I am struggling with Zabbix Web Scenarios, I am trying to post to a url in the same way this curl does:
curl -XPOST xxxx -d' { "grant_type": "password", "username": "xxx", "password": "xxx", "client_id": "xxx", "client_secret": "xxx"}'
However, I get a 400 error when loading it into Web Scenarios, here is the setup I am using in Zabbix.
This for some reason gives me back a 400 error, whereas the above curl works fine and I get an authorisation. Does any one have any more experience with this that can offer a hand?
You are not posting a JSON, but a list of individual variables. Try using the JSON as-is.
Related
I have been trying to use the API to retrieve my activities but I'm receiving the following JSON error.
{
"error": {
"code": 403,
"message": "The request is not properly authorized.",
"errors": [
{
"message": "The request is not properly authorized.",
"domain": "youtube.activity",
"reason": "forbidden"
}
]
}
}
, although I use https://www.googleapis.com/youtube/v3/activities?mine=true&key={my_api_key}&part=contentDetails and I use OAuth2 client to get an access token which I use on calling the API.
I tried to use the samples but I'm receiving the same error.
Is this a bug or I'm doing something wrong?
More details
I use the given link in postman with the GET method and I put a valid access token in the token field with TYPE=OAuth2 and Prefix=Bearer
According to the official specification of the Activities.list API endpoint, for to be able to use its mine request parameter, you have to issue the call to the endpoint while passing to it proper credentials:
mine (boolean)
This parameter can only be used in a properly authorized request. Set this parameter's value to true to retrieve a feed of the authenticated user's activities.
Therefore, using an API key is not sufficient (neither is required when issuing a properly authorized request).
Do note that the JSON error response obtained from the API agrees entirely with the specification quoted above.
According to the official (programming language agnostic) procedure, for to obtain a valid fresh access token from the API, issue a simple curl instance as follows:
$ curl \
--data 'grant_type=refresh_token' \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode "refresh_token=$REFRESH_TOKEN" \
https://oauth2.googleapis.com/token
Above, $CLIENT_ID and $CLIENT_SECRET are the values of the corresponding properties of your client secrets JSON file you've got from Google's developers console. The $REFRESH_TOKEN is your (long-lived) refresh token you've obtained upon running a successful OAuth2 authentication/authorization flow.
The output obtained from curl when successful would look like:
{
"access_token": "...",
"expires_in": 3599,
"scope": "...",
"token_type": "Bearer"
}
A call to the Activities.list endpoint as yours above using curl is immediate:
$ curl \
--header "Authorization: Bearer $ACCESS_TOKEN" \
'https://www.googleapis.com/youtube/v3/activities?mine=true&part=contentDetails&maxResults=25'
The parameter $ACCESS_TOKEN above is your freshly obtained valid access token; the output of curl would look like:
{
"kind": "youtube#activityListResponse",
"etag": "...",
"items": [
{
"kind": "youtube#activity",
"etag": "...",
"id": "...",
"contentDetails": {
...
}
},
...
],
"pageInfo": {
"totalResults": ...,
"resultsPerPage": 25
}
}
For to run the above curl commands on a Windows machine under CMD.exe -- assuming that you've substitued the $-variables yourself manually --, do replace the backslash character at the end of each line above with the caret character, ^. The percent character % should be doubled, i.e. should be replaced with %%, and the single quote characters ' should be replaced with double-quote characters ".
I am trying to perform the oauth2 flow as described by https://github.com/doorkeeper-gem/doorkeeper/wiki/Interacting-as-an-OAuth-client-with-Doorkeeper#writing-a-raw-oauth-client, but I get a 401 when
I try to retrieve the access token. Here is what I am doing
1) click the authorize button on the application as seen here
2) I authorize the application on the next screen and I'm given a url of the form chromiumapp.org/?code=eb775dba8811f605c672a0aac8472972eabaae87446ac957e2b71c57b0b10e6e
3) Given this code I perform
curl -XPOST http://localhost:3000/oauth/token -d '{
"client_id": CLIENT_ID,
"client_secret": CLIENT_SECRET,
"redirect_uri": "https://galaiojniedmogfplghkjnmcfnlbpbpg.chromiumapp.org/",
"grant_type": "authorization_code",
"code": "eb775dba8811f605c672a0aac8472972eabaae87446ac957e2b71c57b0b10e6e"
}`
However this returns {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}
Is there some part of the flow that I'm missing or is there something incorrect in the documentation?
I have updated the wiki I linked above, but incase others come across this question, per the rfc, the parameters on the token request must be form urlencoded.
curl -XPOST http://localhost:3000/oauth/token
-F "client_id=CLIENT_ID"
-F "client_secret=CLIENT_SECRET"
-F "redirect_uri=https://galaiojniedmogfplghkjnmcfnlbpbpg.chromiumapp.org/"
-F "grant_type=authorization_code"
-F "code=eb775dba8811f605c672a0aac8472972eabaae87446ac957e2b71c57b0b10e6e"
Please help to create zendesk instance in cloud element by 3rd party api call
Created Zendesk account Created & configure as per in Link
Succesfully got Elements OAuth Information
{
"oauthUrl": "https://yoursubdoamin.zendesk.com/oauth/authorizations/new?response_type=code&client_id=zendesk_unique_identifier&redirect_uri=http://www.my_cool_app.com/auth&scope=read write&state=zendesk",
"element": "zendesk"
}
Getting error in API
curl -X POST
-H 'Authorization: User <INSERT_USER_SECRET>, Organization <INSERT_ORGANIZATION_SECRET>'
-H 'Content-Type: application/json'
-d #instance.json
'https://api.cloud-elements.com/elements/api-v2/instances'
instance.json
{
"element": {
"key": "zendesk"
},
"providerData": {
"code": "Code on Return the URL"
},
"configuration": {
"oauth.api.key": "<INSERT_ZENDESK_UNIQUE_IDENTIFIER>",
"oauth.api.secret": "<INSERT_ZENDESK_CLIENT_SECRET>",
"oauth.callback.url": "https://www.my_cool_app.com",
"zendesk.subdomain": "<INSERT_ZENDESK_SUB_DOMAIN>"
},
"tags": [
"<INSERT_TAGS>"
],
"name": "<INSERT_INSTANCE_NAME>"
}
Getting error "Failed to exchange a code for an access token"
This might be because, you might not have registered an app with zendesk to get back the access token. This can also happen if your element in Cloud Elements is corrupted, make sure you are using the inbuild element instance. Still if you are facing the issue, please mention the steps you followed
I have OAuth login in my app. After that I have access_token.
I check token in google token info service:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<access_token>
And It returns:
{
"issued_to": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"audience": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit https://www.googleapis.com/auth/admin.directory.user",
"expires_in": 3299,
"access_type": "online"
}
As you can see I have admin user directory permission.
Then I send GET request for getting information about user
curl -X GET https://www.googleapis.com/admin/directory/v1/users/test_user#test.com?access_token=<access_token>
And google returned me right user information. After that I decided to get list of users.
curl -X GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<access_token>
And google returned me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
But I don't understand why google returned me so error.
Could you please help me with this problem?
Thanks.
There are two solutions here.
1.This is the simple one. Put the URL params in quotes. This should do the trick - (fake access token used)
curl "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI"
You don't need to pass in -X GET as that is the default.
2.In general it is bad practice to send the access_token in the URL as this URL may get logged somewhere along the way for innocuous reasons. You can also do this through HTTP Header of Authorization -
curl -H "Authorization: Bearer asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer
I followed this guide: http://keystone.openstack.org/api_curl_examples.html
and it seemed that I got a valid token by ran:
curl -d '{"auth":{"passwordCredentials":{"username": "can", "password": "mypassword"}}}' -H "Content-type: application/json" http://url:35357/v2.0/tokens
and it returned:
{
"access":
{
"token":
{
"expires": "2012-05-21T14:35:17Z",
"id": "468da447bd1c4821bbc5def0498fd441"
},
"serviceCatalog": {},
"user":
{
"username": "can",
"roles_links": [],
"id": "bb6d3a09ad0c4924bf20c1a32ccb5781",
"roles": [],
"name": "can"
}
}
}
but when I came to the next few sections to validate this token, I encountered this magic number: X-Auth-Token:999888777666. At first I thought it's the token I got but I was wrong.
I think I may have missed something, so I read related sections in openstack documents( http://keystone.openstack.org/configuration.html and http://docs.openstack.org/api/openstack-compute/programmer/content/ ), but still no idea how the number comes from.
could anyone explain to me
what's the meaning of that magic number
how to get the right value of it so I can get a working token to manage other parts of openstack
That magic number (string really) is the admin_token setting in your keystone.conf file. Under the [DEFAULT] section in keystone.conf set
admin_token = abcd1234
If you don't use it for admin actions, you'll see something like
ubuntu#i-000004bc:~/devstack$ curl http://localhost:35357/v2.0/tenants
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}
If you do use it, you'll see something like
ubuntu#i-000004bc:~/devstack$ curl -H "X-Auth-Token: abcd1234" http://localhost:35357/v2.0/tenants
{"tenants_links": [], "tenants": [{"enabled": true, "description": null, "name": "demo", "id": "aee8a46babcb4e4286021c8f6ef996cd"}, {"enabled": true, "description": null, "name": "invisible_to_admin", "id": "de17fea45de148ada0a58e998e6c3e73"}, {"enabled": true, "description": null, "name": "admin", "id": "f34b0c8ab30e450489b121fbe723fde5"}, {"enabled": true, "description": null, "name": "service", "id": "fbe3e2e530fd47298cb2cba1b4afa3da"}]}
To get the list of tenants, in our current implementation, we authenticate with admin credentials and use the token returned to get list of tenants.
The implementation works smooth with the authentication token. It may work with admin_token but I have not verified.
If you see the examples you are referring to, there are 2 types of endpoints used
Endpoint pointing to port 5000 - public port
Endpoint pointing to port 35357 - admin port
In examples which are hitting admin port you would need to specify the "X-Auth-Token" header as the admin_token (specified in the keystone.conf file)
The token itself is in dict["access"]["token"]["id"] which is that part that will go in the header of subsequent HTTP requests, i.e
X-Auth-Token: 468da447bd1c4821bbc5def0498fd441
The value 999888777666 is from the curl example tutorial and will definitely not work.
As for the value of the token itself, it's randomly generated by the OpenStack service and shouldn't contain any useful information from your point of view.
(BTW, you probably shouldn't go pasting the tokens into forums as they're valid for 24 hours and anyone with a copy of the token and access to your compute endpoint can use it to impersonate you).