I am trying to connect with SAP Hybris REST API to power bi, below is my query
let
token_url = "https://localhost:9002/authorizationserver/oauth/token",
api_base_url = "https://localhost:9002/rest/v2/apparel-uk/countries",
qry_str = "?fields=DEFAULT",
body="grant_type=client_credentials&client_id=XXX&client_secret=XXX",
Source = Json.Document(Web.Contents(token_url,[
Headers = [#"Content-Type"="application/x-www-form-urlencoded"],
Content=Text.ToBinary(body)
]
)
),
token = Source[access_token],
data= Json.Document(Web.Contents(api_base_url & qry_str, [Headers=[#"Content-Type"="application/json"]]))
in
data
but I am getting following error
DataSource.Error: The underlying connection was closed: Could not
establish trust relationship for the SSL/TLS secure channel. Details:
https://localhost:9002/rest/v2/apparel-uk/countries?fields=DEFAULT
Is my script ok? how to resolve this issue?
Related
I have created a custom OAuth client for the snowflake account by referring documentation here, https://docs.snowflake.com/en/user-guide/oauth-custom.html
I created an OAuth custom instance for my local using the following query:
create security integration My_Snowflake_Connector
type = oauth
enabled = true
oauth_client = custom
oauth_client_type = 'CONFIDENTIAL'
oauth_redirect_uri = 'http://localhost:4200/api/auth/callback/snowflake'
oauth_issue_refresh_tokens = true
oauth_refresh_token_validity = 86400
blocked_roles_list = ()
pre_authorized_roles_list = ('SYSADMIN', 'ACCOUNTADMIN', 'SECURITYADMIN')
oauth_allow_non_tls_redirect_uri = true
I have obtained authorization & token URLs using the following query:
DESCRIBE security integration My_Snowflake_Connector
I also obtained secrets using the following query:
SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS( 'MY_SNOWFLAKE_CONNEECTOR' )
I have used passport-oauth2 plugin & OAuth2Strategy
On initiating OAuth flow I am rightly taken to the snowflake account I log in it shows the OAuth consent screen but upon redirection, I get an error invalid_client.
I am getting the following error JSON blob:
{\n "data" : null,\n "error" : "invalid_client",\n "code" : null,\n "message" : "This is an invalid client.",\n "success" : false,\n "headers" : null\n}
I have verified the callback URL, client id & secret none seems to be wrong.
What may be wrong with my configuration?
Update
We could not figure out the reason behind the OAuth error, Finally, we ended up using the Node js client from snowflake. For more info: https://docs.snowflake.com/en/user-guide/nodejs-driver.html
I could see a similar error when testing OAuth2 from Postman when Client Authentication is set to "Send Client Credentials in body".
On changing this to "Send as Basic Auth Header",token generation works fine and proceeds successfully.
I guess this change should resolve the issue in your case as well. One of the reference that I checked is here : https://github.com/ciaranj/node-oauth/pull/316
I am using the Microsoft Graph OneDrive API to upload a file, it works before until recently. Microsoft API server return "504 Gateway Timeout". Any idea?
$tokenCache = new \App\TokenStore\TokenCache;
$accessToken = $tokenCache->getClientCredentialsAccessToken();
$graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken($accessToken);
$requestUrl = "/drives/{drive-id}/items/root:/files/2019/466/466-1566268336-oYgN-subway.csv:/content";
$localPath = "/var/www/html/laravel/public/attachments/466/a3Gc9Yx0ekNzC4zIxeGyvClEJrtXGFwDJIoS0FlM/466-1566268583-PvTZ-subway.csv";
$result = $graph->createRequest('PUT', $requestUrl)
->upload($localPath);
dd($result);
Server error: `PUT https://graph.microsoft.com/v1.0/drives/{drive-id}/items/root:/files/2019/466/466-1566268336-oYgN-subway.csv:/content` resulted in a `504 Gateway Timeout` response
I am trying to sync my mails from gmail to my local server using OfflineImap v7.2.1. I followed this tutorial: Using Offlineimap with the Gmail IMAP API and got it working!
Here is my .offlineimaprc file:
[general]
accounts = ExampleCompany
[Account ExampleCompany]
localrepository = ExampleCompanyLocal
remoterepository = ExampleCompanyRemote
postsynchook = notmuch new
#newer versions don't need this
#status_backend = sqlite
[Repository ExampleCompanyRemote]
type = IMAP
remotehost = imap.gmail.com
remoteuser = my-username#gmail.com
ssl = yes
starttls = no
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
### You'll need to configure the gmail API stuff here:
auth_mechanisms = XOAUTH2
oauth2_client_id = XXXX7-eXXXX.apps.googleusercontent.com
oauth2_client_secret = 9XXXXXP
oauth2_request_url = https://accounts.google.com/o/oauth2/token
#oauth2_refresh_token = 1/ZXXXXXw
oauth2_access_token = ya29.XXXXXIHbcS
## remove Gmail prefix on IMAP folders
nametrans = lambda f: f.replace('[Gmail]/', '') if
f.startswith('[Gmail]/') else f
[Repository ExampleCompanyLocal]
type = Maildir
localfolders = ~/mail
restoreatime = no
# Do not sync this folder
folderfilter = lambda folder: folder not in ['2007-2011-inbox']
## Remove GMAIL prefix on Google-specific IMAP folders that are pulled down.
nametrans = lambda f: '[Gmail]/' + f if f in ['Drafts', 'Starred', 'Important', 'Spam', 'Trash', 'All Mail', 'Sent Mail'] else f
I currently generate my Access Token and Refresh Token using this python script from google. I would however like this tokens to be generated from an ios app and then sent to the backend to start syncing. I am using AppAuth to do this but OfflineImap always errors out when using these credentials gotten from the IOS app. error
ERROR: All authentication types failed:
XOAUTH2: [AUTHENTICATIONFAILED] Invalid credentials (Failure)
Any idea why these credentials will be invalid? I am using the same client_id and client_secret when running the script and the app. I think i am missing something obvious.
Here is the authorization request on the app in swift:
// builds authentication request
let request = OIDAuthorizationRequest(configuration: configuration,
clientId: "XXXX7-eXXXX.apps.googleusercontent.com",
clientSecret: "9XXXXXP",
scopes: [OIDScopeEmail],
redirectURL: redirectURI,
responseType: OIDResponseTypeCode,
additionalParameters: nil)
Thank you
This one has me for a while now, I am trying to build a console app that can call a .net web/wcf service SP, the first leg is to get a token from the idP (ADFS4.0) the pasted code was working fine for a whole day, at some point it stopped working with the following error:
SOAP security negotiation with 'https://adfs.domain.in/adfs/services/trust/13/windowsmixed' for target 'https://adfs.domain.in/adfs/services/trust/13/windowsmixed' failed. See inner exception for more details.
The inner error is:
The Security Support Provider Interface (SSPI) negotiation failed.
NativeErrorCode: 0x80090350 -> SEC_E_DOWNGRADE_DETECTED
I have tried /13/windows and /windowstransport as well as the endpoint.
private static GenericXmlSecurityToken RequestSecurityToken()
{
// set up the ws-trust channel factory
var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(new WindowsWSTrustBinding(
SecurityMode.TransportWithMessageCredential), new EndpointAddress(new Uri("https://adfs.domain.in/adfs/services/trust/13/windowsmixed"), EndpointIdentity.CreateSpnIdentity("adfs#domain.in")));
factory.TrustVersion = TrustVersion.WSTrust13;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = new System.ServiceModel.EndpointAddress(endpoint_address)
};
// request token and return
return factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;
}
In my case, for some reason, the ADFS was available over VPN but the AD based authentication bits are not happening over VPN. That's why SEC_E_DOWNGRADE_DETECTED is coming. In a regular non VPN environment things are good.
Also, another observation is once SAML token is generated over a regular enterprise network. Subsequent calls to generate the SAML token are going through as expected even on VPN.
So, if you see this error just check if the network you are in is part of the domain (and not public or private network), for SSPI negotiation.
I'm using DotNetOpenAuth to aunthenticate a user, and I'm unable to make it work. This is my code:
public string AuthenticateUser(
string key, string secret, string user, string password,
AuthorizationServerDescription serviceDescription)
{
UserAgentClient agent = new UserAgentClient(
serviceDescription,
key,
secret);
IAuthorizationState authState = mConsumer.ExchangeUserCredentialForToken(
user,
password,
GetScope());
if (authState != null)
{
return authState.Token;
}
}
I'm trying to authenticate against Google and WindowsLive, without sucess in both cases.
Google
These are the configuration parameters used to access the Google OAuth service:
AuthorizationEndpoint = new Uri("https://accounts.google.com/o/oauth2/auth")
TokenEndpoint = new Uri("https://accounts.google.com/o/oauth2/token")
ProtocolVersion = ProtocolVersion.V20
State = "/profile"
Scope = "https://www.googleapis.com/auth/userinfo.email"
Error obtained:
---------------------------
Error
---------------------------
Error occurred while sending a direct message or getting the response.
---------------------------
OK
---------------------------
Windows Live
These are the parameters used to acces the Windows Live Outh service:
TokenEndpoint = new Uri("https://oauth.live.com/token"),
AuthorizationEndpoint = new Uri("https://oauth.live.com/authorize")
ProtocolVersion = ProtocolVersion.V20
State = null
Scope = "wl.signin"
Error obtained:
---------------------------
Error
---------------------------
Unexpected response Content-Type text/html
---------------------------
OK
---------------------------
I also tested using the ClientCredentialApplicator in all ways:
NetworkCredential
NoSecret
PostParameter
Am I doing something wrong? Someone could show me a working example of ExchangeUserCredentisForToken?
Thanks in avance.
The resource owner credential grant only works when allowed by the authorization server. I believe both Google and Microsoft deliberately do not support this, since they don't want 3rd party apps taking user credentials directly.