I am trying to reproduce the oauth server provided here:
https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v
The curl call for testing this basic server should be:
curl acme:acmesecret#localhost:9999/uaa/oauth/token \
-d grant_type=authorization_code -d client_id=acme \
-d redirect_uri=http://example.com -d code=jYWioI
Though I keep getting the following error:
Invalid authorization code: jYWioI
Where is this authorization code to be configured in the authorization server?
You need to generate a new authorization code!
You can do it using the grant type authorization_code or password
Using the authorization_code:
Open your browser and to visit the authorization endpoint
http://localhost:9999/uaa/oauth/authorize?response_type=code&client_id=acme&redirect_uri=http://example.com
After the login process (login: user password: password), you will be redirected to
http://example.com/?code=CODE <-- this is the code that you should use in the next request
now you get the token:
curl acme:acmesecret#localhost:9999/uaa/oauth/token -d grant_type=authorization_code -d client_id=acme -d redirect_uri=http://example.com -d code=CODE
response: {"access_token":"eyJhbGciOiJS....."}
Using the password grantType:
curl acme:acmesecret#localhost:9999/uaa/oauth/token -d grant_type=password -d username=user -d password=password
response: {"access_token":"eyJhbGciOiJS....."}
I recommend you to read more about oauth grantTypes, to know what's is better for your solution
https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified
Related
I can't manage to push an image to a private registry using the docker API. I have read everything I found everywhere and tried everything with no luck...
I tried :
curl -X POST -H "X-Registry-Auth:XXXXXXXXXXXXXXX" http://dockerapiurl:2375/images/registryurl/python/push?tag=6
OR
curl -X POST -H 'X-Registry-Auth:{"username": "xxxxxx","password": "xxxxx", "serveraddress": "xxxx.url.net", "auth": ""}' http://dockerapiurl:2375/images/registryurl/python/push?tag=6
I always get the same error :
{"errorDetail":{"message":"errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"},"error":"errors:\ndenied: requested access to the resource is denied\nunauthorized: authentication required\n"}
If I use docker push in CLI mode everything works, what am I doing wrong?
Thanks!!
it needs to be encoded in base 64, try this
XRA=`echo "{ \"username\": \"xxxxxx\", \"password\": \"xxxxxx\", \"email\": \"youmail#example.org\", \"serveraddress\": \"xxxxxx\" }" | base64 --wrap=0`
curl -X POST -d "" -H "X-Registry-Auth: $XRA" http://dockerapiurl:2375/images/registryurl/python/push?tag=6
end result should look like this
curl -X POST -d "" -H "X-Registry-Auth: eyAidXNlcm5hbWUiOiAieHh4eHh4IiwgInBhc3N3b3JkIjogInh4eHh4eCIsICJlbWFpbCI6ICJ5b3VtYWlsQGV4YW1wbGUub3JnIiB9Cg==" http://dockerapiurl:2375/images/registryurl/python/push?tag=6
I just following the Google-speech-to-text API examples..
reading quickstart guide.
but it has some trouble...
just curl command in this.
I just tried to change the Credential keys ..
but still not working .
just using windows and powershell.
curl -s -H "Content-Type:application/json" -H "Authorization:Bearer "$(gcloud auth application-default print-access-token)
https://speech.googleapis.com/v1/speech:recognize -d #sync-request.json
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
I am trying to call my F5 Big IP REST API to update some VIP configurations, for example I want to update the VIP description using this command:
curl -s -k --tlsv1.2 -u admin:password -H "Content-Type: application/json" -X PUT https://ManagmentIP/mgmt/tm/ltm/virtual/~MyPool~MyVIP_887 {"description":"THIS IS JUST A TEST"}
I am getting this error:
{"code":400,"message":"0107028c:3: The source (::%10) and destination (10.62.185.3%10) addresses for virtual server (/MyPool/MyVIP_887) must be be the same type (IPv4 or IPv6).","errorStack":[],"apiError":3}
My F5 Big IP version: BIG-IP 12.1.3 Build 0.0.378 Final
Am I missing something?
The answer is taken from F5 DevCentral:
You have to use -d 'data' = The JSON data to send. Note that you need to quote the entire json blob, and each "name":"value" pairs must be quoted. When you have nested quotes, make sure you escape () them.
Refer the cookbook if it helps.
So something like,
curl -sku admin -H "Content-Type: application/json" -X PATCH
https:///mgmt/tm/ltm/virtual/ -d
'{"description": "Hello World!"}'
I have a Spring Boot application with this configuration:
server:
port: 9292
keycloak:
auth-server-url: http://localhost:8180/auth
realm: SampleRealm
resource: non-existing
public-client: false
principal-attribute: preferred_username
credentials:
secret: wrong-secret
bearer-only: true
I get an access token using another valid client (cli1, secret1):
curl -X POST \
-H "Authorization: Basic c2ItYXBwOmEyY2ViZmI2LTBjMzgtNDNiNS1hMDAwLThhYmUzYjU5YjJiMQ==" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d 'username=someuser&password=somepassword&grant_type=password' \
"http://localhost:8180/auth/realms/SampleRealm/protocol/openid-connect/token"
Now I use that bearer token to invoke my Spring Boot Service:
curl -X GET \
http://localhost:9292/me \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJPVE5xWF9jYWRXbEc1dGZYRmJVdEJ2V25hb2NTTGhuSm9LWndpOGxkYjZZIn0.eyJqdGkiOiI5ZTdlMjRmZC1lZDZmLTQzZTItYTFjZC1iMjlkMWRkN2I5ZWUiLCJleHAiOjE1MTk2NjQwODMsIm5iZiI6MCwiaWF0IjoxNTE5NjYzNzgzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvU2FtcGxlUmVhbG0iLCJhdWQiOiJzYi1hcHAiLCJzdWIiOiIyNTFlZjNhNS1iNTRkLTQ4MmMtYTAzZS0wN2MzN2M0OGE5ZWIiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJzYi1hcHAiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJlNjdjMDBiYy0zODUxLTQ4ZjYtYTIxZi1hNDVhOGI0NGQyOGMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIiwidXNlciJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJKb3NlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFpbmlnbyIsImdpdmVuX25hbWUiOiJKb3NlIiwiZW1haWwiOiJqYWluaWdvQHByb2ZpbGUuZXMifQ.bkMPSEvUHnVr5QoCsldKcFjKw3E_3Rhdu_SJ6LbgUehysAsLuG6pyjAQ4uqShTKphuXjOUf3E1eFMlttKSxZstCqP7iRU-OyHueGZ-_zGNx1ycvDBWSxCSmQufu9cx_dmnYW4NR9u5sSsZ052eDX0T0VgCvxeTtLJCsoH741SmJIVUvzrkPagKF_M_INVBQ3qaOds74o088qJy4GVJ8eZGqgsW9YOW6nNLV6kERwLAD9WZJoEARCdTBuGARTVJZuJ0lYVI0-jI0wN88T1G3vX3DZS0HIAROmgIait89PZ5wyfOu9u6ohTyFsi3uHV6uSJcN7x7t51snnBpr9KSSMMQ' \
-H 'Cache-Control: no-cache'
The Spring Boot App is correctly invoking the secured endpoint but it shouldn't be allowed to because the resource (non-existing) and secret (wrong-secret) don't actually exist, they haven't even been configured in KeyCloak!!! Why is this working? Shouldn't the client have its client-id client-secret validated?
o.k.a.BearerTokenRequestAuthenticator : Verifying access_token
o.k.a.BearerTokenRequestAuthenticator : access_token: xxxxxxxxxx.signature
o.k.a.rotation.JWKPublicKeyLocator : Going to send request to retrieve new set of realm public keys for client non-existing
o.k.a.rotation.JWKPublicKeyLocator : Realm public keys successfully retrieved for client non-existing. New kids: [OTNqX_cadWlG5tfXFbUtBvWnaocSLhnJoKZwi8ldb6Y]
o.k.a.BearerTokenRequestAuthenticator : successful authorized
Realm public keys successfully retrieved for client non-existing What??? non-existing client doesn't exist!!
I created BOX app user access token for a user which will get expire after 60 minutes using JWT/OAuth2. I then created new access token for the same user within 60 minutes. How can I force the old access token to expire? Otherwise both access tokens are valid.
You can revoke a Box API access token using the Revoke endpoint. Here is a cURL example:
curl https://api.box.com/oauth2/revoke \
-d 'client_id=MY_CLIENT_ID' \
-d 'client_secret=MY_CLIENT_SECRET' \
-d 'token=MY_TOKEN' \
-X POST