403 error HTTP GET request to Jenkins build /api/json - jenkins

In Jenkins, I am trying to access the change set of a pipeline build by making a HTTP GET call. However I get a 403 error. Please note I am able to access this url in the browser so I know it exists and that the url is working.
The url I am trying to access is the "build url" and then appending "/api/json".
try {
def username = 'username'
def token = 'token'
def apiUrl = 'https://<jenkins-root>/job/<job-name>/<build-number>/api/json'
HttpURLConnection connection = (HttpURLConnection) new URL(apiUrl).openConnection()
def encoded = Base64.getEncoder().encodeToString((username+":"+token).getBytes("UTF-8"))
connection.setRequestProperty("Authorization", "Bearer " + token)
connection.setRequestProperty("Content-Type", "application/json")
def returnedData = connection.inputStream.text
} catch (Exception ex) {
println ex
}
When running the above code, I am getting the following error.
java.io.IOException: Server returned HTTP response code: 403 for URL: https://my-jenkins-build-url/api/json
Since it's 403 error, I can assume I am authenticated but somehow forbidden to access /api/json of the build? Does anyone have a working way of being able to access /api/json of a jenkins build using http call?

Related

GET request fails on electron but works when I run the URL which failed on the browser

I'm currently trying to get the authorization token from Okta using a GET request from my app using fetch API. The first step works well and I get the sessionToken. The next step requires me to pass this sessionToken in the url of a get request . Once this is done I should be getting an html object but what I instead get is a 404 message from the server on the console and the id_token embedded in the failed url which also is on the console. I have tried every possible fix and yet it doesn't seem to work.
async function getAccessToken(url = '', sessionID= ''){
const response = await fetch(url + sessionID);
return response
}
ON THE CONSOLE: Failed to load resource: the server responded with a status of 404 () the failed url with the id_token
When I copy this URL and run it in the browser it works. Response contains the callback url alone and I don't seem to have anyway to access the id_toke. Any way to access this id_ token would do for now.

http_request succeeds but Groovy code gets 401

I was using the HTTP Request Plugin to make an API call to my Bitbucket server.
The following call returns the desired result:
def my-url = "http://my-username:my-password#my-bitbucket-server.com:7990/rest/api/1.0/my-project/pull-request-10"
def response = http_request my-url
However, I had an issue with the HTTP Request Plugin, because it prints my password in plain text in the logs.
Therefore, I tried doing the same call from a groovy script:
def response = new URL(my-url).getText()
But for this I am getting a 401 server response.
Any idea why this time, the call fails?
You're trying to apply Basic auth using almost plain Java. You have to generate your auth key and attach it to the request headers. Try:
String addr = 'my-bitbucket-server.com:7990/rest/api/1.0/my-project/pull-request-10'
String authString = 'my-username:my-password'.getBytes().encodeBase64().toString()
def conn = addr.toURL().openConnection()
conn.setRequestProperty( "Authorization", "Basic ${authString}" )
def feed = new XmlSlurper().parseText( conn.content.text )
Hope this would help!

Sending OAuth token works in Postman but does not work in RestSharp

I tried to send a bearer token to an Auth0 API using Postman and it works perfectly.
I then tried the same using RestSharp (in c#) but it doesn't work at all.
Below is my code. I've tried many different formats but none of them work.. Is there any other way I can try to make it work?
var client = new RestClient("http://domain.auth0.com/api/v2/users");
RestRequest request = new RestRequest(Method.GET);
//request.AddHeader("authorization", "Bearer eyJhbGcJ9.eyJhdWQiOiJ6VU4hVWUE2.token");
//request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
//request.AddHeader("Accept", "application/json");
//RestClient client = new RestClient("http://domain.auth0.com");
//RestRequest request = new RestRequest("api/v2/users", Method.GET);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Accept", "application/json");
request.AddParameter("Authorization",
string.Format("Bearer " + "eyJhbGciOI1NiIsI9.eyJhdWQiOiWmVhTWpD2VycyI6eyJhY.token"),
ParameterType.HttpHeader);
//request.AddParameter("Authorization",
// String.Format("Bearer {0}", token),
//ParameterType.HttpHeader);
var response = client.Execute(request);
PS: the token was changed.
The problem is that you're using an HTTP URL. When you issue the first request the token is included, but you receive a redirect response informing that you should be calling the HTTPS endpoint.
Since RestSharp will not include the token in the second request performed automatically due to the first redirect response you get an unauthorized response.
You need to update the URL to be HTTPS which will prevent the redirect and as a consequence solve your problem. If you want to make multiple authenticated request using the same client you also change your code to be:
using RestSharp;
using RestSharp.Authenticators;
class Program
{
static void Main(string[] args)
{
// Use the HTTPS scheme
var client = new RestClient("https://[domain].auth0.com/api/v2/users");
client.Authenticator = new OAuth2AuthorizationRequestHeaderAuthenticator(
"eyJhbGciJIUz.eyJhdWQi4QW5OXhCNTNlNDdjIn0.vnzGPiWA", // Update the token
"Bearer");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
Console.WriteLine("{0}", response.StatusCode);
}
}
If you really need to handle redirects and still send the token, check: https://github.com/restsharp/RestSharp/issues/414

Can't get survey details from survey monkey

I've written a java code to get survey list and then details of those surveys from my account. I am able to get the list of survey IDs but not the details of the survey, using the same API key.
Here's the url constructed:
https://api.surveymonkey.net/v2/surveys/get_survey_details/?api_key=---API-KEY--- --data-binary '{"survey_id":"---SURVEY-ID---"}'
Error:
Server returned HTTP response code: 400 for URL: https://api.surveymonkey.net/v2/surveys/get_survey_details/?api_key=---API-KEY--- --data-binary '{"survey_id":"---SURVEY-ID---"}'
The connection is setup as a post request:
private void resetConnection(String url){
URL ourl;
try {
ourl = new URL(url.toString());
conn = (HttpURLConnection) ourl.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Authorization", "bearer " + SurveyMonkeyUrl.accessToken);
conn.setRequestProperty("Content-Type", "application/json");
} catch (Exception e) {
e.printStackTrace();
}
}
If I try the URL in the browser it shows:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<h1>Developer Inactive</h1>
Note that the first query is executing fine with the provided same api key and access token.

The remote server returned an error: (401) Unauthorized in NopCommerce

I have implemnted plugin in Nopcommerce 3.30.
That plugin's controller action method contains:
System.Net.HttpWebRequest objRequest = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(idiUrl);
objRequest.Method = "GET";
objRequest.ContentType = "application/x-www-form-urlencoded";
objRequest.AllowAutoRedirect = true;
objRequest.Credentials = CredentialCache.DefaultCredentials;
objRequest.KeepAlive = false;
objRequest.Timeout = 300000;
After this line,
System.Net.HttpWebResponse objResponse = (System.Net.HttpWebResponse)objRequest.GetResponse()
I get error i.e.,
The remote server returned an error: (401) Unauthorized.
The details for the log entry.
Full message: System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse()
Help me please to solve this issue.
Thanks.
What is idiUrl. Does it work if you visit the URL directly in browser? I think it requires authentication / authorization, and you did not provide that since you are using DefaultCredentials.

Resources