I want to have oauth/bearer token to authenticate my private registry. please let me know the steps.
docker login needs id and password, so how to pass token?
New to this domain, so need help.
You will have to perform API calls in the following order:
Authenticate and get the token
https://docs.docker.com/registry/spec/auth/oauth/
https://docs.docker.com/registry/spec/auth/token/
Using the token, get the digest for the image and use that digest to pull the corresponding layer via API calls mentioned in the link below.
https://docs.docker.com/registry/spec/api/#pulling-an-image
Related
I'm try to request call this route api.twitter.com/2/users/:id/following also getting the error :
Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint. Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].
I've trying to understand how I should generate an oauth token valid for this request, but i'm a bit lost! I've all the pipe line for the user authentication and for the last request I can get all user data including userToken and tokenSecret how i can use that info to generate the token for my request?
Also I've try to generate a token generate with apiKey and apiSecret withtou success
curl -u 'apiKey:apiSecret'
--data 'grant_type=client_credentials'
'https://api.twitter.com/oauth2/token'
I'm really lost using twitter api because of the multiples ways to authenticate
The curl command you're using will give an App-Only token, this won't work if you're trying the POST /2/users/:id/following endpoint. Follow this guide on generating an OAuth 2.0 User Access Token.
I'm trying to set up Pac4j in my back end (BE) application and in order to configure my Angular front end (FE), I need to understand the workflow that it expects in order to configure the back end properly.
I've been reading reams of documentation and trawling through Pac4j source to find how I get the token from the code without exposing the client secret.
So...
I try to log in FE->BE (without auth)
I receive a 401
I take the 'Location' (the Google auth uri) from the 401 and redirect to it, providing a callback uri
I log in to Google
I am redirected back to my callback uri with a code
(What request do I make to BE in order to get a token back? i.e. where is the token URI that doesn't require a client_secret)
I use the retrieved token to access and continue as normal using BE
If you don't want to use client_secret, then you need public client. I'm not sure if public client is supported by Google.
IMHO better approach will be implicit flow in the FE. It will generate access token, which will be used for BE api calls.
I have a hobby project in mind to use battle.net login. I'm wondering how I can obtain the access token from the API after receiving the authorization code.
This is Oauth flow question rather than a battle.net question.
Currently I can successfully authorize the user for my app which is registered in dev.battle.net and then I try to use the authorization code returned from the battle.net login to obtain the access token by sending a request to https://<region>.battle.net/oauth/token.
However I keep receiving this error:
{
"error": "unauthorized",
"error_description": "An Authentication object was not found in the SecurityContext"
}
I use postman extension to send post requests to that uri. I authenticate my request with my client id and secret. I pass redirect_uri (https://localhost), granty_type (authorization_code), code(the code returned from the previous authorization step). However I keep getting the error above.
I couldn't find much about battle.net online. There are other oauth related help articles but couldn't really find my way.
Wondering if you can help me with this easy stuff. I'm just wondering what I'm skipping here.
Here is the documentation:
https://dev.battle.net/docs/read/oauth
https://localhost is added in my mashery dev account's app settings.
Me again, I resolved this problem after trying almost every combination in the universe:)
Steps to apply:
Don't use the same authorization token for different access token trials, they are not valid
Always use https on every domain you test including localhost, you
redirect_uri must be https as well.
You must use the "basic authentication" in the header of your POST request while requesting the token from the authorization code you obtained from the previous step.
This is one of the most important ones: For requesting token, Pass redirect_uri, client key and secret as POST form parameters to the authenticated request. This is interesting because it's already an authenticated request; why would i need to pass my secret again? Anyways, that's how it works.
Here are the full text:
http://hakanu.net/oauth/2017/01/26/complete-guide-of-battle-net-oauth-api-and-login-button/
This is working prototype:
https://owmatch.me
Thanks.
With a private repo on github, I can generate a "personal access token" and
curl https://<oauth-secret>:x-oauth-basic#raw.githubusercontent.com/<me>/<repo>/master/<file>
and get the content of the file. Is the same thing possible with bitbucket?
Oh hey, it turns out you can just use http(s) authentication.
curl --user <username>:<password> https://bitbucket.org/<username>/<repo>/raw/<file>
It's a bit of a bigger security hole having a username and password in a script than a token (for which you can restrict permissions), but it gets the job done in this case.
According to OAuth on Bitbucket Cloud you need to write https://x-token-auth:{access_token}#bitbucket.org so that you are using the token as password instead of username.
Use OAuth token and Bitbucket api with access_token param:
https://api.bitbucket.org/2.0/repositories/{username}/{repo_slug}/src/master/{file}?access_token={access_token}
I have a global account that has several views that I want to use on the server side to embed dashboards for the various views on the client side. From what I understand, I get an access token using a service account on the server side and can then send the access token to the client side whenever needed. I was wondering, is this the correct flow? Should the access token be per session?
The authorization on the client side shown here has a field for a server auth access token, but couldn't find documentation on the exact flow I wanted. Basically I'm unsure what the proper way of generating that server auth access token is. Any help/pointers would be very much appreciated.
[Here][1] is an example of how to set up server side auth. The above code creates a new token when anyone visits the site. You can see the endpoint that gets that access token [here][2].
Below are the general steps to get to a working version:
Step 1: Create a service account and download the JSON key
Step 2: Add the service account as a user in Google Analytics
Step 3: Use the JSON key data to request an access token
# service-account.py
import json
from oauth2client.client import SignedJwtAssertionCredentials
# The scope for the OAuth2 request.
SCOPE = 'https://www.googleapis.com/auth/analytics.readonly'
# The location of the key file with the key data.
KEY_FILEPATH = 'path/to/json-key.json'
# Load the key file's private data.
with open(KEY_FILEPATH) as key_file:
_key_data = json.load(key_file)
# Construct a credentials objects from the key data and OAuth2 scope.
_credentials = SignedJwtAssertionCredentials(
_key_data['client_email'], _key_data['private_key'], SCOPE)
# Defines a method to get an access token from the credentials object.
# The access token is automatically refreshed if it has expired.
def get_access_token():
return _credentials.get_access_token().access_token
Back to the client side:
Step 4: Load the Embed API library.
<script>
(function(w,d,s,g,js,fs){
g=w.gapi||(w.gapi={});g.analytics={q:[],ready:function(f){this.q.push(f);}};
js=d.createElement(s);fs=d.getElementsByTagName(s)[0];
js.src='https://apis.google.com/js/platform.js';
fs.parentNode.insertBefore(js,fs);js.onload=function(){g.load('analytics');};
}(window,document,'script'));
</script>
Step 5: Add HTML containers to host the dashboard components.
<div id="chart-1-container"></div>
<div id="chart-2-container"></div>
Step 6: Write the dashboard code.
Use the access token obtained in step 3 to authorize the Embed API.
gapi.analytics.ready(function() {
/**
* Authorize the user with an access token obtained server side.
*/
gapi.analytics.auth.authorize({
'serverAuth': {
'access_token': '{{ ACCESS_TOKEN_FROM_SERVICE_ACCOUNT }}'
}
});
...
The additional work of creating an endpoint which returns the token depends on your back end implementation but the source code of how the demo does it can be found [here][2].
[1]: https://ga-dev-tools.appspot.com/embed-api/server-side-authorization/
[2]: https://github.com/googleanalytics/ga-dev-tools/blob/abb3c5a18160327a38bf5c7f07437dc402569cac/lib/controllers/server_side_auth.py
I'm not very familiar with Google Analytics, but as far as OAuth goes, the handling of access tokens and refresh tokens should all be on the server-side. The client receives an authorization code and provides that to the server, which then obtains the tokens and uses the tokens to obtain the data necessary. There shouldn't be any need to send an access token to the client.
It might be helpful to read this, which describes the standard OAuth flow:
https://developers.google.com/identity/protocols/OAuth2