An API I am using is telling me to make a GET request as follows:
curl -s \
-X GET \
--user "$MJ_APIKEY_PUBLIC:$MJ_APIKEY_PRIVATE" \
https://api.mailjet.com/v3/REST/template/$template_ID/detailcontent
and I am trying to convert this to Rails' NET::HTTP. I've tried adding a req.body, adding ?user=TOKEN and keep getting a 401 Unauthorized response. I've tested it in curl and my credentials are valid.
How do I include the --user "$MJ_APIKEY_PUBLIC:$MJ_APIKEY_PRIVATE" portion in my GET request?
--user in curl is used for server authentication. In your case, after --user you provide username and password separated with colon. This will be used for the http basic authentication.
Since you know that, you can check how to do the basic authentication with NET::HTTP here or here.
Related
I have an app which is protected by azureAD app registration. everytime user hits an URL, say, https://myapp.com/listall in browser they are presented with azure login screen. This is working as expected.
I was wondering how can I make curl requests to these endpoints from my terminal. When I try it now I get 302 NOT FOUND, as my request is getting redirected to login screen. when I try this form postman I see browser(HTML, CSS) code for azures login screen.
I am expecting something like.
make a curl request to obtain a token.
Use this token to subsequent curl requests.
I am making this curl request to get a token
-H "Content-Type: application/x-www-form-urlencoded" \
--data \
"
grant_type=client_credentials&
client_id=<client-id>&
client_secret=<client-secret>&
resource=https%3A%2F%2Fmanagement.core.windows.net%2F
"
I get a token back and then I make request something like this.
curl -X GET "https://myapp.com/listall" -H 'Content-Type: application/json' -H "Authorization: Bearer eyJ0eXAiOiJKV1....."
am I on the right path? how can I achieve this so that I can make curl requests to apps protected by azure AD app registration ?
I tried to reproduce the same in my environment and got the access token successfully.
Please note that the resource URL you are using is for classic deployed resources and https://management.core.windows.net/ corresponds to Azure Service Management API which is now changed to https://management.azure.com/
To get the access token, I made CURL request like below:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
https://login.microsoftonline.com/your_tenant_id/oauth2/token\
-d 'client_id=your_app_client_id' \
-d 'grant_type=client_credentials' \
-d 'resource=https://management.azure.com/' \
-d 'client_secret=*******************'
To call the above CURL request in Postman, please follow below steps:
Run Postman -> Import -> Select Raw Text -> Copy the above CURL request and paste in raw text field -> Continue -> Import -> Send.
Response:
After getting the token, I made API call like below:
curl -X GET "Your_API_Call_http_link" -H 'Content-Type: application/json' -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJS....."
Make sure to grant API permissions for your API before calling it in Postman. Ensure to select access tokens and id tokens check boxes for your Azure AD app.
I want to test that a PUT to an endpoint (products/:id) works, but when I try
curl -X PUT -d listing_id_created=True localhost:3000/products/27
it gives ActionController::InvalidAuthenticityToken, which I now realise is the expected result (since there's no authenticity token provided since the PUT is coming from curl and curl doesn't know anything about it).
So my question is how do I run some simple curl PUTs (or any other verbs) to check that endpoints work correctly? Is the only solution to simply disable/skip the authenticity token?
I am referring https://api.slack.com/docs/oauth#flow to obtain access token in PostMan.
Also, I have downloaded repo of slack api from https://github.com/lonelyclaud/slack-api-postman
Below command returns status 200, but no authorization code.
curl -X GET \
'https://slack.com/oauth/authorize?client_id=9XX331444993.996747590037&scope=team%3Aread+users%3Aread%20' \
-H 'Postman-Token: f2dc4c20-5b7d-4ed2-b71f-08ecad81fd8c' \
-H 'cache-control: no-cache'
Can someone explain how to obtain code, which in turn will be used to obtain token?
Got my answer, here is the link to obtain the auth token using Postman Create a Slack app and authenticate with Postman
As part of an automated tests suite I have to use OpenShift's REST APIs to send commands and get OpenShift's status. To authenticate these API calls I need to embed an authorization token in every call.
Currently, I get this token by executing the following commands with ssh on the machine where OpenShift is installed:
oc login --username=<uname> --password=<password>
oc whoami --show-token
I would like to stop using the oc tool completely and get this token using HTTP calls to the APIs but am not really able to find a document that explains how to use it. If I use the option --loglevel=10 when calling oc commands I can see the HTTP calls made by oc when logging in but it is quite difficult for me to reverse-engineer the process from these logs.
Theoretically this is not something specific to OpenShift but rather to the OAuth protocol, I have found some documentation like the one posted here but I still find it difficult to implement without specific examples.
If that helps, I am developing this tool using ruby (not rails).
P.S. I know that normally for this type of job one should use Service Account Tokens but since this is a testing environment the OpenShift installation gets removed and reinstalled fairly often. This would force me to re-create the service account every time with the oc command line tool and again prevent me from automatizing the process.
I have found the answer in this GitHub issue.
Surprisingly, one curl command is enough to get the token:
curl -u joe:password -kv -H "X-CSRF-Token: xxx" 'https://master.cluster.local:8443/oauth/authorize?client_id=openshift-challenging-client&response_type=token'
The response is going to be an HTTP 302 trying to redirect to another URL. The redirection URL will contain the token, for example:
Location: https://master.cluster.local:8443/oauth/token/display#access_token=VO4dAgNGLnX5MGYu_wXau8au2Rw0QAqnwq8AtrLkMfU&expires_in=86400&token_type=bearer
You can use token or combination user/password.
To use username:password in header, you can use Authorizartion: Basic. The oc client commands are doing simple authentication with your user and password in header. Like this
curl -H "Authorization: Basic <SOMEHASH>"
where the hash is exactly base64 encoded username:password. (try it with echo -n "username:password" | base64).
To use token, you can obtain the token here with curl:
curl -H Authorization: Basic $(echo -n username:password | base64)" https://openshift.example.com:8443/oauth/authorize\?response_type\=token\&client_id\=openshift-challenging-client
But the token is replied in the ugly format format. You can try to grep it
... | grep -oP "access_token=\K[ˆ&]*"
You need to use the correct url for your oauth server. In my case, I use openshift 4.7 and this is the url:
https://oauth-openshift.apps.<clustername><domain>/oauth/authorize\?response_type\=token\&client_id\=openshift-challenging-client
oc get route oauth-openshift -n openshift-authentication -o json | jq .spec.host
In case you are using OpenShift CRC:
Then the URL is: https://oauth-openshift.apps-crc.testing/oauth/authorize
Command to get the Token:
curl -v --insecure --user developer:developer --header "X-CSRF-Token: xxx" --url "https://oauth-openshift.apps-crc.testing/oauth/authorize?response_type=token&client_id=openshift-challenging-client" 2>&1 | grep -oP "access_token=\K[^&]*"
Note:
2>&1 is required, because curl writes to standard error
--insecure: because I have not set up TLS certificate
Adjust the user and password developer as needed (crc developer/developer is standard user in crc, therefore good for testing.)
Token is per default 24h vaild
Export the Token to an environment Variable
export TOKEN=$(curl -v --insecure --user developer:developer --header "X-CSRF-Token: xxx" --url "https://oauth-openshift.apps-crc.testing/oauth/authorize?response_type=token&client_id=openshift-challenging-client" 2>&1 | grep -oP "access_token=\K[^&]*")
And Use the token then in, e.g., oc login:
oc login --token=$TOKEN --server=https://api.crc.testing:6443
For learning purposes, I'm trying to use the Machine learning (ml) API.
https://cloud.google.com/ml-engine/reference/rest/v1/projects.models/list
I'm not able to identify if this request can be done with an API KEY instead of OAUTH.
I'm using npm package googleapis with this;
ml.projects.models.list({
key: GCLOUD_API,
parent: "projects/"+GCLOUD_PROJECT
}
But always receives this error:
Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential
I've tried replacing key with auth or token. Nothing work.
How can I know if is possible or not to use an api key?
I tried also with curl
'https://ml.googleapis.com/v1/projects/myproject-123456/models?token=my_super_sekret_key'
Today I had the same doubt.
Here are GCP Services that support API Keys:
https://cloud.google.com/docs/authentication/api-keys and ML API is not included.
You should obtain the access token using OAuth2, so URL POST request will be:
https://ml.googleapis.com/v1/projects/your_project/models?access_token=your_access_token
Works great for me. Same to do predictions.
1
You can get the auth token using gcloud:
access_token=$(gcloud auth application-default print-access-token)
and then embed it into the header:
curl --silent \
-H "Authorization: Bearer $access_token" \
-H "Content-Type: application/json" \
-X POST \
-d "$request" \
https://ml.googleapis.com/v1/projects/myproject-123456/models