I want to use a scripted approach (probably via) curl, to access some simple info from the drive api, like creation date. Essentially I want to script what I can do in their web interface: https://developers.google.com/drive/api/v3/reference/files/list.
I having been using a curl command that they expose in a query at the above link:
curl \
'https://www.googleapis.com/drive/v3/files?corpora=user&q=createdTime%20%3E%20%272021-11-23T12%3A00%3A00%27&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
I have created an API key for this purpose (unrestricted for now). And used this app to generate an access token: https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=735795831119-kcpkamhiaojavqrt67mti7thcaa6ce87.apps.googleusercontent.com
But I have spent hours chasing my tail over the 401 Invalid Credentials error. Any help on getting a more specific error message, or better way to do this seemingly simple query would be appreciated. Thanks!
The result of the link below is an Authorization code.
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=735795831119-kcpkamhiaojavqrt67mti7thcaa6ce87.apps.googleusercontent.com
You need to exchange it to https://accounts.google.com/o/oauth2/token to generate an Access Token:
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
The result of the curl above is something like this:
{
"access_token": "access token here",
"expires_in": 3599,
"refresh_token": "refresh token here",
"scope": "https://www.googleapis.com/auth/drive",
"token_type": "Bearer"
}
Now you have the access token, you can paste it in the code below alongside with your API key.
curl \
'https://www.googleapis.com/drive/v3/files?corpora=user&q=createdTime%20%3E%20%272021-11-23T12%3A00%3A00%27&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
Note:
Make sure you enable the Drive API in GCP
Application Client Id and Application Client Secret can be found after you created an OAuth 2.0 Client ID in GCP.
Reference:
DaImTo answer on How to connect to the Google Drive API using cURL.
Related
I need to get "Get a 2-Legged Token" verification for a read-only access to upload files entered by other users but I'm running into the following error:
{
"developerMessage": "The required parameter(s) client_id,client_secret,grant_type not present in the request",
"errorCode": "AUTH-008",
"more info": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"
}
I followed exactly the example on the site changing just my "client id" and my "client secret":
https://forge.autodesk.com/en/docs/oauth/v1/tutorials/get-2-legged-token/
can anybody help me?
The single quote is wrong format in header of curl.
Try this format
curl --location --request POST 'https://developer.api.autodesk.com/authentication/v1/authenticate' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=your_client_id_xxx' \
-d 'client_secret=your_client_secret_xxx' \
-d 'grant_type=client_credentials' \
-D 'scope=data:read'
It will be return access token
I am using Postman for HTTP call.
It is more convenient
What is the proper way to make client_id a mandatory param for password grant type?
Using this request I want to make client_id a mandatory value and let the OAuth2 framework to compare it with the result returned into the method loadClientByClientId
curl --location --request POST 'http://localhost:8080/engine/oauth/token' \
--header 'Authorization: Basic YWRtaW46cXdlcnR5' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=qwerty' \
--data-urlencode 'client_id=some_value' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=read_profile'
What is the best way to implement this?
You could try implementing a custom OAuth2RequestValidator with method validateScope(TokenRequest tokenRequest, ...) from the docs
Ensure that the client has requested a valid set of scopes.
which has access to TokenRequest.getRequestParameters()
EDIT
See also the docs for the TokenEndpoint
Clients must be authenticated (...) to access this endpoint, and the client id is extracted from the authentication token. (...)
I'm in the process of updating Keycloak straight from version 6.0.1 to 11.0.0, the db migration was successful and was able to login into admin console, however the token generation seems to be broken, I'm sending below curl to generate token
curl --location --request POST 'http://localhost:8480/auth/realms/test/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=testUser' \
--data-urlencode 'password=testPassword' \
--data-urlencode 'scope=testRole' \
--data-urlencode 'client_id=testService' \
--data-urlencode 'client_secret=testServiceSecret'
On sending above request Keycloak complains of Invalid Scopes: testRole, however I've verified the role and user role mappings are in place and this used to work well with Keycloak 6.0.1.
Just on side note, our clients are Full scoped, so it something that is causing issue? Or something else have got changed or is there a way to ignore invalid scopes altogether while generating token?
I'm trying to get token from Cloud Foundry. I'm getting token from cf oauth-token command but I try using curl its giving me an error:
{
"description": "Unknown request",
"error_code": "CF-NotFound",
"code": 10000
}
The Curl command I'm using:
curl 'https://<domian>/oauth/token' -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json
What am I doing wrong?
It depends on used flow. See doc: https://docs.cloudfoundry.org/api/uaa/version/4.31.0/index.html#authorization
First I got a token using curl command as shown here. Then used this token to authorize swagger and tried some endpoints, but all of them responded with
{
"status": 401,
"message": "Authentication failed",
"errorCode": 10,
"timestamp": 1490619586352
}
On server side I get this exception:
2017-03-27 13:31:16,149 [http-nio-0.0.0.0-8080-exec-9] ERROR o.t.s.s.s.m.token.RawAccessJwtToken - Invalid JWT Token io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: ��!L��ȉ
I also tried this with curl, with the same results, using this syntax:
curl -X GET --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'X-Authorization: MY_TOKEN' 'http://MY_SERVER:MY_PORT/api/tenants?limit=3'
where I changed MY_TOKEN, MY_SERVER and MY_PORT appropriately for my server.
It seems that a parameter(Bearer) was missing from one of the headers. It should be --header 'X-Authorization: Bearer MY_TOKEN'. When I added it the responses were as expected. So the complete command for curl is:
curl -X GET --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'X-Authorization: Bearer MY_TOKEN' 'http://MY_SERVER:MY_PORT/api/tenants?limit=3'