Develop Reference

Bitbucket API - Using access_token

I am trying to get the repo details, of our comany bitbucket cloud.
using the API:
curl --request GET \
--url 'https://api.bitbucket.org/2.0/repositories/{workspace}/{repo_slug}' \
--header 'Authorization: Bearer <access_token>' \
--header 'Accept: application/json'
from
https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-get
the problem is that every key/token I use, I get an error response of
{"type": "error", "error": {"message": "Access token expired."}}
I created an OAuth 2.0 key and secret and tried them both.
--header 'Authorization: Bearer <KEY>'
--header 'Authorization: Bearer <SECRET>'
I also tried App Password :
--header 'Authorization: Bearer <APP PASSWORD>'
also with SSH key:
--header 'Authorization: Bearer <SSH KEY>'
But I get the same error.
Thanks

I suggest that you omit the 'Authorization: Bearer' header completely, and use an app_password instead. In fact, Atlassian recommends the use of app passwords, allowing you to completely bypass the need for an access_token.
See the App passwords section of the Authentication Methods docs page.
Here's how it works. (Notice that the 'Authorization: Bearer' header is absent in these examples.) If your workspace is companyname, your username is prospero , and the app password you created per the Atlassian documentation is a1b2c3d4e5f6g7h8, then you can retrieve the list of repositories in this manner.
Curl:
curl -u prospero:a1b2c3d4e5f6g7h8 https://api.bitbucket.org/2.0/repositories/companyname
Python:
import requests
import json
r = requests.get('https://api.bitbucket.org/2.0/repositories/companyname', auth=('prospero', 'a1b2c3d4e5f6g7h8'))
print(r.text)
print(json.dumps(r.json(), indent=4))
Of course, you will want to use more sophisticated code. These are just quick examples.

ForgeRock - Invalid Token Exchange

I'm using ForgeRock v7.1.0, running in Docker v3.6.0 on MacOS 11.5.2 (Big Sur).
I'm trying to exchange an OAuth 2.0 access token (subject token) I've already retrieved to be an ID Token (with a JWT Payload) and it's giving me an error every time I call it, specifically related I believe to the subject_token_type parameter.
The steps I am following are as follows:
Generate an OAuth2 access token:
curl --location --request POST 'http://am.example.com:8080/am/oauth2/realms/root/access_token' \
--header 'Authorization: Basic c3RldmU6cGFzc3dvcmQ=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=user1' \
--data-urlencode 'password=7fYCi0Frhcq5p3gCXGxJ2B' \
--data-urlencode 'scope=cn'
which returns the following:
{
"access_token": "BS8vVbJ4EEygzdEE3jQH-xsKW9w",
"scope": "cn",
"token_type": "Bearer",
"expires_in": 3599
}
Introspect the token returned to check it's valid:
curl --location --request POST 'http://am.example.com:8080/am/oauth2/realms/root/introspect?token=BS8vVbJ4EEygzdEE3jQH-xsKW9w' \
--header 'Authorization: Basic c3RldmU6cGFzc3dvcmQ='
which returns the following:
{
"active": true,
"scope": "cn",
"realm": "/",
"client_id": "steve",
"user_id": "user1",
"token_type": "Bearer",
"exp": 1629990663,
"sub": "(usr!user1)",
"subname": "user1",
"iss": "http://am.example.com:8080/am/oauth2",
"auth_level": 0,
"authGrantId": "whjnenzHCH96TyaxfuefiOcBfm8",
"auditTrackingId": "4d353b7e-6cd5-4289-884a-39c50396ed0c-116027"
}
Now this is where I get the error, when I try to exchange the token:
curl --location --request POST 'http://am.example.com:8080/am/oauth2/realms/root/access_token' \
--header 'Authorization: Basic c3RldmU6cGFzc3dvcmQ=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:access_token' \
--data-urlencode 'subject_token=BS8vVbJ4EEygzdEE3jQH-xsKW9w' \
--data-urlencode 'scope=cn' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:id_token'
which gives me the error:
{
"error_description": "Invalid token exchange.",
"error": "invalid_request"
}
If I don't specify the subject_token_type it instead gives me the error:
{
"error_description": "Subject token type is required.",
"error": "invalid_request"
}
which leads me to believe either I'm using the wrong type, or something isn't setup properly in my local instance of ForgeRock.
I've looked at the error response possibilities described here: https://backstage.forgerock.com/docs/am/7.1/oauth2-guide/token-exchange-flows.html but it's not that helpful.
Any help gratefully received! Thanks Steve

Doh! Always the way, after posting a question you manage to work it out!
OK, this is what I needed to do:
Navigate to Realm > [RealmName] > Scripts
Modify the "OAuth 2.0 May Act" Groovy script to be something like this (alter as appropriate):
import org.forgerock.json.JsonValue
token.setMayAct(
JsonValue.json(JsonValue.object(
JsonValue.field("client_id", "steve"),
JsonValue.field("sub", "(usr!user1)"))))
Validate and then Save the changes
Navigate to Realm > [RealmName] > Services > OAuth 2.0 Provider
Set the two ".. Token May Act Script" dropdowns at the bottom of the "Core" tab to the newly modified "OAuth2 May Act" script
Regenerate access tokens and repeat the Token Exchange call and it should work OK

I got Google Drive Api: parse error with post request

I want to share a google drive file. I do post request to https://www.googleapis.com/drive/v2/files/[fileid]/permissions
header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]'
header 'Accept: application/json'
header 'Content-Type: application/json'
with body "{
"role": "reader",
"type": "anyone"
}". But I got "code": 400,
"message": "Parse Error". Where is the problem?

watson machine learning api - token refresh 400 error

I've successfully generated a token with the GET /v3/identity/token API. I now want to be able to leverage the PUT API to keep the token active.
I am trying this curl command:
curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '<token-value>' 'https://ibm-watson-ml.mybluemix.net/v3/identity/token' -v -i --basic --user <username>:<password>
I get a 400 error stating:
For request 'PUT /v3/identity/token' [Invalid Json: Unexpected character ('-' (code 45)) in numeric value: expected digit (0-9) to follow minus sign, for valid numeric value at [Source: akka.util.ByteIterator$ByteArrayIterator$$anon$1#18bd12ef; line: 1, column: 3]]
The token returned from the get request has the dash character in it, along with other non-alphnumeric values.
Does the token from the get request need to be parsed? what am I missing?

You need to set your content-type to application/json. But -d sends the Content-Type application/x-www-form-urlencoded, which maybe is not accepted on IBM side.
But, seems like your JSON (token) are in the incorrect format.
The token value needs to be the following format (JSON):
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"
}
And you need to follow the example of sent correctly the format:
curl -H 'Content-Type: application/json' -X PUT \
-d '{"token":"yourToken"}' \
https://ibm-watson-ml.mybluemix.net/v3/identity/token
See the official reference.

curl - request with json object and file to Rails API

I need post file and JSON object to API (Ruby On Rails) by curl in one request.
My request looks like this:
curl --data #file.pdf -H "Accept: application/json" -H "Content-Type: multipart/form-data" -X POST -d '{"document":{"name":"file name"}}' http://localhost:3000/api/documents
But Rails parse it bad. Params on the server:
Parameters: {"{\"document\":{\"name\":\"file name\"}}"=>nil}
Where is problem?

You should pass multipart/form-data (as you specify), not a JSON string. Try this:
-d 'document[name]=file name'
Result on my machine:
Parameters: {"document"=>{"name"=>"file name"}}