I don't want to use Global API key for accessing/editing existing firewall rules in cloudflare.
So,I created API token with below permission:
ZONE -> ZONE -> EDIT and ZONE -> Firewall Services -> Edit
curl -X GET \
"https://api.cloudflare.com/client/v4/zones/******/firewall/rules" \
-H "X-Auth-Email: <EMAIL>" \
-H "X-Auth-Key: <API_KEY>"
But somehow, It returning me 400: Authenticate error (10000)
Related
Trying to authenticate with the snapchat API through CURL and I"m not sure what I'm doing wrong. I have tried the following:
curl -X GET \
-H "client_id={}" \
-H "redirect_url={}" \
-H "response_type=code" \
-H "scope=snapchat-marketing-api" \
https://accounts.snapchat.com/login/oauth2/authorize
through my terminal and I'm getting the following error:
curl: (3) URL using bad/illegal format or missing URL
zsh: command not found: -H
I'm fairly new to this so would appreciate any guidance. I was expecting to be redirected into a browser to authenticate and would be given a temp access token or refresh token
As per Snapchat documentation, you can actually pull the code by turning the request into a URL and the code will be displayed in the browser/address bar at the end of the redirect link after you authorise the app.
take bellow URL and fill in your details as required and follow it via your browser:
# Sample URL to redirect the OAuth users to - Single Scope
https://accounts.snapchat.com/login/oauth2/authorize
?client_id=4cxxxx8-1c33-xxxx-8798-xxxxxxxx
&redirect_uri=https://test.animalfarm.com/callback
&response_type=code
&scope=snapchat-marketing-api
I am looking at the Cloudflare API to grab a list of domains in our Cloudflare account.
Where do I grab the Cloudflare "X-Auth-Key" from so I can run the following command:
curl.exe -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: xx#xx.com" -H "X-Auth-Key: xxx" -H "Content-Type: application/json";
Thanks,
Steve
In order to get a key provided to X-Auth-Key you need to register here
Once registered, go to My profile -> API Tokens tab, there you will be able to generate a key using Create token button.
I’m trying to set up Keycloak using nginx as proxy.
The idea is to log in to web app using javascript adapter and then for each API request, nginx should ask Keycloak if token is valid (session could be revoked, etc.).
I’ve set it up without nginx locally - I have keycloak on my VM and I used Keycloak Gatekeeper to proxy API requests. It worked with no issues whatsoever.
Then, I deployed Keycloak and web app that uses js adapter on cluster and in nginx I proxied URLs required for login. Next, I configured auth module to call /auth/realms/cerulean-magnolia/protocol/openid-connect/token with grant_type=urn:ietf:params:oauth:grant-type:uma-ticket. There could be better endpoint to call but I’m always getting invalid_grant Invalid bearer token anyway.
Login works but when I try to use generated token, it becomes invalid and I can’t use it anymore.
I’ve set PROXY_ADDRESS_FORWARDING to true.
Any attempt of using this token ends up in getting:
{
"error": "invalid_grant",
"error_description": "Invalid bearer token"
}
If I would generate this token manually (via forwarded port) using password:
curl -L -X POST 'https://localhost:8141/auth/realms/cerulean-magnolia/protocol/openid-connect/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=lei' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=openid' \
--data-urlencode 'username=...' \
--data-urlencode 'password=...' --insecure | jq
and then use this token to do:
http --verify=no -f https://localhost:8141/auth/realms/cerulean-magnolia/protocol/openid-connect/token grant_type=urn:ietf:params:oauth:grant-type:uma-ticket audience=lei-api response_mode=decision authorization:"Bearer ..."
It works fine. But if I use token generated via web app, I always get 401.
I’d be grateful for any help or hints.
Thanks in advance,
Patryk
I need to authenticate admin user via curl command so I can pragmatically add,delete, modify users in wso2
I can call the api end points for user add/mod/delete no problem. But without being able to first authenticate to wso2 it is all for naught. When I send the curl command I get no response back, and nothing shows in the logs.
This is my basic curl command, right out of the books:
curl -X POST "https://xxxxxxx.com:9443/login/portal" -H "Content-Type: application/x-form-urlencoded" -d "username=uid&password=foo&grantType=password"
You can use SCIM APIs with basic authentication to manage users.
If you want to use OAuth2 tokens, you can get them like this.
curl -k -d "grant_type=password&username=<username>&password=<password>"
-u <Consumer_key>:<Consumer_secret>
-H "Content-Type: application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token
[1] https://docs.wso2.com/display/IS530/SCIM+1.1+APIs
I am new to openstack, trying to use Ceilometer python API to pull some data from a testbed server, I am accessing the server from a remote site
the problem is that I cannot figure out how get the an authorization token
I used the following command
curl -i 'http://HOST:8774/' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d/tokens auth": {"tenantName": "project", "passwordCredentials": {"username": "user", "password": "password"}}}'
But it does not give me anything,
curl -X GET -H "X-Auth-Token:$MY_TOKEN" http://HOST:8774/tokens
also does not give me any token
From your use of port 8774 I suspect you might be using DevStack. Try this
curl -s -X POST http://$OPENSTACK_KEYSTONE_HOST:5000/v2.0/tokens -d '{"auth": {"passwordCredentials": {"username":"my-username", "password":"my-password"}, "tenantName":"my-tenantName"}}
In DevStack Keystone (the auth service you get tokens from) is running on port 5000 by default. This may or may not be true in your case. Ask your friendly OpenStack operator what host (and port) Keystone is running on and put that in place of $OPENSTACK_KEYSTONE_HOST:5000