We want to create a "long lasting" token for integration testing purposes. We are using a keycloak for creating tokens normally. But I don't see a possibility to create tokens with no expiration, so that reoccuring integration tests on dev-stage can be done without interuption.
What would you suggest for such automatically repeating testing regarding oauth?
All access token should expire at some point, that why the rfc details the use of refresh token, wich can be used indefinitly to keep your service running, the basic idea is that when you request an access token, you'll get an access token plus a refresh token, and when the first token expires, you send it to the keycloak server and it will regenerate a new access token and a new refresh token.
In practice, you should use your token as long as its valid (since you know in advance it lifespan), and when your token is about to expire you resend the request using the refresh token.
src: RFC oauth2
How about make longer time(a couple of days) for access token before start integration test?
After finish integration test, return to default time(5 minutes).
This is my demo test steps
Get master of realm access token and assign token variable
Get my-realm's realm data
this is default my-realm's setting data
{
"id": "my-realm",
"realm": "my-realm",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"defaultRole": {
"id": "3798f9f6-3383-474e-997e-123d9b534ae4",
"name": "default-roles-my-realm",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "my-realm"
},
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"internationalizationEnabled": false,
"supportedLocales": [],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
"cibaExpiresIn": "120",
"cibaAuthRequestedUserHint": "login_hint",
"oauth2DeviceCodeLifespan": "600",
"oauth2DevicePollingInterval": "5",
"parRequestUriLifespan": "60",
"cibaInterval": "5"
},
"userManagedAccessAllowed": false,
"clientProfiles": {
"profiles": []
},
"clientPolicies": {
"policies": []
}
}
Extend logger period of access(2 days) token lifetime
I changed accessTokenLifespan value from 300 to 172800 (= 3600 * 24 *2) seconds
use PUT method for update realm data
In the UI of Keycloak, the Access Token Lifespan will be changed into 2 days
the Status of API call should be return 204 (No Content)
Run your integration tests
Return back 2.'s default(or previous) lifetime
Related
I'd like to know how I can update the product custom attribute defined as media_image type via REST API in Magento 2.4.4.
My custom attribute is defined like the following:
{
"is_wysiwyg_enabled": false,
"is_html_allowed_on_front": true,
"used_for_sort_by": false,
"is_filterable": false,
"is_filterable_in_search": false,
"is_used_in_grid": true,
"is_visible_in_grid": true,
"is_filterable_in_grid": true,
"position": 0,
"apply_to": [],
"is_searchable": "0",
"is_visible_in_advanced_search": "0",
"is_comparable": "0",
"is_used_for_promo_rules": "0",
"is_visible_on_front": "0",
"used_in_product_listing": "0",
"is_visible": true,
"scope": "website",
"attribute_id": 185,
"attribute_code": "custom_pic",
"frontend_input": "media_image",
"entity_type_id": "4",
"is_required": false,
"options": [],
"is_user_defined": true,
"default_frontend_label": "custom_pic",
"frontend_labels": [
{
"store_id": 1,
"label": "Custom Picture"
}
],
"backend_type": "varchar",
"is_unique": "0",
"validation_rules": []
}
But I don't know how to update it and can't find the proper documentation.
I can update other custom attributes successfully by endpoint /rest/default/V1/products/{sku}
I tried the following so far:
Tried to pass a valid URL in value. But didn't work!
{
"attribute_code": "custom_pic",
"value": "https://xxxx/.../xxx.png"
}
Tried to base64 encoded string. (Because we can update product images by base64 encoded string.) But no luck!
Could you help me out, please?
I'm running Mirth 3.6.1 with CKAN 2.8 and being a newbie to this I've run into an issue: Is there a way to access resources in private datasets in CKAN through API requests? I can't seem to do it.
I have an organization with a public dataset and I can can go through Mirth via the API router to the correct Mirth channel and get the data from CKAN, like normal, with an API request. But if I make the dataset private, it all falls apart. Even though I use the correct API-key. Although, that doesn't seem to make a difference. I get success true regardless of whether I use the API-key or not (or if it's even the correct key)
The API-key included in the request is that of the sysadmin.
When I directly access the CKAN resource through a CKAN-endpoint and the dataset is public, I get this response:
{
"help": "https://URL/api/3/action/help_show?name=resource_search", (URL instead of real url)
"success": true,
"result": {
"count": 1,
"results": [
{
"mimetype": null,
"cache_url": null,
"state": "active",
"hash": "REDACTED__", (sensitive data)
"description": "",
"format": "",
"url": "https://URL/datastore/dump/0696c0a1-b249-4fd5-ba80-caf7046a650b", (URL instead of real url)
"datastore_active": true,
"created": "2019-03-19T00:30:04.313593",
"cache_last_updated": null,
"package_id": "11211598-34f8-4d67-ab34-b7fd590ae08d",
"mimetype_inner": null,
"last_modified": null,
"position": 1,
"revision_id": "17b85d36-4ec1-4645-b9b1-dcfe310a54e6",
"size": null,
"url_type": "datastore",
"id": "0696c0a1-b249-4fd5-ba80-caf7046a650b",
"resource_type": null,
"name": "REDACTED" (sensitive data)
}
]
}
}
When the dataset is private, regardless of whether I include the API-key or not (or if it's even the real api-key), I get this response:
{
"help": "https://URL/api/3/action/help_show?name=resource_search",
"success": true,
"result": {
"count": 0,
"results": []
}
}
So, how can I do a resource_search for a resource in a private dataset?
Thanks in advance.
Yes you can do that by using include_private:True in the dataset
Please see the below link
https://docs.ckan.org/en/2.8/api/index.html#ckan.logic.action.get.package_search
I'm trying to create an event using the API console and keep getting errors. Any ideas why?
I've been using different versions of the example value:
{
"name": "string",
"description": "string",
"status": "string",
"event_id": "string",
"start_epoch": 0,
"end_epoch": 0,
"industry": "string",
"archived": true,
"deleted": true,
"legacy_id": 0,
"is_public": true
}
I get the following back. Any thoughts?
{
"code": "BadRequestError",
"message": "[\"Has time can't be blank\",\"true is not included in the list\"]"
}
You will need to fetch the user/team information first
Once you have your oauth token from above and set to the Authorization header, make a call to https://developer-portal.socialtables.com/api-console#!/Authentication/get_4_0_oauth_token
This will give you the user and team object back to make subsequent calls to make events
Once you have the team_id you can now make events
You can POST to /4.0/events
Swagger doc: https://developer-portal.socialtables.com/api-console#!/Events/post_4_0_events
Example POST payload:
{
"name": "NAME",
"description": "DESCRIPTION",
"status": "new",
"start_epoch": TIME_IN_MS,
"end_epoch": TIME_IN_MS,
"industry": "INDUSTRY_TYPE",
“has_time”: 1 // 0 = all day event, 1 = from/to a specific time in day
}
- This will return the event ID under data.event.id in the response from the above POST
- You can then link the user to:
https://home.socialtables.com/events/EVENT_ID
I am using WowzaStreamingEngine 4.4.1 at Ubuntu 14.04. I used restful api and created vod application (restful_vod) as in examples, it didn't work didn't stream vod files. That's why, I compare application.xml files of default vod application and restful_vod application. There is a difference between MediaReader properties. Default vod application has no property at there but restful_vod has below:
<MediaReader>
<!-- Properties defined here will override any properties defined in conf/MediaReaders.xml for any MediaReaders loaded by this applications -->
<Properties>
<Property>
<Name>randomAccessReaderClass</Name>
<Value></Value>
<Type>String</Type>
</Property>
</Properties>
</MediaReader>
When I removed randomAccessReaderClass named property, it started to work. I realized mediaReaderRandomAccessReaderClass parameter manage its value at restful api side. But I couldn't find a way to prevent adding it while using restful api. I tried not setting mediaReaderRandomAccessReaderClass value and also setting mediaReaderRandomAccessReaderClass false, null and empty string.
Is there any way to prevent adding it or a default working value for this?
Thanks.
You can set a default mediaReaderRandomAccessReaderClass by setting it as follows:
"mediaReaderRandomAccessReaderClass": ""
In your resulting Application.xml file, the MediaReader container would then be blank, which would indicate that it would use the default value:
<MediaReader>
<!-- Properties defined here will override any properties defined in conf/MediaReaders.xml for any MediaReaders loaded by this applications -->
<Properties>
</Properties>
</MediaReader>
A working REST API command to create a VOD file, for example, would look like this.
curl -X POST --header 'Accept:application/json; charset=utf-8' --header 'Content-type:application/json; charset=utf-8' http://localhost:8087/v2/servers/_defaultServer_/vhosts/_defaultVHost_/applications/testvod -d'
{
"restURI": "http://localhost:8087/v2/servers/_defaultServer_/vhosts/_defaultVHost_/applications/testvod",
"version": "1462342478287",
"name": "testvod",
"appType": "VOD",
"description": "Test VOD via REST.",
"applicationTimeout": 0,
"pingTimeout": 0,
"repeaterQueryString": "",
"clientStreamReadAccess": "*",
"avSyncMethod": "senderreport",
"maxRTCPWaitTime": 12000,
"httpStreamers": [
"cupertinostreaming",
"smoothstreaming",
"sanjosestreaming",
"mpegdashstreaming"
],
"mediaReaderRandomAccessReaderClass": "",
"httpOptimizeFileReads": false,
"mediaReaderBufferSeekIO": false,
"captionLiveIngestType": "",
"vodTimedTextProviders": [
"vodcaptionprovidermp4_3gpp"
],
"securityConfig": {
"restURI": "http://localhost:8087/v2/servers/_defaultServer_/vhosts/_defaultVHost_/applications/testvod/security",
"secureTokenVersion": 0,
"clientStreamWriteAccess": "*",
"publishRequirePassword": true,
"publishPasswordFile": "",
"publishRTMPSecureURL": "",
"publishIPBlackList": "",
"publishIPWhiteList": "",
"publishBlockDuplicateStreamNames": false,
"publishValidEncoders": "",
"publishAuthenticationMethod": "digest",
"playMaximumConnections": 0,
"playRequireSecureConnection": false,
"secureTokenSharedSecret": "",
"secureTokenUseTEAForRTMP": false,
"secureTokenIncludeClientIPInHash": false,
"secureTokenHashAlgorithm": "",
"secureTokenQueryParametersPrefix": "",
"secureTokenOriginSharedSecret": "",
"playIPBlackList": "",
"playIPWhiteList": "",
"playAuthenticationMethod": "none"
},
"streamConfig": {
"restURI": "http://localhost:8087/v2/servers/_defaultServer_/vhosts/_defaultVHost_/applications/testvod/streamconfiguration",
"streamType": "default",
"storageDir": "${com.wowza.wms.context.VHostConfigHome}/content",
"createStorageDir": false,
"storageDirExists": true,
"keyDir": "${com.wowza.wms.context.VHostConfigHome}/keys",
"httpRandomizeMediaName": false
},
"modules": {
"restURI": "http://localhost:8087/v2/servers/_defaultServer_/vhosts/_defaultVHost_/applications/testvod/modules",
"moduleList": [
{
"order": 0,
"name": "base",
"description": "Base",
"class": "com.wowza.wms.module.ModuleCore"
},
{
"order": 1,
"name": "logging",
"description": "Client Logging",
"class": "com.wowza.wms.module.ModuleClientLogging"
},
{
"order": 2,
"name": "flvplayback",
"description": "FLVPlayback",
"class": "com.wowza.wms.module.ModuleFLVPlayback"
},
{
"order": 3,
"name": "ModuleCoreSecurity",
"description": "Core Security Module for Applications",
"class": "com.wowza.wms.security.ModuleCoreSecurity"
}
]
}
}'
There seems to be an inconsistency with the responses for Yodlee's getSiteLoginForm REST API function.
For a site that has a login field with radio buttons, sometimes the data coming back from Yodlee for that particular field will look like this:
{
"fieldInfoList": [
{
"validValues": [
"1",
"2",
"3",
"4"
],
"displayValidValues": [
"1",
"2",
"3",
"4"
],
"valueIdentifier": "OPTIONS",
"valueMask": "LOGIN_FIELD",
"fieldType": {
"typeName": "OPTIONS"
},
"size": 20,
"maxlength": 40,
"name": "OPTIONS",
"displayName": "Issue Number",
"isEditable": true,
"isOptional": false,
"isEscaped": false,
"helpText": "76367",
"isOptionalMFA": false,
"isMFA": false
}
]
}
and other times it looks like this:
{
"validValues": [
"1",
"2",
"3",
"4"
],
"displayValidValues": [
"1",
"2",
"3",
"4"
],
"valueIdentifier": "OPTION",
"valueMask": "LOGIN_FIELD",
"fieldType": {
"typeName": "OPTIONS"
},
"size": 20,
"maxlength": 40,
"name": "OPTION",
"displayName": "Issue Number",
"isEditable": true,
"isOptional": false,
"isEscaped": false,
"helpText": "76367",
"isOptionalMFA": false,
"isMFA": false
}
It's the same field but the valueIdentifier value has changed and the data isn't being enclosed in a fieldInfoList variable.
What would be the reason for this response data-set changing between two attempts if there's no difference in the code?
In addition to that, could a similar response inconsistency be affecting other API functions from Yodlee, and if so how does one deal with this uncertain variance?
We did analysis and Yodlee provides every time same response, no matter how many attempts you'll do. While I am assuming that you might be confused between getSiteLoginForm and getLoginFomForContentService, as both are two different APIs and belongs to approach i.e., Site Based and Container Based respectively. And the response you have mentioned first comes when you use getSiteLoginForm while the later one comes with getLoginFormForContentService.
Hope this helps as there is no issue with the API, these are two different response from 2 different APIs.