Cloud Private 3.1.
All was working well. I could login to the ICP URL, but after rebooting, nothing works.
Now the URL says:
Unexpected response code 401 from request: GET
https://icp-management-ingress:8443/idmgmt/identity/api/v1/users/admin/getTeamResources?resourceType=namespace
HTTP/1.1 Accept: application/json Authorization: bearer *** HTTP/1.1
401 Server: openresty/1.11.2.4 Date: Wed, 07 Nov 2018 21:47:55 GMT
Content-Type: application/json; charset=utf-8 Transfer-Encoding:
chunked Connection: close Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN Strict-Transport-Security:
max-age=15552000; includeSubDomains X-Download-Options: noopen
X-Content-Type-Options: nosniff X-Dns-Prefetch-Control: off
{"error":{"statusCode":401,"name":"Error","message":"An error occurred
while accessing the kube services rest api"}}
When I try to login with cloudctl, I get this:
Cloudctl login
API endpoint: https://172.31.16.153:8443
Username> admin
Password>
Authenticating...
OK
Select an account:
1. Mycluster Account (id-mycluster-account)
Enter a number> 1
Targeted account mycluster Account (id-mycluster-account)
FAILED
Error response from server. Status code: 401; message: {"error":{"statusCode":401,"name":"Error","message":"An error occurred while accessing the kube services rest api"}}
And kubectl says there is no service for the common ones:
Kubectl get pods
Error: The server doesn't have a resource type "pods"
Kubectl get nodes
Error: The server doesn't have a resource type "nodes"
Kubectl get services
Error: The server doesn't have a resource type "services"
Kubectl get deployment
Error: The server doesn't have a resource type "deployment"
Any suggestions?
I have a question about authenticating to azure mobile management API, to send push informations to the API.
I well manage to authentify and receive a token bearer matching to the provided data (tenant id, client id, client secret...), but when I try to create a campaign, I receive the following response :
[2016-10-25 11:45:51] (::1) fail to send send request https://management.azure.com/subscriptions/fb8226dc-194f-4562-9dc9-c72f56bd728a/resourcegroups/MobileEngagement/providers/Microsoft.MobileEngagement/appcollections/XX-Collection/apps/XX-TEST-android/campaigns/announcements?api-version=2014-12-01
with {"name":"The Evian Championship 20... - 25/10/2016
11:45:50","type":"only_notif","deliveryTime":"any","pushMode":"one-shot","notificationTickerIcon":true,"notificationIcon":true,"notificationCloseable":true,"notificationSound":true,"notificationVibrate":false,"notificationTitle":"Soci\u00e9t\u00e9
G\u00e9n\u00e9rale","notificationMessage":"The Evian Championship
2016","actionUrl":"://webviews/main/build/events.html","notificationType":"system"}
| "HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-failure-cause: gateway
x-ms-request-id: 40e30675-2144-452a-9ab9-632a393d8783
x-ms-correlation-request-id: 40e30675-2144-452a-9ab9-632a393d8783
x-ms-routing-request-id: WESTEUROPE:20161025T094550Z:40e30675-2144-452a-9ab9-632a393d8783
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Tue, 25 Oct 2016 09:45:49 GMT
Connection: close
Content-Length: 281
{"error":{"code":"InvalidAuthenticationToken","message":"The received access token is not valid: at least one of the claims 'puid'
or 'altsecid' or 'oid' should be present. If you are accessing as
application please make sure service principal is properly created in
the tenant."}}" was returned
Here's the request :
POST
/subscriptions/fb8226dc-194f-4562-9dc9-c72f56bd728a/resourcegroups/MobileEngagement/providers/Microsoft.MobileEngagement/appcollections/XX-Collection/apps/XX-TEST-android/campaigns/announcements?api-version=2014-12-01
HTTP/1.1 Host: management.azure.com Authorization: bearer
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ikk2b0J3NFZ6QkhPcWxlR3JWMkFKZEE1RW1YYyIsImtpZCI6Ikk2b0J3NFZ6QkhPcWxlR3JWMkFKZEE1RW1YYyJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzRmNGFkYjA3LWU5OWQtNDg5NC04OGZjLTZkYzc4ODAzNDI3Zi8iLCJpYXQiOjE0NzczOTUxNzEsIm5iZiI6MTQ3NzM5NTE3MSwiZXhwIjoxNDc3Mzk5MDcxLCJhcHBpZCI6IjUzNzMyOTAwLTU2NGMtNGI2OS1hNGRhLTU0OTQ0ODVkYTFhNiIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzRmNGFkYjA3LWU5OWQtNDg5NC04OGZjLTZkYzc4ODAzNDI3Zi8iLCJ0aWQiOiI0ZjRhZGIwNy1lOTlkLTQ4OTQtODhmYy02ZGM3ODgwMzQyN2YiLCJ2ZXIiOiIxLjAifQ.WvWXETt9IFy_eX2Q8LlguTec9KA2TLgILUs10QULNMYgf1sHUpXdnRhDBqq5Foo_gwF_u2zl1NNYRLmdN3Q0IR3LPspiutAhC_KXvGXmJH2TtxTi9U2bt1Zvf5BsafHkxDdlDG6vymu-3O4cK9HQMu7l0XtPqzcEHcQny94xAq66_TSNa3FhZclwEBnaTI81B5g9NzvET10C0j8ZW0OsRNzc0-czS8RqtXulp1rkIEQc7VhTTDx9feSPi3BJlyhiKxUzfnEn8xUkfqlUEQuqyerqUoRIlbFvhhOT7Gjo6_WJN21Wn-23gcEchaRETWzYh-nTJSeKFzwA-mROOdmUzw
User-Agent: Guzzle/5.3.1 curl/7.50.0 PHP/5.6.25 Content-Length: 455
(note : I changed some characters in this displayed bearer by security reasons)
The (real) bearer was obtained requesting https://login.microsoftonline.com/{TENANT_ID}/oauth2/token, using this body :
grant_type=client_credentials&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&resource=https://management.azure.com/
Would you have an idea about the reason why the API returned this message ?
Thanks a lot !
The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant
It seems that your access token is not valid. I would suggest you follow with this article to get a new token then try again.
I'm using a java application the provide a REST interface for mongodb database called "RESTHeart"
When I make a normal GET request.
http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin
I get an auth token Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23, how can I use it subsequent requests?
Here is the full response
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
Auth-Token-Location: /_authtokens/admin
Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 109
Content-Type: application/hal+json
Date: Mon, 25 Apr 2016 14:22:22 GMT
X-Powered-By: restheart.org
{
"_links": {
"self": {
"href": "/_logic/roles/admin"
}
},
"authenticated": true,
"roles": [
"ADMIN"
]
}
I have tried the following:
http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23'
Response:
HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org
I'm not sure what I'm doing wrong here, any ideas?
with httpie you can simply do:
http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users
I found the solution for this question, all what I needed was to pass authorization header along with 'username:password' encoded in base64 format
http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='
Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request.
RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request.
Of course, it means you must secure your communications with HTTPS.
There's documentation on how the authentication process works in restheart at https://softinstigate.atlassian.net/wiki/x/JgDM
I am trying to pull back ratings from a user but am getting 401 unauthorized:
Request:
GET https://partner.api.beatsmusic.com/v1/api/users/<VALID USER ID RETREIVED USING ME ENDPOINT>/ratings?&offset=0&limit=20&access_token=<VALID ACCESS TOKEN USED TO GET USER ID> HTTP/1.1
Host: partner.api.beatsmusic.com
Connection: Keep-Alive
Response:
HTTP/1.1 401 Unauthorized
Content-Type: text/xml
Date: Mon, 14 Jul 2014 01:29:54 GMT
Server: Mashery Proxy
WWW-Authenticate: Bearer realm="partner.api.beatsmusic.com", error="invalid_token"
X-Mashery-Error-Code: ERR_403_NOT_AUTHORIZED
X-Mashery-Responder: prod-j-worker-us-west-1b-19.mashery.com
Content-Length: 23
Connection: keep-alive
<h1>Not Authorized</h1>
The access token is viable since I am able to use it to get other resources.
We were able to replace values in your URL and receive ratings. This is also a standard format: https://partner.api.beatsmusic.com/v1/api/users/[USERID]/ratings?access_token=[TOKEN]
I am trying to use the REST web services API from Google (Analytics) and I am getting a meaningless response instead of the expected data from Google Analytics.
Here is my request and the corresponding response:
GET /auth/analytics.readonly?ids=ga:12660456&start-date=2012-01-01&end-date=2012-02-02&metrics=ga:visits HTTP/1.1
Host: www.googleapis.com
Authorization: OAuth ya29.mytokenhere
HTTP/1.1 200 OK
status: 200
content-length: 18
x-xss-protection: 1; mode=block
content-location: https://www.googleapis.com/auth/analytics.readonly?ids=ga:12660456&start-date=2012-01-01&end-date=2012-02-02&metrics=ga:visits
x-content-type-options: nosniff
x-google-cache-control: remote-fetch
expires: Mon, 21 May 2012 19:52:57 GMT
server: GSE
via: HTTP/1.1 GWA
cache-control: private, max-age=0
date: Mon, 21 May 2012 19:52:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/plain
-content-encoding: gzip
analytics.readonly
Can anyone please help?
Regards,
OAuth isn't performed by requesting the auth scope URL, like you seem to be doing. The only reason the Google's auth scopes are URLs at all are (AFAIK) so that they can be guaranteed to be globally unique.
More details about how to do OAuth 2.0 with Google here: https://developers.google.com/accounts/docs/OAuth2