Getting a Jira Issue via OAuth Authentication using Postman - oauth

I am trying to GET an issue in Jira using POSTMAN. I have selected Type as OAuth 1.0. For that it is asking me some fields mentioned below. I have generated Token and Token Secret which I am passing to it. I have also configured my generic application to Jira in Application links. I am not aware of what to be passed in Consumer Secret and Signature Method (what should be the signature method). I am currently selecting HMAC-SHA1. For rest of the fields it is generating values based on the parameters passed above.
Consumer Key : hardcoded-consumer
Consumer Secret : ?? (What should I pass here)
Token : ojn33TZALMlvp5eCa6HeErDSx9K8LL6A
Token Secret : inHfn2QFJkkYkWQ8FxT9mXkdcoNxYPf5
Signature Method : HMAC-SHA1
Timestamp : 1474290363 (Generated value)
Nonce : x1hs2v (Generated value)
Version : 1.0 (Generated value)
Realm : (It is optional)
After hitting my jira Url it is giving me oauth_problem=token_rejected error. Can anyone tell me where I am making the mistake?
Here is the Jira URL which I am hitting :
http://bmh1060149:8080/rest/api/2/issue/NWFM-1 (NWFM-1 is the Jira issue)
Please find the below screen shot for more reference.

After little bit of research I found the answer. Once we get the access token we can directly pass that to your Jira Url. There is no need to pass all those parameters.
To get all issue types we can use the following URL and passing access token as an argument.
http://bmh1060149:8080/rest/api/2/issuetype?access_token=euyyIxB6q5waBHeZ9zB7kGV21GRNNOud
Please see the attached screen shot for more reference.

Related

Dynamic variable in Auth Headers - Azure Data Factory

I have a ADF flow where I first retrieve an Oauth 2.0 token which then should be used in an Odata request.
This works perfect if I first extract the token and then hard code it in the auth headers(Bearer xxxxxxxx).
However I want to use a variable which I set earlier in the flow in this value. Like "Bearer [variable]". I have tried with the following: "Bearer #variables('Token')" but it doesnt work. I have double checked and the variable 'Token' is getting the correct token value so this should not be the problem.
enter image description here
So my question is whether it is possible to use variables in the Auth Header section?
I have tried to use "Bearer #variables('Token')" in the Value field for Auth Headers. This doesnt work unfortunately.
I reproduced the same thing in my environment and got this output
Create a web activity and generated a bearer token with a sample URL and Create a parameter variable with the name Token
Create a set variable and use this dynamic content value #activity('Web1').output.data.Token
*Then, I created a copy activity with Additional headers.
As suggested by #Scott Mildenberger*
Authorization: #concat('Bearer ', variables('token'))
Pipeline successfully executed and got the output:

OAuth2 token returned from Office 365 doesn't contain a preffered_username claim

I followed this tutorial and have gotten to the point where I am decoding the returned token, and extracting the email address (which should be stored in the preferred_username property), ie, the following code:
decoded_token = Base64.urlsafe_decode64(encoded_token)
jwt = JSON.parse(decoded_token)
email = jwt['preferred_username']
The problem is that the object returned doesn't contain this property, what I do get back is similar to below:
{
"ver":"2.0",
"iss":"https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
"aud":"0ab6433e-84fc-469b-8c72-41f7a0241a61",
"exp":1458142389,
"iat":1458055989,
"at_hash":"0OYaLKpTTdHNBrQNOqwQ0Q",
"sub":"AAAAAAAAAAAAAAAAAAAAAC1TrOaOmvInYrFAyrQjlFI",
"tid":"9188040d-6c67-4c5b-b112-36a304b66dad"
}
A quick glance at the spec indicates I am getting the correct object back from Office 365, as preferred_username is mentioned as a potential claim, but it isn't in the object I get back.
It's possible I'm not calling the get_token function with the correct parameters, but the documentation for the library is pretty sparse, so I can't really tell.
I have raised an issue on Github.
Is this an error on the Office 365 end, an error with the tutorial, or am I doing something wrong myself?
Answered here by Jason Johnston from Microsoft (author of the tutorial):
The Azure team deployed a breaking change to their v2 auth endpoint, which is causing the preferred_username to not be present. You need to add profile to the SCOPES array in auth_helper.rb. I'll post an update to the tutorial after the Build conference.
The SCOPES array in auth_helper.rb now looks like so:
SCOPES = [ 'openid', 'https://outlook.office.com/mail.read', 'profile' ]
I am try to reproduce this issue using normal HTTP request however I could get the preferred_username property successfully.
As far as I know, we can get this property only when we specific the openid scope in the request. To narrow down this issue, I suggest that you trying use Fiddler or Postman without Ruby.
Here is the test using web browser and Fiddler to get the id token for your reference:
Register the app in the portal using Office 365 account( which you can refer to the tutorial)
Get the auth code in a web broswer via the link below:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={ClientID}&response_type=code&redirect_uri={RedirectURL}&response_mode=query&scope=https%3A%2F%2Foutlook.office.com%2Fmail.read%20https%3A%2F%2Foutlook.office.com%2Fmail.send%20openid&state=12345
Replace the auth code from preview request and using Fiddler to post the request to get the tokens:
POST: https://login.microsoftonline.com/common/oauth2/v2.0/token
grant_type=authorization_code&client_id={ClientID}&scope=https%3A%2F%2Foutlook.office.com%2Fmail.read%20https%3A%2F%2Foutlook.office.com%2Fmail.send%20openid&redirect_uri=http%3A%2F%2Flocalhost%3A55065%2F&client_secret={ClientSecret}&code={AuthCode}
Decode the ID token from the link below:
https://jwt.io/
Then I could get the preferred_username property from the ID token successfully.

linkedin access token generation error

When I try to generate access token using:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=xxxxxxxxxxx&redirect_uri=http%3A%2F%2Fws-100945%3A9080%2FArtisWeb%2Findex.html&client_id=xxxxx&client_secret=xxxxx
it's throwing error as:
{"error_description":"missing required parameters, includes an invalid
parameter value, parameter more than once. : Unable to retrieve access
token : appId or redirect uri does not match authorization code or
authorization code expired","error":"invalid_request"}.
Could you guide me on this issue?
The URL itself looks correct so it must be the code that is expired or reused. Make sure the code is used immediately after you receive it and use it only once.
Also make sure that you URL-encode in fact all parameter values, including client_id and client_secret if/since they may contain URL-unsafe characters like '&' and ' '.

Apigee doesn't seem to support the OAuth 2 specification, is there a reason why?

We're making requests for bearer tokens using client_credentials OAuth 2 grant flow with Apigee. According to the spec:
4.4.2. Access Token Request
The client makes a request to the token endpoint by adding the
following parameters using the "application/x-www-form-urlencoded"
format per Appendix B with a character encoding of UTF-8 in the HTTP
request entity-body:
grant_type
REQUIRED. Value MUST be set to "client_credentials".
If we make a call however we get an error like this:
{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}
It seems that using Apigee we have to send grant_type as a query parameter.
Why is this? We have clients of Apigee that are unable to use OAuth libraries in their language of choice because of the way that Apigee deals with OAuth 2, and it would be good to know if there is by-design or not.
In addition it doesn't seem like it supports grant_type in the post body and sending id and key using basic auth.
Turns out you do not need to send in grant_type as a query parameter. There is a <GrantType> element in your GenerateAccessToken policy that takes in a variable. For instance, I can use the following:
<OAuthV2 name="GenerateAccessToken">
<DisplayName>GenerateAccessToken</DisplayName>
<FaultRules/>
<Properties/>
<!-- This policy generates an OAuth 2.0 access token using the password grant type -->
<Operation>GenerateAccessToken</Operation>
<!-- This is in millseconds -->
<ExpiresIn>1800000</ExpiresIn>
<Attributes/>
<SupportedGrantTypes>
<GrantType>password</GrantType>
</SupportedGrantTypes>
<GenerateResponse enabled="false">
<Format>FORM_PARAM</Format>
</GenerateResponse>
<GrantType>user.grant_type</GrantType>
<UserName>request.header.username</UserName>
<PassWord>request.header.password</PassWord>
</OAuthV2>
In this example, the grant_type is passed in as user.grant_type. But user.grant_type can be anything-- header, query param, form param, or even a hard-coded value. This way, you (the developer) are provided maximum flexibility on how you want to send in the grant_type.
Can you paste the exact API call that you are making (obviously you should obfuscate the key and secret)?
I'd like to understand what you say when you say "Apigee" -- it could mean API BAAS (https://api.usergrid.com) or a proxy that you defined using API services and attached an OAuth 2 policy to, or something else?

Twitter oauth_callback parameter being ignored!

I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com
I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course).
So my request URL looks like this:
http://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fmydomain.com%2Ftwittercallback
Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters.
However, my response comes through as:
oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET
I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful!
Thanks,
A.
I've read the oAuth 1.0a spec, and to
override this callback URL with your
own custom one you have to send the
oauth_callback parameter in the
request_token phase (url-encoded of
course).
So my request URL looks like this:
http://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fmydomain.com%2Ftwittercallback
just because YOU read the spec doesn't mean that TWITTER read it. :P
kidding - this is essentially correct - but the way twitter likes to receive this data is a little different (and not well documented).
the way i've found to get the oauth_callback to confirm is as follows: specify the oauth_callback in the parameters of the request function, NOT within the URL.
python example (using oauth2):
''' Create our client.'''
client = oauth.Client(consumer)
''' do the request '''
resp, content = client.request(request_token_url,"POST",body=urllib.urlencode({'oauth_callback':callbackURL}))
''' note that it's called "body" in this particular OAuth function for Client but in OAuth Request object it's called "parameters." YMMV depending on programming language/ library of course. '''
this is ALSO the only way i've managed to get an oauth verifier back. supposedly one should not have to specify the callback URL every time, since we provide it in app settings...but experience seems to indicate otherwise.
finally, please be aware that at leg 3 you have to do the same thing AGAIN - this time including the oauth_verifier as well as the callback URL in the parameters.
hope this helps - can't begin to tell you how much effort i put into figuring this out.
good luck!
J
I've used this guide to set up my PC to be used as the callback location. Basically you set up your hosts file in a certain way, clear your cache and add a couple of Firefox registry values. At the end when you are debugging an oauth call the redirect comes back to your local PC.
As I said it worked for me.
<?php
// oauth-php example
$token = OAuthRequester::requestRequestToken(
$consumer_key,
$user_id,
array('oauth_callback'=> urlencode($callback_uri))
);
?>

Resources