Set time limit to a Dockerhub authentication token - docker

In my script, my goal is to get a list of tags associated with an image from dockerhub. Currently, I do that by getting an authentication token by doing the following
curl -s -H "Content-Type: application/json" -X POST -d "{\"username\": \"$USERNAME\", \"password\": \"$PASSWORD\"}" https://hub.docker.com/v2/users/login/
I store the token in my Jenkins credentials and use it in my Groovy script as follows
curl -s -XGET -H 'Accept: application/json' -H 'Authorization: JWT $auth' https://hub.docker.com/v2/repositories/<REPO>/<IMAGE>/tags?page_size=1000 | jq -r '.results[].name'
The problem is that the token expires after one month (I didn't find any expiry related information in the offical docs) and I need to update the token in the Jenkins credentials after it expires.
The solution I think should work is to get the token at run time inside my script itself and use it directly. But because it will obtained every time at run time, I want the token to be alive for not more than 120 seconds.
Is there a way to set the time limit to the authentication token on dockerhub?

Related

How Get a 2 Legged Token Autodesk?

I need to get "Get a 2-Legged Token" verification for a read-only access to upload files entered by other users but I'm running into the following error:
{
"developerMessage": "The required parameter(s) client_id,client_secret,grant_type not present in the request",
"errorCode": "AUTH-008",
"more info": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"
}
I followed exactly the example on the site changing just my "client id" and my "client secret":
https://forge.autodesk.com/en/docs/oauth/v1/tutorials/get-2-legged-token/
can anybody help me?
The single quote is wrong format in header of curl.
Try this format
curl --location --request POST 'https://developer.api.autodesk.com/authentication/v1/authenticate' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=your_client_id_xxx' \
-d 'client_secret=your_client_secret_xxx' \
-d 'grant_type=client_credentials' \
-D 'scope=data:read'
It will be return access token
I am using Postman for HTTP call.
It is more convenient

Google Drive API - Invalid Credentials

I want to use a scripted approach (probably via) curl, to access some simple info from the drive api, like creation date. Essentially I want to script what I can do in their web interface: https://developers.google.com/drive/api/v3/reference/files/list.
I having been using a curl command that they expose in a query at the above link:
curl \
'https://www.googleapis.com/drive/v3/files?corpora=user&q=createdTime%20%3E%20%272021-11-23T12%3A00%3A00%27&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
I have created an API key for this purpose (unrestricted for now). And used this app to generate an access token: https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=735795831119-kcpkamhiaojavqrt67mti7thcaa6ce87.apps.googleusercontent.com
But I have spent hours chasing my tail over the 401 Invalid Credentials error. Any help on getting a more specific error message, or better way to do this seemingly simple query would be appreciated. Thanks!
The result of the link below is an Authorization code.
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=735795831119-kcpkamhiaojavqrt67mti7thcaa6ce87.apps.googleusercontent.com
You need to exchange it to https://accounts.google.com/o/oauth2/token to generate an Access Token:
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
The result of the curl above is something like this:
{
"access_token": "access token here",
"expires_in": 3599,
"refresh_token": "refresh token here",
"scope": "https://www.googleapis.com/auth/drive",
"token_type": "Bearer"
}
Now you have the access token, you can paste it in the code below alongside with your API key.
curl \
'https://www.googleapis.com/drive/v3/files?corpora=user&q=createdTime%20%3E%20%272021-11-23T12%3A00%3A00%27&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
Note:
Make sure you enable the Drive API in GCP
Application Client Id and Application Client Secret can be found after you created an OAuth 2.0 Client ID in GCP.
Reference:
DaImTo answer on How to connect to the Google Drive API using cURL.

Finding rate limit of docker loggged in user

This command works as expected and returns the rate limit of 100.
TOKEN=$(curl "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
curl -v -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest 2>&1 | grep RateLimit
But if I need to know the logged-in user rate limit, I try this command. It returns empty value.
TOKEN=$(curl --user 'user:PassWd' "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull" | jq -r .token)
I got these commands from official docker blog at:
https://www.docker.com/blog/checking-your-current-docker-pull-rate-limits-and-status/
I had a similar issue. For an anonymous user, I got a response with the limit. But when I tried for a specific user that has no limits, I received an empty response.
In your case, it's probably because there are no limits for the provided user.

Gerrit Authentication required

I'm working on some automation for Gerrit. I have used following API to check access
curl -X POST --digest -k --user username:password https://gitAccess/access/
But returns authentication required. Can you please help me
3 things to note as I was also getting an "unauthorized" when trying to access Gerrit APIs
Make sure you have your HTTP password. This is different from the
password you use to login to Gerrit. To get it, go to gerrit ->
click on your username -> Settings -> HTTP Password -> Click on
generate password. Use this password when making HTTP requests
Prefix /a to the endpoint URL as mentioned here. For example /changes becomes /a/changes when using authentication
Use the --digest option if you are using curl as mentioned here
Example
curl --digest -u <USERNAME> -i -H "Accept: application/json" "https://<GERRIT SERVER>/a/changes"
# curl will prompt you for the password. You can also do it as below
curl --digest --user <USERNAME:PASSWORD> -i -H "Accept: application/json" "https://<GERRIT SERVER>/a/changes"

Devise authentication fails on first attempt, succeeds afterwards

I'm using Devise (2.1.2) and Rails (3.2.9) and I've enabled basic authentication (for testing). I'm posting a JSON POST request using CURL and I'm seeing weird behavior. The authentication fails the first time I send the request (after server restart) but succeeds after sending the exact same request the second time.
When debugging, it seems that the winning_strategies are nil on the first attempt but populated with three strategies on the second attempt.
What is the cause of this behavior?
Try:
Authenticate:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X POST http://localhost:3000/users/sign_in \
-d "{'user' : { 'email' : 'test#example.com', 'password' : 'password'}}" \
-c cookie
Show:
curl -H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-X GET http://localhost:3000/pages/1.xml \
-b cookie
For post requests -
You need a CSRF token for non-GET requests in Rails 3 .
This is because Rails by default adds an authenticity token to forms to protect from malicious forgery of submitted parameters. As you do not supply this token with your request, rails does not accept it. You can bypass this with
skip_before_filter :verify_authenticity_token

Resources