I've successfully generated a token with the GET /v3/identity/token API. I now want to be able to leverage the PUT API to keep the token active.
I am trying this curl command:
curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '<token-value>' 'https://ibm-watson-ml.mybluemix.net/v3/identity/token' -v -i --basic --user <username>:<password>
I get a 400 error stating:
For request 'PUT /v3/identity/token' [Invalid Json: Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9) to follow minus sign, for valid numeric value at [Source: akka.util.ByteIterator$ByteArrayIterator$$anon$1#18bd12ef; line: 1, column: 3]]
The token returned from the get request has the dash character in it, along with other non-alphnumeric values.
Does the token from the get request need to be parsed? what am I missing?
You need to set your content-type to application/json. But -d sends the Content-Type application/x-www-form-urlencoded, which maybe is not accepted on IBM side.
But, seems like your JSON (token) are in the incorrect format.
The token value needs to be the following format (JSON):
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
}
And you need to follow the example of sent correctly the format:
curl -H 'Content-Type: application/json' -X PUT \
-d '{"token":"yourToken"}' \
https://ibm-watson-ml.mybluemix.net/v3/identity/token
See the official reference.
Related
I am trying to get the repo details, of our comany bitbucket cloud.
using the API:
curl --request GET \
--url 'https://api.bitbucket.org/2.0/repositories/{workspace}/{repo_slug}' \
--header 'Authorization: Bearer <access_token>' \
--header 'Accept: application/json'
from
https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-get
the problem is that every key/token I use, I get an error response of
{"type": "error", "error": {"message": "Access token expired."}}
I created an OAuth 2.0 key and secret and tried them both.
--header 'Authorization: Bearer <KEY>'
--header 'Authorization: Bearer <SECRET>'
I also tried App Password :
--header 'Authorization: Bearer <APP PASSWORD>'
also with SSH key:
--header 'Authorization: Bearer <SSH KEY>'
But I get the same error.
Thanks
I suggest that you omit the 'Authorization: Bearer' header completely, and use an app_password instead. In fact, Atlassian recommends the use of app passwords, allowing you to completely bypass the need for an access_token.
See the App passwords section of the Authentication Methods docs page.
Here's how it works. (Notice that the 'Authorization: Bearer' header is absent in these examples.) If your workspace is companyname, your username is prospero , and the app password you created per the Atlassian documentation is a1b2c3d4e5f6g7h8, then you can retrieve the list of repositories in this manner.
Curl:
curl -u prospero:a1b2c3d4e5f6g7h8 https://api.bitbucket.org/2.0/repositories/companyname
Python:
import requests
import json
r = requests.get('https://api.bitbucket.org/2.0/repositories/companyname', auth=('prospero', 'a1b2c3d4e5f6g7h8'))
print(r.text)
print(json.dumps(r.json(), indent=4))
Of course, you will want to use more sophisticated code. These are just quick examples.
Even though I read a numerous duplicate issues here on Stackoverflow, still can't figure out for the life of me what I'm doing wrong.
Problem: I successfully receive an authorization code from, but when I request an access token using this code I get the following error:
{
"error": "invalid_request",
"error_description": "Invalid parameter value for redirect_uri: Missing scheme: http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback"
}
Configuration:
I use http://localhost:3030/google/oauth2/callback as a callback URL
It's setup in the google developer console:
This is a "raw curl" request that I send to obtain a token:
curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=4%2F0AY0e-g6zyewnsWjPEXoxZWawsp1E634ZlefYoBeYO1nXxBwjPQNCGVf7SGb4MxfNcjUApw' \
--data-urlencode 'redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback' \
--data-urlencode 'client_id=....' \
--data-urlencode 'client_secret=....' \
--data-urlencode 'grant_type=authorization_code'
P.s. as you can see I "UrlEncoded" redirect_url as well as code since it does contain slashes. To be on the same side, I tried to encode client_id, client_secret and grant_type as well, but since they only contain ASCII characters they came out the same.
What I have done:
Researched through similar problems on SO: jenkins issue, ios issue, php issue, missing http issue,nodejs issue - similar to this one followed up by discussion, this, that, and all other ones present here - will omit them for brevity.
I've tried to set
http://localhost/google/oauth2/callback:3030 as well as
http://127.0.0.1:3030/google/oauth2/callback and
http://127.0.0.1/google/oauth2/callback:3000 (although specifying a port in the end is super weird and changing localhost to 127.0.0.1, but was suggested in one of the similar threads), none of these worked.
Read all the docs from google
Played with OAuth2 Playground (where it works obviously), but doesn't work for me
Tried multiple variations for body + different content types the same problem, but sometimes I also get
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
Any help would be appreciated.
After some time I was able to successfully obtain a token. Turns out that I didn't craft request to Google API correctly. Also, for the "curl" request it should be --data rather than --data-urlencode. The following request worked for me:
curl --request POST \
--url https://oauth2.googleapis.com/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data code=4%2F0AY0e-g4TLGE7c7VyMe8-95baQzeh0uERiKuGnHG5Sqccb4MCsmJOzV_a2jSbI9bm62VZ6Q \
--data redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback \
--data client_id=********* \
--data client_secret=********* \
--data grant_type=authorization_code
or
curl --request POST \
--url https://oauth2.googleapis.com/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'code=4%2F0AY0e-g4TLGE7c7VyMe8-95baQzeh0uERiKuGnHG5Sqccb4MCsmJOzV_a2jSbI9bm62VZ6Q&redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback&client_id=*********&client_secret=*********&grant_type=authorization_code'
One more observation: When you test, you can use the authorization code only once (for security reasons). Sometimes even if you send multiple "unsuccessful requests" with the same code, Google's API will reject all subsequent requests with that code (you need to go through the OAuth2 again flow to obtain a new one). The most "frustrating" part that confused me is that the response for the wrong code looks like this:
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
instead of being something like "Code is not valid" or "Code has expired".
So, if you encounter an error above it means the request was crafted correctly, but the code is wrong.
This curl is working fine and returns the token as expected:
curl -X POST -H "X-Requested-With: XMLHttpRequest" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "username": "pere.peris#gmail.com","password": "password" }' "http://75.90.255.68:1133/canPeris/auth"
But when I do the same call using Postman app I get a 401 Unauthorized as a return value
You should add the missing JSON inside the Body . click Raw combo box and add
{ "username": "pere.peris#gmail.com","password": "password" }
You can use the function in Postman to generate curl:
https://www.getpostman.com/docs/v6/postman/sending_api_requests/generate_code_snippets
On the right side under "Send" and "Save" just hit the Code Button/Link. Then select in the next window in the drop down cURL. So you see what cURL would be generated and compare it with the command line.
The -d option is described here: https://curl.haxx.se/docs/manpage.html#-d
After successfully authenticating, I want to refresh my authorization token, so I issue the following request
curl -X POST \
https://login.microsoftonline.com/<my-tenant>/oauth2/v2.0/token \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-F grant_type=refresh_token \
-F refresh_token=<my-refresh-token> \
-F client_id=<my-client-id> \
-F client_secret=<my-client-secret>
However, instead of returning with a new token, I get the following response:
{
"error": "server_error",
"error_description": "AADSTS50000: There was an error issuing a token.\r\nTrace ID: bb72ee21-7df2-4949-8375-e6d97b621300\r\nCorrelation ID: 719ea759-622b-4d63-be17-56fd6c255195\r\nTimestamp: 2018-06-15 09:07:13Z",
"error_codes": [
50000
],
"timestamp": "2018-06-15 09:07:13Z",
"trace_id": "bb72ee21-7df2-4949-8375-e6d97b621300",
"correlation_id": "719ea759-622b-4d63-be17-56fd6c255195"
}
The tenant, client id and client secret are all the same as those used when obtaining the refresh token. Yet, something is apparently missing or incorrect - but what?
You are missing the mandatory scope parameter as described here.
You also need to provide a redirect_uri, although you just make a POST request.
And the redirect_uri must match the redirect_uri used in the original authorization call.
When refreshing an access token you have to provide a scope for which you would like to get the token. Also make sure that you understand you can only refresh the access_token, not the id_token. And access_token always has a purpose (scope).
Everything described in the documentation.
I am testing my ZF2 Rest Module that is running on localhost, by sending curl POST requests from the same box.
curl -i -X POST -H "Content-Type: Application/json" -d '{username":"xyz","password":"xyz"}' http://localhost/api/login
In the corresponding controller and action, I have tried returning the POST parameters, but an empty array is returned always
var_dump($this->getRequest()); // returns: array(0){}
var_dump($_POST); // returns: array(0){}
If I switch from POST to GET with
curl -i -G -H "Content-Type: Application/json" -d '{username":"xyz","password":"xyz"}' http://localhost/api/login
it actually seems to work
var_dump($_GET); // returns: array(1) {["{"username":"xyz","password":"xyz"}"]=>string(0) ""}
Why is the POST request failing to pass/extract the parameters?
PHP only populates $_POST for form urlencoded POST data. You've explicitly set the content type to JSON, so the PHP way to access this would be:
file_get_contents("php://input");
In ZF2, I believe you want:
$this->getRequest()->getContent();
and in practice, you'll probably want to run this through json_decode().