I am making a POST call to get oAuth token in JMeter. So that I can upload files to Google Drive. Below is my request details in JMeter.
POST https://accounts.google.com/o/oauth2/token
POST data:
client_id=<my_client_id>&auth_uri=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth&token_uri=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Ftoken&client_secret=<my_client_secret>&grant_type=authorization_code&redirect_uris=%5B%22urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob%22%2C+%22127.0.0.1%3A3000%22%5D%0A&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive
[no cookies]
Request Headers:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 424
Host: accounts.google.com
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_121)
But I am getting below error. Any help is appreciated. Thanks.
{
:
"error"
: : "invalid_request",
: "error_description" : "Missing required parameter: code"
}
I can not help you with JMeter but I can tell you what the error message means.
The grant_type=authorization_code is the second step in the Oauth2 flow. It has a few required parameters one of them is code.
https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
The code in question is the code that was returned from the initial request for the user to approve the applications access.
I would also like to add that Google has a number of official client libraries that will deal with these calls for you. Using one of those is much easer then trying to understand the Oauth2 flow if you don't need to. If you cant use the library and you are interested in seeing the full Oauth2 flow to google I have a tutorial on it Google 3 legged Oauth2 flow it shows the pure HTTP calls.
I would recommend using Google OAuth Java Client Library from JSR223 Test Elements using Groovy as a programming language, this is the fastest and the easiest way to obtain/refresh OAuth tokens.
See How to Run Performance Tests on OAuth Secured Apps with JMeter article for detailed explanation and an authorization example.
Related
I use self hosted Jira and I'm currently trying to connect to the Jira api using a python script (and the requests library) having 2fa enabled by my organization. I'm not an admin of the project and after creating a personal access token and using it as a Bearer token I only got so far to get a response from the server telling me to put in the OTP to proceed.
I was thinking whether I could possibly pass the OTP as part of the authorization header when making the request to the api but couldn't find any useful hints on how to do that. I have also been looking into OAuth tokens but from my understanding I'm unable to create one since I don't have the option to create an application link within Jira (since I'm not an admin).
Does anyone have an idea on how I could manage to establish the connection to the api?
Any help would be appreciated!!
Cheers,
Liz
Hey #Liz try this project for inspiration - https://github.com/dren79/JiraScripting_public
I built it out on the below examples from the API documentation.
#This code sample uses the 'requests' library:
#http://docs.python-requests.org
import requests
from requests.auth import HTTPBasicAuth
import json
url = "https://your-domain.atlassian.net/rest/api/3/issue/{issueIdOrKey}"
auth = HTTPBasicAuth("email#example.com", "<api_token>")
headers = {
"Accept": "application/json"
}
response = requests.request(
"GET",
url,
headers=headers,
auth=auth
)
print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))
I'm trying to import an xml report to Jira xRay - to a Test Execution item.
The documentation I can find makes reference to client_id and client_secret, which should be generated by Create API key. Create API key only generates one string, a token.
As such I can't figure out how to use just the token to submit the xml report.
For example, this command:
curl -H "Content-Type: application/json" -X POST --data #"cloud_auth.json" https://xray.cloud.getxray.app/api/v2/authenticate
I can't use it, as it needs client_id and client_secret. Also, the endpoint itself returns
Cannot GET /api/v2/authenticate
.
Using this command:
curl -H "Content-Type: text/xml" -X POST -H "Authorization: Bearer $token" --data #"data.xml" https://xray.cloud.getxray.app/api/v1/import/execution/junit?testExecKey=XNP-23
from: https://docs.getxray.app/display/XRAYCLOUD/Import+Execution+Results+-+REST#ImportExecutionResultsREST-JUnitXMLresults
results in "{"error":"Invalid JWT: JsonWebTokenError: jwt malformed"}"
.
Please can anyone help?
first you need to clarify if you're using Xray on Jira server/datacenter or Jira Cloud, because they are different products and have slightly different APIs; besides Jira Cloud and Jira server/datacenter are also different products. To find out, you can ask your Jira admin for example.
If you’re using Xray Cloud, then this is documentation site.
In this case, in order to submit the JUnit XML report you need to make an authencation with a client id and client secret that you obtain on Xray API Keys section. The authentication request is detailed here, and that will return a token that you'll use on the second request.
The second request is an HTTP POST, as described here, and you need to pass the token obtained earlier.
The main REST API documentation site is this one.
If you’re using Xray on Jira server/datacenter, then this is proper documentation site.
In Xray server, the authentication mechanism is provided by Jira itself.
You can either use basic authentication or Personal Access Tokens (if you have Jira >= 8.14). This is detailed on Xray server/datacenter page dedicated to its REST API.
After choosing the authentication mechanism to use, you just need to make a HTTP POST request as detailed here.
There is an open-source GitHub project with some code snippets, both for Xray server/datacenter and cloud, using different test automation report formats and different authentication mechanisms.
I have faced the same error when I tried with postman, I have removed " from generated token from start and end position and passed token to API. That resolved this issue
I'm pretty new to submitting POST requests to API's using API credentials and am looking for an explanation on how it's done in Ruby on Rails.
I'm using the Shipwire API and am trying to POST to /orders.
POST /api/v3/orders HTTP/1.1
Host: api.beta.website.com
Authorization: Basic TG9vayBhdCB0aGF0OyBEdWNrcy4uLm9uIGEgbGFrZSEK
I have an Order object ready but am wondering if anyone could shed some light on this.
Httparty gem will help you make any kind of ReST api requests. You will find lots of tutorials on how to perform basic auth using this gem.
However, before jumping on code directly, i would suggest you to understand the request and response on the sandbox mode using the postman plugin for chrome.
UPDATE: All calls to the API receive the following response:
failed [500] An error has occurred
Weirdly, my auth process (documented here) works perfectly, while all calls to the API (documented here), fail.
The Bigcommerce API is in transition from basic auth to oAuth. The documentation is consequently a little confusing.
I am trying to create a webhook using the new oAuth methodology. The documentation states that I need an oAuth access_token for the relevant store, which I have obtained.
The documentation also includes sample http request data:
{
"scope": "store/order/*",
"headers": {
"X-Custom-Auth-Header": "{secret_auth_password}"
},
"destination": "https://app.example.com/orders",
"is_active": true
}
In this context, I am assuming that {secret_auth_password} refers to the store's access_token. However, when I include the access_token here I get the following error:
failed [401] You are not authorized.
Thinking that this might be a scoping/permission issue, I have given my app the highest possible level of access through the app settings, but this did not work either.
Thanks in advance for any pointers.
Well after a couple of days of serious head-scratching (not to mention hair out-tearing) I worked out that this was all down to an error in my SSL intermediate certificate, which I have now fixed.
It was the old API returning an error of “UNABLE_TO_VERIFY_LEAF_SIGNATURE” that put me on the right track – the new API just returned:
500 – there is an error
or
404 – you are not authorized.
If you are using PHP I would recommend using the the Webhooks pull request combined with the OAuth pull request. They are both working fine together (I personally use them).
Webhooks pull - https://github.com/bigcommerce/bigcommerce-api-php/pull/101
OAuth pull - https://github.com/bigcommerce/bigcommerce-api-php/pull/88
Then to create a webhook you can just call createWebhook($object)
Object needs to include scope and destination.
Also - a side note.. Are you using SSL for the destination address. It won't work otherwise. You can use a self-signed cert to get around this though.
This will only work for setting up the webhooks though.
To actually receive them you need a valid certificate (else you get nothing).
Hope this helps.
I came across this same part of the documentation and was also confused by it. The proper headers to send for webhooks are the following:
"X-Auth-Client":"[YOUR_APPS_CLIENT_ID]",
"X-Auth-Token":"[OAUTH_ACCESS_TOKEN]"
In addition to using the headers that #FlyingL123 suggested, also take note of of the requirements as noted by BigCommerce:
Requirements
The following properties of the webhooks are required. The request
won’t be fulfilled unless these properties are valid.
scope
destination
I'm trying to sign a request with OAuth. I read a lot of articles on it, but I don't know how to actually use it right now.
I have this URL: https://userstream.twitter.com/2/user.json And I want to call it for a certain user. I have an app (with Consumer key en secret) and the API key for the account I want to use. So the only thing left to do is sign it.
I used this page: http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ and got a code block that looked like this one:
GET /photos?size=original&file=vacation.jpg HTTP/1.1
Host: photos.example.net:80
Authorization: OAuth realm="http://photos.example.net/photos",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_token="nnch734d00sl2jdk",
oauth_nonce="kllo9940pd9333jh",
oauth_timestamp="1191242096",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D"
However, cURL does not accept that. How do I construct something that will work with cURL?
Thanks in advance
EDIT: I don't really need cURL, just comething that I can use with C++ on GNU/Linux
When I've curled a Twitter request from the (Windows) command line, and had to add an OAuth authorization header, I've done it like this:
curl -k "https://userstream.twitter.com/2/user.json" --header "Authorization: OAuth realm=""Twitter API"",oauth_consumer_key=""dpf43f3p2l4k3l03"",oauth_token=""nnch734d00sl2jdk"",oauth_nonce=""kllo9940pd9333jh"",oauth_timestamp=""1191242096"",oauth_signature_method=""HMAC-SHA1"",oauth_version=""1.0"",oauth_signature=""tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D"""
Of course, if you're using that Java applet, be sure you've set the time as close to the correct time as possible, specified your OAuth credentials, and set the URL part appropriately before substituting the output values into the command line above.
Method: GET
URI Scheme: https
Host Name: userstream.twitter.com
Port: 443
Request Path: /2/user.json
Parameters: [remove all]
Note in the header output that you must manually change the realm to Twitter API, but all the other output values should be correct.
Additionally, this answer has a good selection of C++ Twitter libraries you could try, although the link to the Twitter documentation that lists is out of date -- here's the latest.