I am trying to get current_user but non the user is authenticated by header on API request.
Header include access-token, client and uid but it doesn't authenticate and shows following errors:
For reference please check this repo
Filter chain halted as :authenticate_user! rendered or redirected
Completed 401 Unauthorized in 398625ms (Views: 0.3ms | ActiveRecord: 2.6ms | Allocations: 1598457)
Response:
{
"errors": [
"You need to sign in or sign up before continuing."
]
}
Header Response on sign_in:
Request for profile, demo endpoint
curl --location --request GET 'http://localhost:3000/tweets' \
--header 'client: TeS-DWwybwxqh9l3ZMn__A' \
--header 'uid: sahsantoshh#gmail.com' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer e1tO5DawJq0iISdsgOk-fg'
The request was missing with access-token and expiry
Actual Request is
curl --location --request GET 'http://localhost:3000/tweets' \
--header 'Content-Type: application/json' \
--header 'client: TeS-DWwybwxqh9l3ZMn__A' \
--header 'uid: sahsantoshh#gmail.com' \
--header 'expiry: 1616149988' \
--header 'access-token: sjdinlkiijklnlaosihda' \
Related
All, I am using REST API to add bitbucket branch URL into SAST scanner. When sending the REST API from postman, getting error message: "Failure occurred during GIT Browsing". The curl is:
curl --location --request POST 'http://<host name/IP>/cxrestapi/projects/{projectId}/sourceCode/remoteSettings/git' --header 'Authorization: Bearer --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'url=https://bitbucket.org//.git'
--data-urlencode 'branch=refs/heads/master' --data-urlencode 'username=' --data-urlencode 'password='
If I do the same for public Github (https://github.com//.git), curl works fine. Any suggestion is appreciated.
We try to exchange 'Sign in with apple' between 2 teams, we proceed as follows:
The old team generates a transfer_sub for the new team, the request (https://developer.apple.com/documentation/sign_in_with_apple/transferring_your_apps_and_users_to_another_team) here looks like this:
curl -sS --location --request POST "https://appleid.apple.com/auth/usermigrationinfo" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
-d "sub=$oldUserSub&target=$newTeamId&client_id=$oldAppBundleID&client_secret=$oldSecret"
This works perfectly, the old team receives a transfer_sub and gives it to the new team.
{"transfer_sub":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}
The new team gets the new ID with the following request (https://developer.apple.com/documentation/sign_in_with_apple/bringing_new_apps_and_users_into_your_team):
curl -sS --location --request POST "https://appleid.apple.com/auth/usermigrationinfo" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
-d "transfer_sub=$transferSubFromOldTeam&client_id=$newAppBundleID&client_secret=$newSecret"
Unfortunately this does not work because there is an error return:
{"error":"invalid_request"}
Does anyone have an idea what to do to make the relegation valid?
Have you already transferred your app?
The same issue has already been resolved in the Developer Forums.
Referring to here may resolve this issue.
The answer says:
You cannot use the api "/auth/usermigrationinfo" of the URL before app transfer.
So, If you haven't transferred your app yet, you have to complete your app transfer first. Then the new team will be able to get the new ID with the following request:
curl -sS --location --request POST "https://appleid.apple.com/auth/usermigrationinfo" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
-d "transfer_sub=$transferSubFromOldTeam&client_id=$newAppBundleID&client_secret=$newSecret"
Trying to use the reminders.app to post reminders via curl.
Getting the following error
{"ok":false,"error":"internal_error","warning":"missing_charset","response_metadata":{"warnings":["missing_charset"]}}
curl -X POST -H 'Authorization: Bearer secretsxxxxxxxxxxxxx' -H 'Content-type: application/json' --data \
'{
"ok": true,
"reminder": {
"text": "eat a banana",
"recurring": false,
"time": 1602288000
}
}' https://slack.com/api/reminders.add
You need to change the following line https://slack.com/api/reminders.add to https://slack.com/api/reminders.add?. Include the question mark at the end.
So your code should be:
curl -X POST -H 'Authorization: Bearer secretsxxxxxxxxxxxxx' \
-H "Content-type: application/json" \
--data '{"text": "I hope you eat your banana","time":1581447960}' \
https://slack.com/api/reminders.add
It is written in the keycloak documentation that the Token Endpoint can be used for obtaining a temporary code in the Authorization Code Flow or for obtaining tokens via the Implicit Flow, Direct Grants, or Client Grants.
But even with response_type=code , I can't get an authorization code: only a token. How can I do that?
My test request:
curl -X POST \
http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/token \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Host: localhost:8080' \
-H 'Postman-Token: e103dff9-7b25-4f8f-886b-2af73efee561,e8f92a85-1489-4d7f-b89f-76cfe85e9c68' \
-H 'User-Agent: PostmanRuntime/7.15.0' \
-H 'accept-encoding: gzip, deflate' \
-H 'cache-control: no-cache' \
-H 'content-length: 94' \
-d 'grant_type=password&username=login&password=pwd&client_id=my-app&response_type=code'
Source : https://www.keycloak.org/docs/latest/server_admin/index.html#keycloak-server-oidc-uri-endpoints
response_type can be only used in authorization request to authorization endpoint (http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/auth) and it will be ignored in this case (in token request). Authorization code can be got from authorization endpoint as follows:
http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/auth?client_id=my-ap&redirect_uri=https://...&response_type=code
See also:
https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
How to authenticate with the V2 API is useful and works.
REPO="https://hub.docker.com/v2"
I'm able to get tokens, list (my) repos and lists their images and tags.
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/tags/
I'd like to 'GET MANIFEST' but I'm struggling to get this to work:
https://docs.docker.com/registry/spec/api/#manifest:
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/manifests/
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/${USERNAME}/${IMAGE}/manifests/
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/${USERNAME}/${IMAGE}/manifests/${TAG}
I've tried with|without the Host header. With various values for the Host header. But, I'm clearly missing something. I tried pattern-matching against the working endpoints but no joy:
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/manifests/
Curiously, this page shows "GET TAGS" seemingly incorrectly as /v2/<name>/tags/list:
https://docs.docker.com/registry/spec/api/#tags
Reviewed:
https://stackoverflow.com/a/45605443/609290
Follow-up
I'm a Googler and have access to Google Container Registry (GCR).
REPO="https://gcr.io/v2/"
On a whim, I just tried 'GET MANIFEST' against GCR and the requests works:
curl --silent \
--request GET \
--user _token:$(gcloud auth print-access-token) \
${REPO}/${PROJECT}/${IMAGE}/manifests/${TAG}
It's quite confusing with all the *.docker.com|io subdomains!
I found registry.hub.docker.com and index.docker.io the most reliable ones.
You can easily query the tags from there, but for the manifests you'll need to get a token for pulling first:
REGISTRY=https://index.docker.io/v2
#REGISTRY="https://registry.hub.docker.com/v2"
#REGISTRY="https://registry.docker.io/v2"
#REGISTRY="https://registry-1.docker.io/v2"
#REGISTRY="https://hub.docker.com/v2"
REPO=library
IMAGE=debian
# Could also be a repo digest
TAG=latest
# Query tags
curl "$REGISTRY/repositories/$REPO/$IMAGE/tags/"
# Query manifest
curl -iL "$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# HTTP/1.1 401 Unauthorized
# Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/debian:pull"
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" \
| jq --raw-output .token)
curl -LH "Authorization: Bearer ${TOKEN}" "$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# Some repos seem to return V1 Schemas by default
REPO=nginxinc
IMAGE=nginx-unprivileged
TAG=1.17.2
curl -LH "Authorization: Bearer $(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" | jq --raw-output .token)" \
"$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# Solution: Set the Accept Header for V2
curl -LH "Authorization: Bearer $(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" | jq --raw-output .token)" \
-H "Accept:application/vnd.docker.distribution.manifest.v2+json" \
"$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
See
this gist for another example and
this repo for a reusable script docker-image-size-curl.sh
Authorization with hub.docker.com works differently and you don't seem to get the manifests from there 🤔