We have two Az servers (AS) in our env. for different user base. We are looking to onboard a new API app/ChatBot, which is expecting AS1 to just act as a reverse proxy/RP to get the Access Token from AS2 and present it to them.
How does one go about configuring AS1 as a hub and merely act as a pass thru?
Related
probably noob question, but I cannot find RinkebyETH token address on Rinkeby network. I would like to test approve/transferFrom with ETH, but I would need to use IERC20("token address").approve/transferFrom.
I have added Rinkeby network to MetaMask and some tokens, but I cannot find token contract address of those holding tokens in MetaMask.
Can someone point me somewhere :)
Thank you.
ETH is the native token on Rinkeby - it has no address. Since it has no address, and no contract deployed on this address, you cannot invoke contract functions on native ETH.
However, you can use the WETH (Wrapped Ether) token instead, which is an ERC20 token meant to represent ETH and you can invoke regular ERC20 functions (including approve() and transferFrom()) on this token. There might be multiple different tokens named WETH with the same or very similar functionality deployed (and possibly controlled) by different creators. For example Uniswap publishes a link in their docs to this specific WETH token that they're using on Rinkeby: 0xc778417E063141139Fce010982780140Aa0cD5Ab
I am trying to build a Custom Connector in the Power Platform to connect to the BMC Helix (formerly Remedy) system to create work orders and such. I am using OAuth2 and was given a callback URL, auth URL, token URL, client ID and client secret.
I went to create a connector from scratch. I populated the fields, but I wasn't sure what to put for the 'Refresh URL', so I used the token URL there too.
I am trying to accomplish testing this connector and my successful test would be to get a JWT from doing a POST to the /api/jwt/login endpoint of BMC Helix. It should return a JWT which I can use to make subsequent calls.
Upon testing this, I go to create a connection, but a window opens (which I believe should be a prompt for authentication), but instead it contains an error saying 'unauthorized_client' coming back from the BMC Helix system at the /rsso/oauth2/authorize endpoint. It also contains a property within the URL of redirect_uri = https://global.consent.azure-apim.net/redirect.
Is there something on the Helix side I need to further configure? Not sure why I am getting this....
It sounds like you need TWO METHODS in your connector. A POST to call the token server, a GET (or another POST) to call the API (using the token received from Call 1).
One approach I've successfully used in the past is:
Use Postman to get your token server call working with OAUTH
Then use Postman to get your subsequent API calls working with the token appended
Save both requests to a single Postman collection
Export the Postman collection (as a V1 (deprecated) if I recall correctly)
Import this collection into PowerApps Custom Connector (create new/import from Postman Collection)
You'll have to massage it a bit after import, but it will give you a good headstart and you're starting from a known-good place (working Postman calls)
Good luck!
I bought a nest thermostat as I thought it would be able to give me detailed data to showing the target temp and the actual as well as time etc. I needed this for various reasons.
However, it seems the official API "Works with Nest" was closed by Google. I've been able to get postman to ping the same location that the Google Nest Webapp hits and get back the data I need. I want to create a simple webapp to keep polling and save the data locally. However, I'm unable to find the OAuth Client Secret that the Nest Webapp uses to get the authorization code. I had to login via the webapp to get the code in one of the request and then test it out using postman.
Is there any other API that will allow my to poll this data for my Nest easier?
If there isn't another API, is there a way to get the Client ID and Client Secret form the Nest Webapp so I can drop that in mine to use? (I know its hacky, but am I think I'm out of options)
I'm trying to find a way to restrict the access to each of the buckets in my application. The goal is to prevent users to access objects from other buckets other than the one which is "assigned" to them.
In short the app assigns a bucket for every user to store objects within and I want to prevent users to access buckets which are not meant to be accessed by them.
I guess a request could look like this:
curl -v 'https://developer.api.autodesk.com/authentication/v1/authenticate'
-X 'POST'
-H 'Content-Type: application/x-www-form-urlencoded'
-d '
client_id=obQDn8P0GanGFQha4ngKKVWcxwyvFAGE&
client_secret=eUruM8HRyc7BAQ1e&
grant_type=client_credentials&
scope=data:read&
# I'm thinking for some parameter like this
bucket=CLIEN_SPECIFIC_BUCKET_ID
'
You should implement your own management layer of your app to manage user permissions to different buckets - per best practice user should not be exposed to app level access tokens to access the buckets themselves.
Forge cloud buckets to Forge app and not end users as it’s a development platform and operates on developer/application levels and rather than those of end users.
EDIT:
For Viewer you can go with an AOP approach and set up a proxy in your backend and delegate authentication to the proxy - you can redirect Viewer to send requests to your endpoints to retrieve resources and your backend can in turn authenticate and retrieve the resource from Forge services so that you won’t have to expose your access token to the users. Try:
Autodesk.Viewing.endpoint.setEndpointAndApi('https://yourhostname/your/proxy/service/path')
And you can add custom headers to Viewer’s requests to authenticate against your own app:
Autodesk.Viewing.endpoint.HTTP_REQUEST_HEADERS = {}
Alternatively you can download the derivatives to your own storage and load them from there - see here for details.
I have a Linux/Apache/Rails stack hosting a data service. The data service is basically a front end for multiple data sources, akin to a federated search.
Queries to the service are authenticated via PKI. When handling each request, the PKI must be forwarded to each data source appropriate for the given request - each data source uses the PKI to control data access.
I know how to access the requestor's DN from Rails, but I haven't the first clue how to access the PKI or pass it along in web requests launched by the controller when handling the request. Any suggestions?
Your description makes it a bit hard to follow the organization, but Ill try to give this a shot.
The nature of PKI makes forwarding (proxying) a connection impossible, since the two endpoints set up a secret session key known only to those parties. It seems like you have 3 parties, a Client, an Intermediate, and an Endpoint. So the client can authenticate to the intermediate, and the intermediate now knows with certainty who the client is. I think your question is how to get the endpoint to know with certainty who the client is. The method I would choose is to have each intermediate have its own certificate, and authenticate to the endpoint itself (so now the endpoint knows who the intermediate is with certainty) then just have the intermediate pass the DN as some extra field that the endpoint will trust from the intermediate.