I'am trying to make post to google map location by
accounts.locations.localPosts.create
Done steps
Set up credentials(https://console.cloud.google.com/ configuration )
Did successful steps OAuth 2.0 Playground Google developers
Step 1. Select & authorize APIs with https://www.googleapis.com/auth/business.manage(successful)
Step 2. Exchange authorization code for tokens (successful)
Step 3. Configure request to API POST https://mybusiness.googleapis.com/v4/Ch3JWaJf0g43zUARwtG3wplmUM/localPosts(404 Not Found)
POST https://mybusiness.googleapis.com/v4/My location/localPosts - (404 Not Found also if I use name of location)
Your resource path does not match the expected pattern - it should be https://mybusiness.googleapis.com/v4/accounts/{{LOCATION_GROUP_ID}}/locations/{{LOCATION_ID}}/localPosts
Related
As there is no available feature in MS Graph API to have access to MS Form responses (LINK), what's the code solution to have access to shared online MS Form responses?
I know the following available approaches:
Manually download the responses by clicking on Responses -> Open in Excel and then upload it to the target location (It's a completely manual process and could not be automated by a code script which is not desired at all in my case)
Share with a group first which gives me the option to have online access to the response file by clicking on Responses -> Open in Excel. This time it automatically creates an excel file in the group's OneDrive instead of downloading the file. Now I could read the excel file via MS Graph API. (This solution works but I need to share the Form with a group first and then manually click Responses -> Open in Excel to create the excel file)
Any thought that assists to have a complete code solution is appreciated
I would stick with the above approaches which you said above. In addition, you can consider using Microsoft Flow or Power automate to perform the above to automate the above approach. AFAIK i failed to see any Graph API exposed on this so far. Being said that i would suggest you can consider filing Microsoft Uservoice - so that they can consider implementing it. You upvoted the the uservoice as well.
I came up with this for what I needed recently. The documentation seems to be deliberately vague, so this may not work in the future. I used unofficial and official info from various sources on stackoverflow and MS documentation. There is an (undocumented) API to pull the responses but it requires an access token. In python you can use Microsoft's azure-identity package to get the token, then use it to request the form responses. Here's the outline:
the scope of authorization for an access token for MS Forms is: https://forms.office.com/.default
the endpoint for fetching the responses is: https://forms.office.com/formapi/api/{tenantid}/users/{userid}/light/forms('{formid}')/responses
where {tenantid} is the Azure Tenant ID, {userid} is the Azure user's Object ID, and {formid} is the id of the form (i.e. the id query parameter at the end of the form's URL). This URL requires an access token that entitles the requester to get the data.
use one of the Credential object types in azure.identity package and call its get_token(scope) method with the scope specified above to receive the token. Depending on which type you choose, you may need to login to Azure using az login, or a browser login, or use the current logged-in user's credentials.
Use the returned token as the Bearer token to authorize access to response endpoint (item 2 above)
Like this:
import os
import requests
from azure.identity import DefaultAzureCredential, InteractiveBrowserCredential, AzureCliCredential
# Use one of these credential objects to get an access token
cred = AzureCliCredential() # i.e. `az login`
# cred = InteractiveBrowserCredential()
# cred = DefaultAzureCredential()
# Request an access token with the following scope
scope = "https://forms.office.com/.default"
tok = cred.get_token(scope)
# print(tok)
# print(type(tok))
formid = os.getenv("FORMS_FORM_ID")
tenantid = os.getenv("FORMS_TENANT_ID")
userid = os.getenv("FORMS_ADMIN_ID")
url = f"https://forms.office.com/formapi/api/{tenantid}/users/{userid}/light/forms('{formid}')/responses?$expand=comments&$top=7&$skip=0"
# print(url)
# Provide the access token in the request header
headers = {"Authorization": f"Bearer {tok.token}"}
r = requests.get(url, headers=headers)
print(r.json())
On Postman, I can get new access token for OAuth2.0 by providing callback URL, auth URL and client ID.
I want to break this task down on JMeter because I cannot find this function there. From my understanding, it is divided into authenticate -> authorise -> call back.
Authenticate
URL = https://xxxxx/login
Result = Authorising URL
Authorise
URL = https://xxxxx/oauth/authorize?client_id=mmm&redirect_uri=https://yyyyy/auth/callback&response_type=code
Result = code (e.g. zzz)
Call back
URL = https://yyyyy/auth/callback?code=zzz
Result = token
As I used HTTP(S) Test Script Recorder on JMeter, I got the three actions mentioned above. When I reran them, it told me this error on Authenticate part: <oauth><error_description>Full authentication is required to access this resource</error_description><error>unauthorized</error></oauth>.
To make sure that it was not about the program I use, I did it on Postman and found this error as well.
I wonder how I can break OAuth2.0 Get New Access Token feature into basic API settings in order to get access token on Postman or JMeter.
Dont' compare these tools:
Postman is an Electron application, it's basically a heavily customised Chromium web browser + NodeJS
According to JMeter main page
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
If you can obtain the token using Postman you can just add HTTP Header Manager to your JMeter Test plan and configure it to send Authorization header with the value of Bearer YOUR_TOKEN_FROM_POSTMAN and JMeter should let you in.
After testing, I found that Postman's OAuth 2.0 Get New Access Token popped up a login page of targeted URL where I needed to fill in the username and the password so that the token could be obtained.
As I tried breaking down APIs required for this login, it required GET of that https://yyyyy and POST of that https://xxxxx/login. Click Send for POST, with username and password contained in form-data, then click Send for GET. The GET response would contain such the token.
However, just putting the aforementioned GET and POST APIs into one thread group did not work on JMeter. As I used HTTP(S) Test Script Recorder to no avail, I went with BlazeMeter and realised that it was using Transaction Controller containing 1) GET of https://yyyyy 2) POST of https://xxxxx/login. With these two arranged top-down, the job would be successful. The token was contained in the response of 2).
For now, this has been my discovery which answers my question.
Try BlazeMeter.
I would like to utilize the following API from Google: https://cloud.google.com/functions/docs/reference/rest/
I make a GET /v1/{name}/locations request to the endpoint and receive an HTTP 401 Error. This means I have not set up authentication.
For reference, here is the code I am running:
import requests
def list(project_id):
endpoint = 'https://cloudfunctions.googleapis.com/v1/projects/'
endpoint += project_id
endpoint += '/locations'
r = requests.get(endpoint)
return r
The documentation linked states that I am required to have one of the two following OAuth scopes:
https://www.googleapis.com/auth/cloudfunctions
https://www.googleapis.com/auth/cloud-platform
How do I acquire these scopes? I have already downloaded a credentials file and exported an environment variable as listed in the documentation here. I am currently not using these credentials anywhere, since it seems like a security risk to send a private key over plain text.
Could someone please explain how to turn this 401 Authentication Error into a 200 Success (or any other error)?
I am trying to do a request my Netsuite RESTlet using Alamofire (SWIFT) but I meet several difficulties:
In the documentation it's specify the different parameters needed (see below).
DOCUMENTATION:
An OAuth 1.0 RESTlet authorization header requires the data described in the following table. Some of these values can be obtained from the NetSuite UI. Other values must be calculated. Typically, your integration should include logic to identify these values and generate the finished header. Follow the OAuth 1.0 protocol to create the authorization header.
However in postman I am using extra parameters (consumer Secret and the Token Secret) and it's works if I remove them it doesn't works
To finish when i check the Authorization header generated by postman, I see only the specify parameters in the documentation :
OAuth realm="my realm",oauth_consumer_key="myConsumerKey",oauth_token="myAccessToken",
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1543488570",
oauth_nonce="ERxdLbUfkeh",oauth_version="1.0",oauth_signature="UeqmxAyeUqtPoICLo%2FARsQE8B1E%3D"
If someone can explain me this, I could implement TBA authentification in my Application but for now I need to understand better this authentification.
I also spend a few hours trying to make it work. In my case I wasn't adding the account ID to the realm param. Here a picture of what I ended with:
Here where you can get the account ID:
I hope it helps
The explanation of why the consumer secret and the token secret are needed by Postman to generate the token is shown in SuiteAnswer 42019 - as referenced in the Notes section beside oauth_signature in your screenshot above. From that page:
Sign the result string from step 5 using the consumer secret and token secret concatenated using '&' (For this case, HMAC-SHA1 or HMAC-256).
In other words, Postman uses the secrets to generate the output which authenticates your credentials - you cannot generate the oauth_signature correctly without them.
I ran into a lot of issues with NetSuite broken RESTlet/TBA connections as well. I did build this out in our software to help out customers. You can see the methods I used in the article below.
Using NetSuite TBA by Calling a RESTlet from an HTTP Source or Target
I have built an API in C# ASP.NET 5.
This is current the code library I use to generate and validate OAUTH tokens https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample
The logged in user calls my API (passing the Bearer token in the header) to retrieve their saved notes from my NoteController. In my NoteController I retrieve the userNo from the Auth token claims and retrieve the users notes from the database. If the user's Auth token is invalid then I send them back a HTTP 401.
I have added code in my Startup.cs to enable Authorization:
// Enable the use of an [Authorize("Bearer")] attribute on methods and classes to protect.
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build());
});
My problem: as good as the code library (ASPNETSelfCreatedTokenAuthExample) is, it does not provide an OAuth refresh token mechanism.
I have tried to find a decent library to replace the one I am currently using.
I want a library that uses refresh tokens etc.
I have looked at IdentityServer4 but the examples are just for generating tokens in a dedicated server
I don't quite understand what to do :(
Can someone point me in the right direction please?
Thanks
DONE IT!!! :D
found this amazing blog post
http://capesean.co.za/blog/asp-net-5-jwt-tokens/
It took me a few mins to get his source code to work.
I actually had to use someone's fork of the solution to get it to work
https://github.com/VoronFX/openiddict-test
My steps to get it to work:
1. Download https://github.com/VoronFX/openiddict-test
Next steps are copied from (https://github.com/openiddict/openiddict-core)
run these commands:
set DNX_UNSTABLE_FEED=https://www.myget.org/F/aspnetcidev/
dnvm upgrade -u
Update your project.json to import the OpenIddict package:
"dependencies": {
"OpenIddict": "1.0.0-*"
},
Direction -> If I would have such a task, probably I would get familiar with the official AspNetCore middleware and try to implement my own middleware based on the official OAuth middleware. Have a look here -> https://github.com/aspnet/Security/tree/dev/src/Microsoft.AspNetCore.Authentication.OAuth.
More authentication middlewares: https://github.com/aspnet/Security