I am working on a service which requires authentication.
I would like to base the authentication on my Redmine and grant access to registered users which are members in a private project.
The membership I have figured out:
curl -v -u account:secret \
https://myredmine/projects/private/memberships.json
But how to find out if a user can authenticate?
Use /users/current.json:
curl -v -u account:secret \
https://myredmine/users/current.json
It will return 401 if the user fails to login.
Add ?include=memberships to the URL to retrieve a list of associated projects.
I don't think it will work with OpenID though.
Use the built-in API. You can enable it for each user, once you get the key:
// Pseudo-code
api_key = '65454ftfg53543f34g34f23g'
url = "http://www.myredminesite.com/projects/my_project/issues.json?key=" + api_key
You can enable the API key if you log in and click on "My Account", then on the right should be your API access key.project.
There where some issues with older version I think. I run Redmine 2.1.2.stable and that works great.
Related
I want to look up some review comments on Gerrit via the REST API.
I tried a few methods, including Gerrit's official documentation, and nothing changed the fact that I was an anonymous user. The authentication configuration in the gerrit.config is as follow:
[auth]
type = LDAP
gitBasicAuthPolicy = LDAP
I'm calling rest api by curl
$ curl --digest --user LDAP_user:LDAP_password \
https://gerrit.example.com/a/path/to/api
It does not work.
Digest authentication was removed from Gerrit in release 2.14. Remove the "--digest" parameter and the "curl" command will work.
More info in Gerrit 2.14 release notes here.
HTTP_PASSWORD maybe the answer which can be found in account settings.
And then
curl -u USR_NAME:HTTP_PASSWORD https://gerrit.XX.com/a/path/to/api
What's your Gerrit version?
2.14 and newer require basic auth, as already mentioned by Marcelo (maybe you have to explicitly give --basic ).
2.13 and older use digest; you will also be interested in this post if you are using versions that old.
I have used WSO2 Identity server 5.2.0 to implement oauth2 authorized flow. I have implemented it successfully. I got access token, but when I tried to fetch user information from WSO2 IS with following command:
curl -X GET -H "Authorization: Bearer 5e122a0e7276cd4f245e1be238002aa4" -H "Cache-Control: no-cache" -H "Postman-Token: 77faba9b-6a2e-d8ba-a3f6-25ff0da69979" "https://localhost:9443/oauth2/userinfo?schema=openid"
gives response:
{"sub":"admin#carbon.super"}
But I need email, first name, last name, role, mobile no etc.
have done configuration suggested in : https://docs.wso2.com/display/IS500/Configuring+OpenID+Connect+Authorization+Server
I followed: https://wso2.org/jira/browse/IDENTITY-4250
with https://github.com/wso2/carbon-identity/pull/1688/
but I don`t understand how to use that build solution after building https://github.com/wso2/carbon-identity project.
I have tried with WSO2 Identity server 5.1.0 also but got same response
Please give any suggetion. Thanks in advance.
IS 5.2.0 used WSO2 carbon oauth v5.1.3 features. So what you have to do is
Checkout the source for that component tag from here.
Apply the fix mentioned in the ticket on top of that tag.
Build the source with maven and get the oauth.war file.
Then replace the "repository/deployment/server/webapps/oauth.war" with the new one.
Remove the "repository/deployment/server/webapps/oauth2" directory.
Just for the safe side, back up the existing ones before you delete.
I've been looking at https://github.com/rfdickerson/watson-translation-demo which attempts to show how to do authentication using Facebook OAuth on iOS and with a NodeJS Backend.
The iOS code is straightforward :
let token: String = FBSDKAccessToken.currentAccessToken().tokenString
let fbAccess = FacebookAuthenticationStrategy(
tokenURL: "https://watsonsdkdemo.mybluemix.net/language-translation-service/api/v1/token",
fbToken: token)
translateService = LanguageTranslation(authStrategy: fbAccess)
The problem is that the server/app.js has
var creds = appEnv.getServiceCreds(/facebook-authentication/) || {}
and the manifest.yml has
- services:
- facebook-authentication
But when you cf push the scripts to your Bluemix account you get:
FAILED
Could not find service facebook-authentication to bind to xxxxxxx
The problem is nowhere does the author describe what the 'facebook-authentication" service is.
In the server deployment instructions they have
$ cf login
$ cf create-service speech_to_text standard speech-to-text-service
$ cf create-service text_to_speech standard text-to-speech-service
$ cf create-service language_translation standard language-translation-service
$ cf env
$ cd server
$ cf push
Nothing stating what the facebook-authentication service is.
I apologize that the instructions are incomplete. facebook-authentication is supposed to be a user-provided service. You can create it using the cf create-user-provided-service command:
cf create-user-provided-service facebook-authentication -p "APP_SECRET_GOES_HERE"
The idea is that when you register a Facebook application, they give you an App Secret. Since that secret should not be embedded in the source code, you can set it in the environment variables VCAP by creating a custom service that provides that information for you.
Note, I did not finish actually using the app secret to check the legitimacy of the credentials. Although this is a small security vulnerability for man-in-the-middle-attacks, the facebook token checking still works because in the Facebook App settings I made it so that using the App secret is not required. For now, just create the user service and set the value to anything you would like.
Hope this helps!
I'd like to access Google Cloud Storage from my scripts, and I need to automate authentication. By default, gsutil config asks to open a link and type in generated code, and then it writes OAuth token into .boto file.
Google Cloud also supports creating OAuth 2.0 client IDs in "Credentials" page, but I cannot make sense how to plug those credentials (client_id and client_secret) into my .boto file:
{"installed":{"client_id":"677005197220-eim3l5of3m16225qr0m9vquocj6mugt4.apps.googleusercontent.com","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"pFghf5URxxxBFVRsQ1elWbbZ","redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]}}
(Please don't try to use it, as I slightly modified the codes)
I plugged them in .boto file in this way:
[OAuth2]
client_id
="677005197220-eim3l5of3m16225qr0m9vquocj6mugt4.apps.googleusercontent.com"
client_secret ="pFghf5URxxxBFVRsQ1elWbbZ" provider_label = Google
provider_authorization_uri = https://accounts.google.com/o/oauth2/auth
provider_token_uri = https://accounts.google.com/o/oauth2/token
This is how gsutil is failing:
# gsutil ls gs://mybucket/
You are attempting to access protected data with no configured
credentials. Please visit https://cloud.google.com/console#/project
and sign up for an account, and then run the "gsutil config" command
to configure gsutil to use these credentials.
If I run gsutil config I can configure credentials and then it works, but I need to use my client ID and client secret.
Can someone please suggest how to make gsutil work with .boto with client_id and client_secret? Thanks
Here is how you can create a .boto file with access key ID and secret access key.
gsutil config -a
The above commmand will generate a .boto file that you can then use as a sample that you are after.
I am very new to WSO2 and am still evaluating it - mostly through Fiddler. It is my understanding that I should be able to obtain an OAuth token by calling WSO2's Login API. I have attempted various URLs (in Fiddler) along the lines of:
// Based off a blog post : http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html
http://localhost:8280/login?grant_type=password&username=admin&password=admin&scope=PRODUCTION
Authorization: Basic cFNET0lab1RnMHRBODRCWmQ4bTRBbnp1c0RZYTpZREIzZzh3RXhQOV92ZTdZX1drYVhieWx5ZlVh
When I execute the above URL, I receive (403) No matching resource found in the API for the given request.
I can use the the "Access Token" (via the Bearer tag) and the APIs work. I just can't figure out how to obtain the OAuth token for actual runtime use.
Any pointers/ideas?
--- Thanks, Jeff
Setup Identity Server [domain:9443]
Create OAuth2 application, and get client id + consumer key
Get Base64 encoded of clientId:consumerKey - replace this for Authorization Basic xxxxx
Replace the REST endpoint for token generation - This you should get in oauth application on management console [in our case https://domain:9443/oauth2/token]
And below curl command should give you the response
curl -k -d "grant_type=password&username=sasikumar#domain.com&password=xxxx1234" -H "Authorization" -H "Authorization: Basic X2dhWllidkN6TDNQY2ZqSmVBQ1lsNlg2SFdRYTpSQVlSMmxOZzQ0enU5ZXVGSDRDVXdOUWRudlVh, Content-type=application/x-www-form-urlencoded" https://domain:9443/oauth2/token
You can directly access OAuth2 REST web service to access the token.Here is how you can access token using curl
curl --user ConsumerKey:ConsumerSecret -k -d "grant_type=password&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token
Below is an example using cURL tool available in linux by default ( you can install cURL for windows explictly)
curl -v 4 -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=&password=&client_id=&client_secret=" https://:9443/oauth2/token
to obtain the client_secret & client_id you have to register a app in wso2is.
There are free tools available to construct the above request or directly use the above parameters and to get the token.
Setup Identity Server [domain:9443]
Create OAuth2 application, and get client id , consumer key and url.
Process post request by using 'poster' with bellow details ,
URL :- which get from oauth application
Content Type :- application/x-www-form-urlencoded
body:- grant_type=password&username=your username&password=your password&client_id=your client id&client_secret=your client secret