I am basically trying to implement a User authentication system that POSTs information to an API/Web Service to cross-reference credentials, therefore rejecting them or allowing them to login.
I am not sure if I understand how this whole system works exactly, but I have been researching a lot on Authentication using Devise and APIs, and do not understand how none of the examples refer to the actual URI of the API at all.
For example, when I first began this process, I made sure to be able to connect to the web service through cURL:
curl -H "Content-Type: application/json" -d '{"RuntimeEnvironment":1,"Email":"someone#example.com","Password":"Pa$$worD"}' -X POST http://blahblah/WebService/AuthenticateLogin
However in every single blog post / tutorial / guide / StackOverflow question I have been on, literally none of them specifically refer to the http://blahblah/WebService/AuthenticateLogin as I did in my cURL request.
Am I searching for the wrong thing?
Or is it actually there and I'm just not understanding?
Also how do tokens factor into this scenario?
The web service I am using does not require/return a token.
Related
I'm trying to import an xml report to Jira xRay - to a Test Execution item.
The documentation I can find makes reference to client_id and client_secret, which should be generated by Create API key. Create API key only generates one string, a token.
As such I can't figure out how to use just the token to submit the xml report.
For example, this command:
curl -H "Content-Type: application/json" -X POST --data #"cloud_auth.json" https://xray.cloud.getxray.app/api/v2/authenticate
I can't use it, as it needs client_id and client_secret. Also, the endpoint itself returns
Cannot GET /api/v2/authenticate
.
Using this command:
curl -H "Content-Type: text/xml" -X POST -H "Authorization: Bearer $token" --data #"data.xml" https://xray.cloud.getxray.app/api/v1/import/execution/junit?testExecKey=XNP-23
from: https://docs.getxray.app/display/XRAYCLOUD/Import+Execution+Results+-+REST#ImportExecutionResultsREST-JUnitXMLresults
results in "{"error":"Invalid JWT: JsonWebTokenError: jwt malformed"}"
.
Please can anyone help?
first you need to clarify if you're using Xray on Jira server/datacenter or Jira Cloud, because they are different products and have slightly different APIs; besides Jira Cloud and Jira server/datacenter are also different products. To find out, you can ask your Jira admin for example.
If you’re using Xray Cloud, then this is documentation site.
In this case, in order to submit the JUnit XML report you need to make an authencation with a client id and client secret that you obtain on Xray API Keys section. The authentication request is detailed here, and that will return a token that you'll use on the second request.
The second request is an HTTP POST, as described here, and you need to pass the token obtained earlier.
The main REST API documentation site is this one.
If you’re using Xray on Jira server/datacenter, then this is proper documentation site.
In Xray server, the authentication mechanism is provided by Jira itself.
You can either use basic authentication or Personal Access Tokens (if you have Jira >= 8.14). This is detailed on Xray server/datacenter page dedicated to its REST API.
After choosing the authentication mechanism to use, you just need to make a HTTP POST request as detailed here.
There is an open-source GitHub project with some code snippets, both for Xray server/datacenter and cloud, using different test automation report formats and different authentication mechanisms.
I have faced the same error when I tried with postman, I have removed " from generated token from start and end position and passed token to API. That resolved this issue
I am able to generate an oauth2 access token (from a refresh token), which I believe should give me the ability to access the youtube data api functionally to delete/upload content.
Using python and the youtube api I need to delete and upload a (new) video to youtube periodically, say hourly.
All google python samples I've found seem to call the "DENY/ALLOW" screen which requires a copy/paste back in the calling app.
I can do this occasionally but otherwise want the process to be automated. I've read about service accounts which, which according to the linked post, are not supported by the youtube api. Offline access et.al. is also mentioned but in somewhat abstract terms i.e. no concrete python examples (that I have yet found). Another source mentioned an http get like below:
"GET access_token=ya29.GlxBBS89....ast987&part=snippet&mine=true"
but the following in python doesn't seem to work returning "response [400]" (bad request)
url = 'https://www.googleapis.com/youtube/v3/channels'
args = 'access_token: ' + token var + ', part: snippet, mine: true'
get_token = requests.get(url, data = args)
I have used Can we use google youtube data api without OAuth (and others) to get to this stage but need clarification for the next step.
**********************************Update*********************************
I have found that I can only generate access tokens for clients credentials configured as web apps. I am writing a desktop app so I may be barking up the wrong tree.
Or learning Django...
I found examples at https://developers.google.com/youtube/v3/guides/auth/installed-apps that helped.
curl -H "Authorization: Bearer <access_token>" https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true
curl https://www.googleapis.com/youtube/v3/channels?access_token=<access_token>&part=snippet&mine=true
The curl samples especially provided confirmation that I'm reaching the endpoint and returned helpful debugging info. They have exposed other issues which I'll ask in another question.
In my Swift app, I am going to be using Vungle for incentivized ads. The way this works is that the Vungle Servers will ping any URL that I give them. For example:
myapp.firebase.com/db_location/section/user_id/?value=123
I have looked around lots of websites and now my head hurts as I cannot seem to find a solution. Is there a way to insert into my Firebase database (securely, without write all access) request that is sent via a URL?
This would be similar I assume to the API Gateway that AWS supplies.
Looking for advice, pointers/tutorials etc.
You can use Firebase REST API which allows you to insert into your database using POST requests.
An example using curl from the documentation:
curl -X POST -d '{"user_id" : "jack", "text" : "Ahoy!"}' \
'https://samplechat.firebaseio-demo.com/message_list.json'
I am trying to understand how Google authentication works with OAuth 2.0. They give some examples at this link.
I am having trouble with one of the first steps. I can execute this http request in a browser:
https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token
and that works fine.
When I try to convert it to a curl GET operation,
curl https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token
I get a response that tells me there is an OAuth 2.0 error: invalid_request.
Converting it to a POST, I can't get this operation to work.
curl http://accounts.google.com/o/oauth2/auth -d “scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token”
The response is that the document has moved.
If I try this, I get similar results.
curl http://accounts.google.com/o/oauth2/auth -data-urlencode “scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token”
I have never used curl or OAuth in my code before, so I want to understand some of these basics. Can someone tell me what is wrong with my GET and POST ?
I don't have a sure answer for you, but I was working on something similar for Instagram and one thing that stumped me for a while was that my redirect URL looked to be the same as Instagram expected, but I kept getting errors.
Like you, when I 'hand coded' the redirect URL, I got the result I expected, but my automated calls to the authentication URL failed. It turned out my ampersands were a url encoded which Instagram compared to the redirect URL and saw they were not identical. I'm not sure if that will get you closer to an answer, but I thought I'd share my experience since your question reminds me of the situation I was in. Good luck.
I'm using commandline curl to do a POST via a proxy but my form data is vanishing to zero content length. Any ideas what I'm doing wrong?
Here's my command line (uses a public test form so others can try it):
curl -v --proxy-ntlm --proxy proxyserver:proxyport --proxy-user : -d "fname=a&lname=b" http://www.snee.com/xml/crud/posttest.cgi
-v = verbose
next few arguments get us through the proxy using windows authentication
-d = should do a post with the given arguments
However, both the response and the verbose print out suggest the form content is vanishing. The curl prints "Content-Length: 0" and the returned html has both arguments missing and a content length of 0.
The bug doesn't seem to be in the proxy server as curl admits it is sending a content length of 0. Does anyone know a solution to this problem? Has anyone else seen it?
Update: this person appears to have the same bug, but no solution suggested, apart from not using ntlm which I have to
Update 2: This definitely only happens with NTLM authentication, I've tried an alternative authentication method which works. Also, using -F instead of -d (for binary form data) fails in the same way.
Update 3 (workaround): I've had a bit of discussion on the curl-users list about this. A workaround was provided which is to use --proxy-anyauth instead of --proxy-ntlm. I'm still investigating the problem but this workarounf works for me.
NTLM is a challenge-response protocol. When you indicate that you're going to use NTLM, a client will first send a request without the body (to avoid wasting the bandwidth of sending the body only to have it rejected by the HTTP/401 challenge from the server). Only once the Challenge/Response protocol is complete will the body actually be posted.
This causes a number of problems in cases where the client expects NTLM but the proxy or server has no idea (and thus acts on the 0-byte POST, never challenging the client).
I was having this problem making a request using HTTP digest. Eric is correct, curl is trying to be clever and not post any data because it knows it will have to make the request again after it receives the challenge from the server.
It turns out if you provide the --anyauth option (which asks curl to autodetect the authentication method), the initial request will include all the POST data, and (in my case) the server responded as expected.