I am trying to use bullet 4 ( Client Credentials Grant ) in order to obtain an access/bearer token authentication documentation
Example:
curl -X POST -u "client_id:secret" \
https://bitbucket.org/site/oauth2/access_token \
-d grant_type=client_credentials
I have created an OAuth Consumer. I take the "Secret" that is generated from this Consumer and simply plug it in the example above for "secret", and I receive an "unauthorized client" result, when I expect to get back an access token.
Result:
{"error_description": "Invalid OAuth client credentials", "error": "unauthorized_client"}%
I have also ensured the consumer I have created as all permissions available.
Am I plugging the wrong value into the secret section? Or what else could I be doing incorrectly?
You need to replace also client_id by the key of your consumer as you replaced de secret
"client_id:secret" => "key:secret"
Related
I am referring https://api.slack.com/docs/oauth#flow to obtain access token in PostMan.
Also, I have downloaded repo of slack api from https://github.com/lonelyclaud/slack-api-postman
Below command returns status 200, but no authorization code.
curl -X GET \
'https://slack.com/oauth/authorize?client_id=9XX331444993.996747590037&scope=team%3Aread+users%3Aread%20' \
-H 'Postman-Token: f2dc4c20-5b7d-4ed2-b71f-08ecad81fd8c' \
-H 'cache-control: no-cache'
Can someone explain how to obtain code, which in turn will be used to obtain token?
Got my answer, here is the link to obtain the auth token using Postman Create a Slack app and authenticate with Postman
For learning purposes, I'm trying to use the Machine learning (ml) API.
https://cloud.google.com/ml-engine/reference/rest/v1/projects.models/list
I'm not able to identify if this request can be done with an API KEY instead of OAUTH.
I'm using npm package googleapis with this;
ml.projects.models.list({
key: GCLOUD_API,
parent: "projects/"+GCLOUD_PROJECT
}
But always receives this error:
Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential
I've tried replacing key with auth or token. Nothing work.
How can I know if is possible or not to use an api key?
I tried also with curl
'https://ml.googleapis.com/v1/projects/myproject-123456/models?token=my_super_sekret_key'
Today I had the same doubt.
Here are GCP Services that support API Keys:
https://cloud.google.com/docs/authentication/api-keys and ML API is not included.
You should obtain the access token using OAuth2, so URL POST request will be:
https://ml.googleapis.com/v1/projects/your_project/models?access_token=your_access_token
Works great for me. Same to do predictions.
1
You can get the auth token using gcloud:
access_token=$(gcloud auth application-default print-access-token)
and then embed it into the header:
curl --silent \
-H "Authorization: Bearer $access_token" \
-H "Content-Type: application/json" \
-X POST \
-d "$request" \
https://ml.googleapis.com/v1/projects/myproject-123456/models
I am trying to renew the token generated through API Manager.
The curl statement for generate token is:
curl -k -d "grant_type=client_credentials" -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YT
o2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh , Content-Type: application/x-www-form-urlencoded" https://10.108.106.214:8250/token
The response is
"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"
Based on the documentation it is supposed to generate a retoken which is not being genarated. What am I missing?
Also when I pass the grant_type as refresh_token. I get a invalid grant error.
curl -X POST -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YTo2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=refresh_token&refresh_token=6d1d0f8afbd147d24bcd42bbc5361a1' 'https://10.108.106.214:8250/token'
I am referring to the documentation in the URL
https://docs.wso2.com/display/AM191/Token+API#TokenAPI-RenewingaccesstokensRenewing
So what am I missing?
According to the OAuth 2.0 Authorization Protocol specification, grant_type client_credentials should not issue refresh token.
4.4.3. Access Token Response
If the access token request is valid and authorized, the authorization
server issues an access token as described in Section 5.1. A refresh
token SHOULD NOT be included.
You have to use Password Grant Type
Request :
curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic bkxidjNPTnYxQ25iTXBRY2E3V3hPajdaMUVZYTpuTUQzX0tKQkhGRmxFUUlXdllmSjdTUFlleThh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Response :
{"scope":"default","token_type":"bearer","expires_in":3247,"refresh_token":"91729a78a96b58d80d869f3ec2ce8b8","access_token":"ec54b39dd9503c9f65df84b67ea586"}
Use the refresh_token to Renewing access tokens
If i am not mistaken, in the response you have received.
"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"
This is the new access token.
access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"
Take note of the current token, then run the curl command again. The response should be a different token.
I am working on a service which requires authentication.
I would like to base the authentication on my Redmine and grant access to registered users which are members in a private project.
The membership I have figured out:
curl -v -u account:secret \
https://myredmine/projects/private/memberships.json
But how to find out if a user can authenticate?
Use /users/current.json:
curl -v -u account:secret \
https://myredmine/users/current.json
It will return 401 if the user fails to login.
Add ?include=memberships to the URL to retrieve a list of associated projects.
I don't think it will work with OpenID though.
Use the built-in API. You can enable it for each user, once you get the key:
// Pseudo-code
api_key = '65454ftfg53543f34g34f23g'
url = "http://www.myredminesite.com/projects/my_project/issues.json?key=" + api_key
You can enable the API key if you log in and click on "My Account", then on the right should be your API access key.project.
There where some issues with older version I think. I run Redmine 2.1.2.stable and that works great.
I am very new to WSO2 and am still evaluating it - mostly through Fiddler. It is my understanding that I should be able to obtain an OAuth token by calling WSO2's Login API. I have attempted various URLs (in Fiddler) along the lines of:
// Based off a blog post : http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html
http://localhost:8280/login?grant_type=password&username=admin&password=admin&scope=PRODUCTION
Authorization: Basic cFNET0lab1RnMHRBODRCWmQ4bTRBbnp1c0RZYTpZREIzZzh3RXhQOV92ZTdZX1drYVhieWx5ZlVh
When I execute the above URL, I receive (403) No matching resource found in the API for the given request.
I can use the the "Access Token" (via the Bearer tag) and the APIs work. I just can't figure out how to obtain the OAuth token for actual runtime use.
Any pointers/ideas?
--- Thanks, Jeff
Setup Identity Server [domain:9443]
Create OAuth2 application, and get client id + consumer key
Get Base64 encoded of clientId:consumerKey - replace this for Authorization Basic xxxxx
Replace the REST endpoint for token generation - This you should get in oauth application on management console [in our case https://domain:9443/oauth2/token]
And below curl command should give you the response
curl -k -d "grant_type=password&username=sasikumar#domain.com&password=xxxx1234" -H "Authorization" -H "Authorization: Basic X2dhWllidkN6TDNQY2ZqSmVBQ1lsNlg2SFdRYTpSQVlSMmxOZzQ0enU5ZXVGSDRDVXdOUWRudlVh, Content-type=application/x-www-form-urlencoded" https://domain:9443/oauth2/token
You can directly access OAuth2 REST web service to access the token.Here is how you can access token using curl
curl --user ConsumerKey:ConsumerSecret -k -d "grant_type=password&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token
Below is an example using cURL tool available in linux by default ( you can install cURL for windows explictly)
curl -v 4 -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=&password=&client_id=&client_secret=" https://:9443/oauth2/token
to obtain the client_secret & client_id you have to register a app in wso2is.
There are free tools available to construct the above request or directly use the above parameters and to get the token.
Setup Identity Server [domain:9443]
Create OAuth2 application, and get client id , consumer key and url.
Process post request by using 'poster' with bellow details ,
URL :- which get from oauth application
Content Type :- application/x-www-form-urlencoded
body:- grant_type=password&username=your username&password=your password&client_id=your client id&client_secret=your client secret