Try to use https://pypi.org/project/chalice-cognito-auth/
I was able to get a json response like:
{"id_token":"eyJra...sda",
"refresh_token":"eyJjd...",
"access_token":"eyJraWQiO...",
"token_type":"Bearer"}
But when I try to use it like
curl -H "Authorization: id_token value ..." http://127.0.0.1:8000/whoami
It replied
{
"Message": "User is not authorized to access this resource"
}
Try this, curl -H "Authorization: Bearer id_token" http://127.0.0.1:8000/whoami
i.e., you missed the Bearer keyword.
Related
I have used postman with this curl request
curl -X GET 'https://api.linkedin.com/v2/ugcPosts?q=authors&authors=List({urn:li:organization:77ilp7ense0pbf})&sortBy=LAST_MODIFIED' \
-H 'X-Restli-Protocol-Version: 2.0.0' \
-H 'Authorization: Bearer {AQXONiuOuqTCGgEeH3NJBA9b7A8NPbdS5nFjp7nAxUUBnmVmo53UzamJDksan3WSduiUE6u39J9PJNtRVvLhn}'
I have added {urn:li:organization:77ilp7ense0pbf}, "77ilp7ense0pbf" is my client ID.
I have added 'Authorization: Bearer {AQXONiuOuqTCGgEeH3NJBA9b7A8NPbdS5nFjp7nAxUUBnmVmo53UzamJDksan3WSduiUE6u39J9PJNtRVvLhn}' as my access token.
But still i am getting this error
{
"serviceErrorCode": 65600,
"message": "Invalid access token",
"status": 401
}
Is there anything i missed here ? Or any configuration is wrong. Please let me know to get the company posts by UGC posts. I have to get all my linkedIn posts from my company page. https://www.linkedin.com/company/blenheim-chalcot-it-services-india-private-limited/posts/
Thanks in advance.
To get all posts use https://api.linkedin.com/v2/posts like here and to retrieve some statics about share go here
I'm trying to refresh a token but Keycloak returns a 400 Bad Request error with following message:
{
"error": "invalid_grant",
"error_description": "Invalid refresh token"
}
I successfully get the refresh token in a request like this:
curl --location --request POST 'http://localhost:8080/auth/realms/my_realm/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=my_user' \
--data-urlencode 'password=my_password' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'client_id=my_client_id' \
--data-urlencode 'client_secret=my_client_secret'
So I get a JWT response with access token and refresh token. Both of them appear to be valid as I load them in jwt.io.
But when I try to use the refresh token I get previous error. The request is like this:
curl --location --request POST 'http://localhost:8080/auth/realms/my_realm/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=my_client_id' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=my_refresh_token' \
--data-urlencode 'client_secret=my_client_secret'
In Keycloak's log there is no clue of what the problem is.
Waht could be the cause? Or at least, is there a way to get more info on the cause of the error from Keycloak' response or log?
EDIT:
I have implemented an User Storage Provider SPI so it does the authentication against an external DB but it doesn't manage users into Keycloak. Is it needed that the token owner user exists in Keycloak so refreshing the token works?
Thanks.
Finally it was an issue in my User Storage Provider SPI. It was necessary to implement following method as Keycloak takes the user ID from the refresh token and look for the user by such ID:
public UserModel getUserById(String id, RealmModel realm) {
StorageId storageId = new StorageId(id);
String username = storageId.getExternalId();
return getUserByUsername(username, realm);
}
Im reading this documentation:
https://api.wm.com/howtotest/#make-an-api-call
And I want to make this test request in the postman:
curl -i https://apitest.wm.com/v1/helloworld \
-H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhbnlvbmVAYW55LmNvbSIsInN1YiI6Ildhc3RlIG1hbmFnZW1lbnQgIHRlYW0iLCJqdGkiOiIwQkQyRTVDQkM2RDE2Mzc0RkNFQSIsInNjb3BlIjpbInNlbGYiLCJoZWxsb3dvcmxkIl0sImlhdCI6MTQ5MDg5ODk1NSwiZXhwIjoxNTIyNDM0OTU1fQ.O2k-senypXFZQwW4Ln3mBg60qzOSo-diPQWVfir3m6Q" \
-H "ClientId: 0BD2E5CBC6D16374FCEA" \
-H "Request-Tracking-Id: 12132"
But i recived response like this:
{
"message": "'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhbnlvbmVAYW55LmNvbSIsInN1YiI6Ildhc3RlIG1hbmFnZW1lbnQgIHRlYW0iLCJqdGkiOiIwQkQyRTVDQkM2RDE2Mzc0RkNFQSIsInNjb3BlIjpbInNlbGYiLCJoZWxsb3dvcmxkIl0sImlhdCI6MTQ5MDg5ODk1NSwiZXhwIjoxNTIyNDM0OTU1fQ.O2k-senypXFZQwW4Ln3mBg60qzOSo-diPQWVfir3m6Q' not a valid key=value pair (missing equal-sign) in Authorization header: 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhbnlvbmVAYW55LmNvbSIsInN1YiI6Ildhc3RlIG1hbmFnZW1lbnQgIHRlYW0iLCJqdGkiOiIwQkQyRTVDQkM2RDE2Mzc0RkNFQSIsInNjb3BlIjpbInNlbGYiLCJoZWxsb3dvcmxkIl0sImlhdCI6MTQ5MDg5ODk1NSwiZXhwIjoxNTIyNDM0OTU1fQ.O2k-senypXFZQwW4Ln3mBg60qzOSo-diPQWVfir3m6Q'."
}
This is the example of their official documentation, how it can be it doesnt works, or I didnt do something good?
I think that the error message is potentially misleading. If you are using the test example you need to request a clientid and token from WM per the documentation.
From the documentation:
With a valid access token and clientId, you are ready to make requests to Waste Management API.
I want to implement 2-factor sign up with auth0 (username / password and SMS code). I'm not using Lock widget, trying to implement sign-up based on auth0 API instead.
So, I have following steps now.
1 Sign up with
POST https://somedomain.eu.auth0.com/dbconnections/signup
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_CLIENT_SECRET",
"connection": "Username-Password-Authentication",
"email": "sowhat#what.what",
"username": "sowhat",
"password": "sowhat#what.what",
"phone_number": "+38...56" // I have access to this number
}
Response is created user.
2 Attempt to login with username / password
POST https://somedomain.eu.auth0.com/oauth/token
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_CLIENT_SECRET",
"audience":"http://localhost",
"email": "sowhat#what.what",
"username": "sowhat",
"password": "sowhat#what.what",
"grant_type":"password"
}
Response is mfa_required and mfa_token string.
3 Requesting mfa challenge
POST https://somedomain.eu.auth0.com/mfa/challenge
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_CLIENT_SECRET",
"challenge_type": "oob otp",
"mfa_token": "MFA_TOKEN_FROM_PREVIOUS_STEP"
}
The response is
{
"error": "unsupported_challenge_type",
"error_description": "User is not enrolled with guardian"
}
So I don't really know how can I fix this one. I guess the reason is probably because phone_number is missing in user profile but I don't actually know how can I add it with Username-Password-Authentication connection.
It looks like you need to involve users in 'Guardian'.
Firstly you need enable Guardian Factory:
Just call this:
curl -H "Authorization: Bearer %your_token%" -X PUT -H "Content-Type: application/json" -d '{"enabled":true}' "https://%your_domain%/api/v2/guardian/factors/sms"
And now we can involve users in Guardian:
Create ticket:
curl -H "Authorization: Bearer %your_token%" -X POST -H "Content-Type: application/json" -d '{"user_id":"%user_id%"}' "https://%your_domain%/api/v2/guardian/enrollments/ticket"
Follow ticket_url in response
Put phone number into
opened form
Waiting for otp on you device
Put otp into early opened form.
After those steps user will be involved in Guardian. It should avoid the problem described above.
Has anyone successfully renewed access token?
Lyft document suggest that we pass renew_token with renew_token request. but there is no API to receive the renew_token. Asking user to everytime grant an access is not a practical way to implement OAuth.
https://developer.lyft.com/docs/authentication
This is the link for to lyft documentation.
You probably got this working, but just to confirm the example from the docs just works
https://developer.lyft.com/docs/authentication
curl -X POST -H "Content-Type: application/json" \
--user "<client_id>:<client_secret>" \
-d '{"grant_type": "refresh_token", "refresh_token": <refresh_token>}' \
'https://api.lyft.com/oauth/token'
The response comes back with a new access_token
{"token_type": "Bearer", "access_token": "XXX", "expires_in": 3600, "scope": "profile offline rides.read public rides.request"}