I am accessing the SonarQube API through API key as described in https://docs.sonarqube.org/latest/extension-guide/web-api/
A call to /api/components/search_projects works.
A call to /api/project_analyses/search?project=PJ fails with http error code 403
If I log into the web interface with that user, I can browse the statistics. In fact Chromes F12 debug shows that it's calling the same api function /api/project_analyses/search yet with session cookie, xrfs-token etc. and the call succeeds.
What am I missing to be able to retrieve project statistics through the API?
The token used is created by the user which has sufficient permission for the project PJ
You need to check the permission and generate new token accordingly.
Related
I tried to use below mixpanel API for fetching event data.
Link
But I am facing a below 403 forbidden error.
{
"request": "/api/2.0/events",
"error": "You do not have the required scope(s) for this request"
}
It seems to be like some permission is missing for accessing the API. But I can't able to find out where to set this scope
Please help me how to get rid of this error
We've found success with the schema if you generate a Service Account from the Organization/Project Settings and use those credentials when authorizing the request.
To do this, go to your Organization Settings, click "+ Service Account" and use the credentials that are generated in the request you submit.
I am following this guide (https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread) in order to access Skype for Business. Everything goes fine till the last part but let's do step by step. I am building my .net console application to do this but in order to explain you properly the problem I am having I will show you directly the http calls through Insomnia (software used to make http calls).
Step 1:
GET request towards https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root
I hit 200 and as answer I receive this:
Step 2:
I use the user link.
So I send an http request to https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user and I get a 401 Unauthorized (everything still correct).
In the header of the answer it points me to the Identity Provider to ask for authorization (authorization_uri)
Step 3: I use that link to authorize my app, which has its own client_Id (that I hide in the following screenshot).
This is how I compose the call:
If I send this http request I get redirected to the page where it asks my personal login and by inserting my credentials I succesfully login and hit 404, where in the answer I receive back my access token.
Step 5: I use the access token towards the same AutodiscoverService link of step 1. This is to register my application. I hit 200 and I receive back the link to access Skype for Business.
Finally (and this is where things go wrong) I send a POST request towards the applications link with the Bearer token, and I receive a 403 Forbidden. I think I am following correctly the guide but I can't figure out why I can access the resource at the last step.
EDIT:
The permissions are granted. I hide the name since it contains the name of my company. But it is the same of the domain of my login.
So the token you generated authorizes you to access resources at https://webdir1e.online.lync.com which you've done to fetch a new set of resources including the "application" resouce which is on a DIFFERENT host: https://webpooldb41e14.infra.lync.com.
You actually have to get another OAuth token now which authorizes you for the application resource and then you can POST to that to generate your session in UCWA.
As a side note... If you've defined your own single-tenant application in Azure that has been granted rights to SkypeForBusinessOnline then I think you should be targeting authorization and authentication endpoints of the form:
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token
Also I should add, if you're trying to write a trusted secure client that users in your company will use I would suggest looking up the Resource Owner Password Credentials auth flow. It allows you to directly hit the token endpoint I mentioned above and exchange username/password credentials for an access token. Then you can manage auto-discovery and application creation easily under the hood without getting re-directed back and forth to Azure.
https://learn.microsoft.com/mt-mt/azure/active-directory/develop/v2-oauth-ropc
I have an application that uses OAuth 2 to access Gmail. This is working fine for most users. For some users, however, my application fails at the point of trying to read the Gmail labels, with http error 403 (forbidden). Keep in mind that previous to this API call, I have accessed the user profile successfully. Here is the call that fails:
GET /gmail/v1/users/user.name#domain.com/labels?access_token=ya29.fwI_zL1rF3xOIQcHNzpBhmjVlJhRpofkh4a9mVvwhYRo6H09qX5RNKv76zKT7e6-sEZr
I am requesting the following scopes when getting the access token, and the user has logged in to Google and accepted the request for access (and I can see this when we look at his security dashboard):
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/userinfo.profile
https://www.google.com/m8/feeds
https://www.googleapis.com/auth/tasks
https://www.googleapis.com/auth/gmail.labels
https://mail.google.com/
Note that I just added the gmail.labels scope in at attempt to fix this.
Again, this code is working fine for most users - why do some users fail the label request?
Use the shorthand value me instead of user.name#domain.com and the user who the access token belongs to will be used automatically.
I use a Google service account to access users of an organization using directory API and then use drive API to perform certain file operations on users.
It works fine for few users and for others, the drive API call is returning the following error when trying to list the user's files (For that matter any drive API call on that user is returning the same error).
https://www.googleapis.com/drive/v2/files?alt=json&maxResults=1000 returned "Invalid Credentials">
Quoting from this this documentation about 401 error,
"Invalid authorization header. The access token you're using is either expired or invalid. Suggested action: Refresh the access token using the long-lived refresh token."
I have a valid access token which is not expired. And the user for which this error message seen is not suspended either.
Are there any other reasons as to why Google sends this error?
I am using version 5.1 of Pentaho DI (Kettle) and am having an issue with the "Rest Client" step. The step executes properly and successfully, but the result says I do not have permission to use the API. I have confirmed in another tool that I do have permission. I have entered my login information on the Authentication tab and have built my URL to include my token.
What am I missing?
ADDITIONAL INFO: I am having the same issue with the "HTTP Post" step. The status being returned from the API is 403.
403 is "Forbidden". Check that you have the correct credentials to access the webservice. The request went through and the server rejected sending the response because username/password are not correct or otherwise the user does not have permissions for that request. Can you see the response correctly in a browser when you enter EXACTLY the same credentials? To avoid active browser sessions masking the real issue I'd test it on incognito/private browsing mode on the browser.