I need to create REST Assured api code using java for the below api configuration :
My Code is as below :
// First convert data table to the String map.
Map<String, String> map = tableData.asMap(String.class, String.class);
// We need headers params for this request. So first we are making headers params map for passing it to the request.
HashMap<String, String> header_params = new HashMap<>();
header_params.put("x-auth-token", getValueFromPropertyFile(PropertyFileKeys.X_AUTH_TOKEN));
// Add content type as form-data.
header_params.put("Content-Type", "application/json");
// Get the SIP Device number based on the customer id.
String sip_device_number = FaxerUsefullResource.getSIPDeviceNumberForCustomerAccount(admin_login_token,customer_id);
print("SIP Device number of customer account id : "+customer_id+" is : " + sip_device_number);
// Build the request specification.
RequestSpecification request_specification_builder = new RequestSpecBuilder()
// Set the Base Uri. Value of baseURL we are taking from the "config.properties" file.
.setBaseUri(getValueFromPropertyFile(PropertyFileKeys.BASE_URL))
// Set up the header params.
.addHeaders(header_params)
// Build entire request specification.
.build();
// Make the Request specification from the built request specification.
request_specification = given()
// Bind the built configuration with request.
.spec(request_specification_builder)
// Add form data parameter with values.
.formParam("id","1")
.formParam("token",admin_login_token)
.formParam("action","faxer_create")
.formParam("sip_device",sip_device_number)
.formParam("fax_number",map.get("fax_number"))
.formParam("fax_type",map.get("fax_type"))
.formParam("description",map.get("description"));
// Calling the request and store the response for further verification.
response = hit_https_request_and_return_response("FaxerAPI", API_method, request_specification);
But when run the code everytime i got the session issue. That i am logged out.
SIP Device number of customer account id : 412 is : 2540285577
Resource name : FaxerAPI
End point : /admin/faxer/
Request method: POST
Request URI: https://alpha.astppbilling.org/admin/faxer/
Proxy: <none>
Request params: <none>
Query params: <none>
Form params: id=1
token=OTlEckI5QjJBb3dCMy9vM0EwZDM2dz09
action=faxer_create
sip_device=2540285577
fax_number=0001
fax_type=1
description=APIAutomationDescription
Path params: <none>
Headers: x-auth-token=PRLgav3UWUAkh5OAL6zL6EizBuRm37Ok
Accept=*/*
Content-Type=application/json
Cookies: <none>
Multiparts: <none>
Body: <none>
HTTP/1.1 400
Server: nginx/1.18.0
Date: Wed, 09 Nov 2022 06:16:10 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ITPLATPci_session=a%3A0%3A%7B%7D; expires=Tue, 09-Nov-2021 16:16:10 GMT; Max-Age=0; path=/
Set-Cookie: ITPLATPci_session=B2ECYFUzBGkHeABzUTUFOAM7Vj4HJVEgUmJQJQIlAm0GNFNtBAxRalEyVC4BaQAkAD4AM1Q4ADZWfF1tUWACNFdkUm0FNwEzAWxTNwM1UTIHOQI5VTcEZAc0AGZRPwU6Az9WMgc%2BUTVSY1BvAm8CYgZvU2IEYlFlUWFULgFpACQAPgAxVDoANlZ8XWZRIQJfV2NSMAU1AXUBOVNwAydRIQc7AilVPARiBzcAOlEtBTgDOlYzBylRYVI1UGUCeAIyBm9TLQRiUTpRZVQuAWkAJAA%2BADFUOgA2VnxdelEiAmVXcFILBTABYAE5U20DIFEhBzsCKVU8BGAHOgA6US0FSAN7VmUHZFE7UmJQewIeAnAGL1NzBBBRb1E%2FVGkBPAAjACsANFQkADlWcF0%2BUWICIFcqUh4FMAFxAT1TLANlUTIHLgJqVSgEYgcwAClRLQUyA3hWPgc2UWBSPVB0AjoCZQYoU3cEDFFiUTVUeAE7ACEAbQB0VHMALlZlXWZRawIxVzRSYgVmAT4Ba1M3A2FRNAcwAmFVdQRpBzoAOlEtBXwDeFZhB3VRDFJjUDcCIgJlBnlTOAQgUTlRZlQ2AXAAdQA%2FAH0%3D; expires=Wed, 09-Nov-2022 08:16:10 GMT; Max-Age=7200; path=/
Set-Cookie: ITPLATPci_session=AWdXNVYxCmdQLwR3UjYHOggwUztRc1EgUGBWIw0qUD9dbwE%2FBw8FPlEyWSNaMgouBTsAM1Y6BzECKFRkBzYHMQo5CjUENlFjVDkBZQE3DG8BP1dsVjQKalBjBGJSPAc4CDRTN1FoUTVQYVZpDWBQMF00ATAHYQUxUWFZI1oyCi4FOwAxVjgHMQIoVG8HdwdaCj4KaAQ0USVUbAEiASUMfAE9V3xWPwpsUGAEPlIuBzoIMVM2UX9RYVA3VmMNd1BgXTQBfwdhBW5RZVkjWjIKLgU7ADFWOAcxAihUcwd0B2AKLQpTBDFRMFRsAT8BIgx8AT1XfFY%2FCm5QbQQ%2BUi4HSghwU2BRMlE7UGBWfQ0RUCJddAEhBxMFO1E%2FWWRaZwopBS4ANFYmBz4CJFQ3BzQHJQp3CkYEMVEhVGgBfgFnDG8BKFc%2FVisKbFBnBC1SLgcwCHNTO1FgUWBQP1ZyDTVQN11zASUHDwU2UTVZdVpgCisFaAB0VnEHKQIxVG8HPQc0CmkKOgRnUW5UPgFlAWMMaQE2VzRWeA%3D%3D; expires=Wed, 09-Nov-2022 08:16:10 GMT; Max-Age=7200; path=/
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Last-Modified: Wed, 09 Nov 2022 06:16:10 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
{
"status": false,
"error": "You are already logged out. Please login again",
"response_code": 400
}
How can i resolved this ?
Try changing the content-type header to 'application/x-www-form-urlencoded' instead of 'application/json'
You can also check this article for more details: https://www.baeldung.com/postman-form-data-raw-x-www-form-urlencoded
Related
In php you can retrive only headers without body
function UR_exists($url){
$headers=get_headers($url);
return stripos($headers[0],"200 OK")?true:false;
}
How I can do this in dart?
Maybe some of http.get() with anyone parameters in headers can help?
You could get the headers this way:
final response = await http.get(yourUri, headers: {'method': 'HEAD'});
print(response.headers);
If you want, you can of course wrap that in a function that only returns the headers, so it will be similar to the command you are used to. Something like this (you would have to make it more robust for handling errors, failed requests etc...):
Future<Map<String, String>> getHeaders(Uri uri) async {
return (await http.get(uri, headers: {'method': 'HEAD'})).headers;
}
So running it like this:
print(await getHeaders(Uri.parse('http://www.google.com')));
Will print (in my case):
{set-cookie: AEC=datadatadata; expires=Wed, 10-May-2023 13:17:58 GMT;
path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax,
cache-control: private, max-age=0, date: Fri, 11 Nov 2022 13:17:58
GMT, content-encoding: gzip, content-length: 6747, x-frame-options:
SAMEORIGIN, content-type: text/html; charset=ISO-8859-1,
x-xss-protection: 0, server: gws, expires: -1}
I implemented the outlook REST api on my Rails app following this official tutorial: https://dev.outlook.com/restapi/tutorial/ruby
By the way, it needs to be updated. Outlook now requires more permissions ('profile') to get the email of the user in the auth controller:
SCOPES = [ 'openid', 'profile', 'https://outlook.office.com/mail.read' ]
Anyhow, I am storing the email and token after authenticating, but that token is very short lived. I need a way to permanently store authentication for the user.
When I run things as suggested and want to get the emails the response is:
...
response_headers: !ruby/hash-with-ivars:Faraday::Utils::Headers
elements:
content-length: '0'
server: Microsoft-IIS/8.5
set-cookie: exchangecookie=afaeef5a8a6747aab24dad1ddb97a8fb; expires=Fri, 16-Jun-2017
00:07:54 GMT; path=/; HttpOnly
www-authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000#*",
token_types="app_asserted_user_v1 service_asserted_app_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize",
error="invalid_token",Basic Realm="",Basic Realm=""
request-id: c59488ab-62b5-4a9f-a3f5-43bda739c9ab
x-calculatedbetarget: BLUPR07MB260.namprd07.prod.outlook.com
x-backendhttpstatus: '401'
x-ms-diagnostics: '2000010;reason="ErrorCode: ''PP_E_RPS_REASON_TIMEWINDOW_EXPIRED''.
Message: ''Failed the Validate call, reason: Time window expired.%0d%0a''";error_category="invalid_msa_ticket"'
x-diaginfo: BLUPR07MB260
x-beserver: BLUPR07MB260
x-powered-by: ASP.NET
x-feserver: BN3PR16CA0057
x-msedge-ref: 'Ref A: 3E2E02429DE244F7A738A7BE6CF9E06B Ref B: CAA6321D024D5B725BA8FFE7DAC85411
Ref C: Wed Jun 15 17:07:54 2016 PST'
date: Thu, 16 Jun 2016 00:07:54 GMT
connection: close
ivars:
:#names:
content-length: content-length
server: server
set-cookie: set-cookie
www-authenticate: www-authenticate
request-id: request-id
x-calculatedbetarget: x-calculatedbetarget
x-backendhttpstatus: x-backendhttpstatus
x-ms-diagnostics: x-ms-diagnostics
x-diaginfo: x-diaginfo
x-beserver: x-beserver
x-powered-by: x-powered-by
x-feserver: x-feserver
x-msedge-ref: x-msedge-ref
date: date
connection: connection
status: 401
How do I adjust this code to store a permanent token?
OK< I found a few answers on StackOverflow for different stacks. I would normally delete my post, but for Rails developer who may need this, the answer to my questions is simply adding 'offline_access' to SCOPES = [ 'openid', 'profile', 'offline_access', 'https://outlook.office.com/mail.read' ]
When using httpClient to connect to twitter I Always get this response
responseString{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version:
1.1, Content:System.Net.Http.StreamContent, Headers: { strict-transport-security: max-age=631138519 Date: Fri, 31 Jan 2014
00:35:10 UTC Set-Cookie: guest_id=v1%3A139112851013762159;
Domain=.twitter.com; Path=/; Expires=Sun, 31-Jan-2016 00:35:10 UTC
Server: tfe Content-Length: 63 Content-Type: application/json;
charset=utf-8 } }
System.Net.Http.HttpResponseMessage
I googled
strict-transport-security: max-age
found people suggested to change the access setting of the twitter app to Read, Write and Access direct messages, i Did so but nothing changed , so if any one faced the same problem or any body has suggestions , it would be appreciated
There are multiple reasons this might happen. I have this question on the LINQ to Twitter FAQ with several suggestions on how to debug:
https://linqtotwitter.codeplex.com/wikipage?title=LINQ%20to%20Twitter%20FAQ
I don't know what I do wrong, but everytime I tried to obtain the token (after user authentication of course), the result is always Invalid grant_type parameter or parameter missing
Possibly related to Box API always returns invalid grant_type parameter on obtaining access token
Here is my fiddler result:
POST https://api.box.com/oauth2/token HTTP/1.1
Host: api.box.com
Content-Length: 157
Expect: 100-continue
Connection: Keep-Alive
grant_type=authorization_code&code=nnqtYcoik7cjtHQYyn3Af8uk4LG3rYYh&client_id=[myclientId]&client_secret=[mysecret]
Result:
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 07 Mar 2013 11:18:36 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: box_visitor_id=5138778bf12a01.27393131; expires=Fri, 07-Mar-2014 11:18:35 GMT; path=/; domain=.box.com
Set-Cookie: country_code=US; expires=Mon, 06-May-2013 11:18:36 GMT; path=/
Cache-Control: no-store
Content-Length: 99
{"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}
Even following the curl example gives the same error. Any help would be appreciated.
Edit: tried with additional redirect_uri params but still the same error
POST https://api.box.com/oauth2/token HTTP/1.1
Content-Type: application/json; charset=UTF-8
Host: api.box.com
Content-Length: 187
Expect: 100-continue
Connection: Keep-Alive
grant_type=authorization_code&code=R3JxS7UPm8Gjc0y7YLj9qxifdzBYzLOZ&client_id=*****&client_secret=*****&redirect_uri=http://localhost
Result:
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 09 Mar 2013 00:46:38 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: box_visitor_id=513a866ec5cfe0.48604831; expires=Sun, 09-Mar-2014 00:46:38 GMT; path=/; domain=.box.com
Set-Cookie: country_code=US; expires=Wed, 08-May-2013 00:46:38 GMT; path=/
Cache-Control: no-store
Content-Length: 99
{"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}
Looks like Box requires a correct Content-Type: application/x-www-form-urlencoded request header in addition to properly URL encoding the parameters. The same seems to apply to refresh and revoke requests.
Also, per RFC 6749, the redirect_uri is only
REQUIRED, if the "redirect_uri" parameter was included in the authorization request
as described in Section 4.1.1, and their values MUST be identical.
I was facing a similar issue.
The problem is not with Content-Type.
The issue is with the lifecycle of code you receive.
One key aspect not mentioned in most places is that the code you get on redirect lasts only 30 seconds.
To get the access token and refresh token, you have to make the post request in 30 seconds or less.
If you fail to do that, you get the stated error. I found the info here.
Below code worked for me. Keep in mind, the 30-second rule.
import requests
url = 'https://api.box.com/oauth2/token'
data = [
('grant_type', 'authorization_code'),
('client_id', 'YOUR_CLIENT_ID'),
('client_secret', 'YOUR_CLIENT_SECRET'),
('code', 'XXXXXX'),
]
response = requests.post(url, data=data)
print(response.content)
Hope that helps.
You are missing the redirect URI parameter. Try:
POST https://api.box.com/oauth2/token HTTP/1.1
Host: api.box.com
Content-Length: 157
Expect: 100-continue
Connection: Keep-Alive
grant_type=authorization_code&code=nnqtYcoik7cjtHQYyn3Af8uk4LG3rYYh&client_id=[myclientId]&client_secret=[mysecret]&redirect_uri=[your-redirect-uri]
I have also face same issue implementing oauth2. I have add Content-Type: application/x-www-form-urlencoded. When I add content-type my issue solved.
Check and add valid content-type.
Not sure who might need this in the future but be sure you're sending a POST request to get the access token and not trying to retrieve it by using GET or if you're testing- pasting in the address bar won't work, you need to send a POST request with the data in the BODY and not as query parameter.
Also the code usually lasts for a few seconds, so you need to use it as soon as its sent back.
I am using JBoss 7.1 and have secured my web application with Basic authentication but I want only the first call to require the Basic authentication header, sequent calls should use the jsessionid for authentication. How to accomplish this?
So far I have created a rest servlet enforcing the creation of a session with a call to request.getSession()
#Path("/rest/HelloWorld")
public class HelloWorld {
#GET()
#Produces("text/plain")
public String sayHello(#Context HttpServletResponse response,
#Context HttpServletRequest request) {
HttpSession session = request.getSession();
return "Hello World! " + request.getUserPrincipal().getName();
}
My idea was that any other calls should only require the jsessionid cookie, but when looking in fiddler I see that the first call is behaving as expected. First you get a 401 and the client is re-sending including the basic authorization header and a jsessionid is returned. On the second call the jsessionid cookie is included but I still get an 401 that triggers the client to re-send the Basic authorization header.
This is the returned headers from the successful authenticated first call.
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
Set-Cookie: JSESSIONID=AFDFl2etiUNkn-mpM+DXr3KE; Path=/Test
Content-Type: text/plain
Content-Length: 18
Date: Tue, 29 Jan 2013 09:12:48 GMT
Hello World! test1
when I make a second call the jsessionid is included
GET /Test/index.html HTTP/1.1
Host: cwl-rickard:8080
Cookie: JSESSIONID=AFDFl2etiUNkn-mpM+DXr3KE
and I am getting a 401 enforcing the client to re-send the request including the basic authorization header.
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Basic realm="ApplicationRealm"
Content-Type: text/html;charset=utf-8
Content-Length: 958
Date: Tue, 29 Jan 2013 09:12:48 GMT
Any ideas what I am missing.