Is there anyway to Push source code to Bitbucket repo using access token.. If know kindly inform me guys.. Tnanks in advance guys..
I used below format to push the source code but it does not work for me.
git push https://x-token-auth:{access_token}#bitbucket.org
Yes, you can push to a repository using an OAuth 2 Bearer token. Note that this must be a valid OAuth 2 Bearer token. OAuth 1 Access tokens are not supported (as OAuth 1 requires each request to be signed individually).
The incomplete fragment you pasted looks ok, but the lack of output doesn't allow for more insightful feedback on what might be going wrong.
It might be best to contact us at support#bitbucket.org and share more details: the full shell output, the consumer key and where possible all HTTP headers (which you can get Git to dump to stdout using the GIT_CURL_VERBOSE=1 environment variable).
Before you contact us though, make sure you're using OAuth 2 (not 1) and that your bearer token is current (they expire after an hour and must then be refreshed) and that your token has the "repository" scope, which is required to access any repo data (check your OAuth Consumer page for this).
Here's the relevant documentation: https://developer.atlassian.com/bitbucket/concepts/oauth2.html
Yes it is possible to push your src code to BitBucket using accessToken via commandLine.
You can refer the developers BitBucket doc here
Related
Has anyone had to deal with 2 OAuth 2.0 tokens in postman? I am in the process of automating some API calls for testing and have been stuck at a point where I had to make 2 Authorization requests to get a successful response. I have one authorization token at the collection level and other at the request level. However every time I generate a token at the collection level and then when I generate the second token the first one is being overridden? Is there a workaround? I have tried collection variables and variables and all of them seem to be overridden on the second OAuth call.
The gist of the story is you cannot use 2 bearer tokens in a single request. It is not practically possible. Do you use 2 passwords to open your account? No, right. Same is the case with bearer token. Maybe if you tell what you need to achieve using both the tokens someone might be able to help.
I have been trying to setup Jenkins api token so that I can use it tin python codes.
Is there any expiry for the Jenkins api token created via the UI.
There is no time limit set for the expiry of the Jenkins API token. However, the best practice is to keep on changing after a long period change to avoid security risk.
You can find more about Jenkins API token here in this blog
Just wanted to put this out there for anyone having a problem with their token disappearing. The API token does not expire, but it can get wiped out on some Jenkins controllers.
We use CloudBees SDA, and I discovered after many iterations of creating and losing my token that the token has to be generated at the Operations Center level rather than the Client Controller level, because the latter gets synched to the former periodically (at least the way we have it configured).
See here for more information.
I am trying to do a request my Netsuite RESTlet using Alamofire (SWIFT) but I meet several difficulties:
In the documentation it's specify the different parameters needed (see below).
DOCUMENTATION:
An OAuth 1.0 RESTlet authorization header requires the data described in the following table. Some of these values can be obtained from the NetSuite UI. Other values must be calculated. Typically, your integration should include logic to identify these values and generate the finished header. Follow the OAuth 1.0 protocol to create the authorization header.
However in postman I am using extra parameters (consumer Secret and the Token Secret) and it's works if I remove them it doesn't works
To finish when i check the Authorization header generated by postman, I see only the specify parameters in the documentation :
OAuth realm="my realm",oauth_consumer_key="myConsumerKey",oauth_token="myAccessToken",
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1543488570",
oauth_nonce="ERxdLbUfkeh",oauth_version="1.0",oauth_signature="UeqmxAyeUqtPoICLo%2FARsQE8B1E%3D"
If someone can explain me this, I could implement TBA authentification in my Application but for now I need to understand better this authentification.
I also spend a few hours trying to make it work. In my case I wasn't adding the account ID to the realm param. Here a picture of what I ended with:
Here where you can get the account ID:
I hope it helps
The explanation of why the consumer secret and the token secret are needed by Postman to generate the token is shown in SuiteAnswer 42019 - as referenced in the Notes section beside oauth_signature in your screenshot above. From that page:
Sign the result string from step 5 using the consumer secret and token secret concatenated using '&' (For this case, HMAC-SHA1 or HMAC-256).
In other words, Postman uses the secrets to generate the output which authenticates your credentials - you cannot generate the oauth_signature correctly without them.
I ran into a lot of issues with NetSuite broken RESTlet/TBA connections as well. I did build this out in our software to help out customers. You can see the methods I used in the article below.
Using NetSuite TBA by Calling a RESTlet from an HTTP Source or Target
I have built an API in C# ASP.NET 5.
This is current the code library I use to generate and validate OAUTH tokens https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample
The logged in user calls my API (passing the Bearer token in the header) to retrieve their saved notes from my NoteController. In my NoteController I retrieve the userNo from the Auth token claims and retrieve the users notes from the database. If the user's Auth token is invalid then I send them back a HTTP 401.
I have added code in my Startup.cs to enable Authorization:
// Enable the use of an [Authorize("Bearer")] attribute on methods and classes to protect.
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build());
});
My problem: as good as the code library (ASPNETSelfCreatedTokenAuthExample) is, it does not provide an OAuth refresh token mechanism.
I have tried to find a decent library to replace the one I am currently using.
I want a library that uses refresh tokens etc.
I have looked at IdentityServer4 but the examples are just for generating tokens in a dedicated server
I don't quite understand what to do :(
Can someone point me in the right direction please?
Thanks
DONE IT!!! :D
found this amazing blog post
http://capesean.co.za/blog/asp-net-5-jwt-tokens/
It took me a few mins to get his source code to work.
I actually had to use someone's fork of the solution to get it to work
https://github.com/VoronFX/openiddict-test
My steps to get it to work:
1. Download https://github.com/VoronFX/openiddict-test
Next steps are copied from (https://github.com/openiddict/openiddict-core)
run these commands:
set DNX_UNSTABLE_FEED=https://www.myget.org/F/aspnetcidev/
dnvm upgrade -u
Update your project.json to import the OpenIddict package:
"dependencies": {
"OpenIddict": "1.0.0-*"
},
Direction -> If I would have such a task, probably I would get familiar with the official AspNetCore middleware and try to implement my own middleware based on the official OAuth middleware. Have a look here -> https://github.com/aspnet/Security/tree/dev/src/Microsoft.AspNetCore.Authentication.OAuth.
More authentication middlewares: https://github.com/aspnet/Security
Trying to access files in the private repositories of a Github organization of which I am a member, using the API. Tried a couple different ways so far:
1. If I use the username/password method --
curl -u "sashafklein:mypassword" https://api.github.com/repos/:org/:repo/git/trees/:file_sha
it works fine, but I'm trying to access the repos from a collaborative Rails app, so I don't want to publicize my github login credentials. I suppose creating a dummy GH account with access and using those credentials is possible, but it's definitely not ideal..
2. So I looked at the OAuth2 Secret/Key method in the API docs. But it doesn't work. If I curl the org repo url with my credentials as params in the url:
curl -i "https://api.github.com/orgs/:org/repos?private&client_id=<ID>&client_secret=<SECRET>"
Only the public repos show up. This may be a problem with how I'm passing params (passing "?private=true" should theoretically then return an empty list, but the list is identical and all public repos), but I'm following the docs.
3. So I got frustrated and took a look at these docs for getting a OAuth token, but I'm confused about how to alter it so that there's no user interface -- ie, so that my app has automatic access to the Github Orgs of which I am a member, without users of it having to do anything in particular.
Any ideas what I'm doing wrong with attempt 2, or how to get attempt 3 working automatically? I'm pretty stumped.
EDIT I think my client_id/secret are wrong, cause even when I use Octokit, it can't access the protected repos. Am I understanding this wrong? As me, I created an "Application" on Github for my Rails app, and I'm trying to use those credentials to access the org's private repos (to which I am a contributor) using the API.
In case anyone runs into this problem, here's the solution I found.
Apparently the client credentials I had weren't working. I think I didn't quite understand what they're for. The easiest way I could get this to work (ie, get permission for my rails app to access a private repo of which I was a member) was to use the username:password method (1, above).
So that my personal github credentials wouldn't be available to everyone using the app, I created a new dummy github account with access that serves exclusively as an api credentializer.
I am using Octokit with C# and encountered the same issue. After some investigation I found out it was a problem with my token permissions.
Token have scopes (https://developer.github.com/v3/oauth/#scopes) so to access private repositories you need 'repo' instead of 'public_repo' which I think was default.
This can be easily changed from Settings > Personal Access tokens > edit