I am trying to use your Rest API with a simple GET via a request from python's library "requests", so I could obtain the privileges of my Company's OneLogin Domain for an automatization using "https://api.eu.onelogin.com/api/1/privileges" url.
However, I obtain this response:
<Response [403]>
{'name': 'ForbiddenError', 'message': 'The request was a legal request, but the server is refusing to respond to it'}
This response is weird because I can get any other info I want from your Rest API, but privileges e.g.: users, roles, groups from https://api.eu.onelogin.com/api/1/ and mappings from https://api.eu.onelogin.com/api/2/.
So my final guess was that this "Limited Availability" thing meant that your Rest API was disabled, at least for the privileges.
When will this part of your Rest API be back online?
Related
I'm working on a REST API and a web application that will work off said REST API. The REST API implements a stateful token-based authentication pattern. Ultimately, allowing users to exchange their user credentials for a time-limited authentication token that identifies who they are.
So for example, a request such as:
POST: http://localhost:4000/api/v1/tokens/authentication
REQUEST BODY: {"email": "my_email_address", password": "my_password"}
would yield a response like:
"authentication_token": {
"token": "GAHZQS3IEIE6ELF7IHC6GK7M5Y",
"expiry": "2022-07-19T02:49:09.4194657+01:00"
}
If the user credentials that the user entered were incorrect, the user would not receive the authentication token.
The user needs to include the token in any further requests so that the REST API can identify the user. Some API endpoints are restricted to just logged-in users/users with certain permissions. And the token allows the REST API to know what sort of user it's dealing with. The token corresponds to a user id.
There will be a separate server from the REST API server serving the web application pages. But the pages will be populated with data from the REST API via the javascript fetch API.
I am happy with the REST API authentication. But I also need to restrict access to the web application pages based on if the user has logged in or not.
I want to leverage the existing REST API authentication but have never done something like this before so would very much appreciate any input you have.
Currently, I'm thinking of doing something like what's listed below. Do ye see any problems with it?
User accesses login page, enters credentials, and clicks 'login' button.
On clicking the 'login' button a request to the REST API is made:
POST: http://localhost:4000/api/v1/tokens/authentication
REQUEST BODY: {"email": "my_email_address", password": "my_password"}
If the credentials are correct, a token is returned, such as:
"authentication_token": {
"token": "GAHZQS3IEIE6ELF7IHC6GK7M5Y",
"expiry": "2022-07-19T02:49:09.4194657+01:00"
}
This token is added to a cookie for later use. i.e for when making another request to the REST API via the fetch API.
I'm thinking of adding another REST API endpoint that will simply validate a token i.e state whether or not the passed token is still valid and that the user is still logged in.
The webpage server can then call this endpoint to ensure the token is valid before showing a user a page that is restricted to just logged-in users.
Or maybe, instead of a validate token API endpoint, I should have a 'get user by token' endpoint. That will return user data if the token is valid. That way the webpage server could also get to know the type of user account that is associated with that user and could then also restrict pages based on the user type. It might also come in use for populating pages since nearly all pages will contain some user info e.g a profile image.
I try to migrate from eBay Finding API to Browse API. My technical setting is quiet easy:
A Server searches the Browse API to find products by a keyword. Thats it.
Does anybody know if I need to implement OAuth, a redirection page for eBay-Users to log in etc.? I don't need all those features..
Thanks!
You can use the browse API with the client credential flow that mints the Application access token.
Application tokens are general-use tokens that give access to interfaces that return application data. For example, many GET requests require only an Application token for authorization.
See Documentation
The client credential flow does not require a User to Login via eBay and the redirect etc. However, you can only use the "GET" methods like getItem, getItemByLegacyId or search for example.
If you using NodeJs or Browser you can checkout the "Get Item" example here. (The library will get the Application access token automatically and return the result.)
Posted this on github and was told to come here ask for help
Hello!
I am trying to implement custom authentication for my resources on Google Cloud Storage using this module with a service account. I am trying to abstract away the need for a Google account for my end users.
What the ideal workflow would look like:
User queries https://cdn.example.com/[[BUCKET]]/[[FILENAME]] using Bearer token
The API on that end intercepts the bucket and file name and checks the validity of the token
The API then would request the resource at https://storage.cloud.google.com/[[BUCKET]]/[[FILENAME]]
Step 3 Returns the Location header that I will pass over to the user
After snooping around a bit I found out that the Location header returned in step 3 in the form of https://[[DATA]].googleusercontent.com/download/storage/v1/b/[[BUCKET]]/o/[[FILENAME]]?qk=[[KEY]] is a public link that can be accessed by anonymous users too. Which is exactly what I want. However while using the storage API I can only see selfLink and mediaLink, not the link above.
I tried using google-auto-auth to sign the request with my service account towards the storage.cloud.google.com endpoint but I get an Unauthorized error.
From looking here I understand that to access the storage.cloud.google.com is based on cookie authentication, which google-auto-auth doesn't seem to do. All it does is add a Bearer token to the header of the request.
This looks like you need signedUrls
Yea, that would be great, if it didn't expose the email of the service account.
Cheers!
TL;DR How to get the redirect URL from storage.cloud.google.com links using a service account?
I am trying to get a user's uploaded shape file or the details of his feature server after he is been authenticated.
I was able to authenticate the user and get the token, and i am using the token to access the user's services. I am new to this field, so i am not sure how to achieve this.
I am using java to send requests to arcgis server and get appropriate responses for a given api using the token.
I am following the documentation they have provided for using rest api's but I am struck at basics.
I am using browser based rest client for now to check the json response and I am using the following services to get user's services.
http://geocode.arcgis.com/arcgis/rest/services?token[token]&f=json
https://arcgis.com/sharing/rest/portals/self?token[token]&f=json
The response I received for the first one is
{"currentVersion":10.31,"folders":[],"services":[{"name":"DataCoverage","type":"MapServer"},{"name":"World","type":"GeocodeServer"}]}
The second one also provides elaborate response, but I dont know how to get the service that would give me the user's uploaded shape files.
I've been reading lots of documentation about Google API access and OAuth flow using it but I don't seem to get it working in my mind, so I want to get some help first in order to have a clear idea about how it works then I can code it using the corresponding API.
What I want to achieve is feed a Java application running in a PC with specific Google user data, like localization through Google Latitude API. In order to get this, OAuth must be used, so I need getting the user consent, then access the user data from the application running in my computer, and I don't know how to manage this.
I've already registered my application with the Google APIs Console and enabled the Google Latitude module. I've also tried the Latitude console application here and it works properly (a browser tab opened asking for a Google user; I entered it and I got the location data), but I'm having problems when trying to adapt the program flow to my needs.
In my application, the 'remote' user is supposed to send a request (a custom JSON message) to the server asking for service enable/disable, like allowing the server to track his/her position through Latitude. Then, AFAIK, the server should send to the user a URL so the user can give the consent, but I don't know how to get this URL and how the server realizes about this consent and gets the token (automatically? Google tracks this authorization process?). Once my server gets the specific user token, then I should be ready to get service data for that user using the received token.
As I said before, I've tried according to different references, but as the documentation seems to be really scattered and much of it is already deprecated, I've been unable to get it working.
Judging from your description, the installed app OAuth2 flow seems to be the right one for you.
At some point, presumably when a user is installing your desktop app, you should fire up a browser - either embedded one in your app or the default browser - and sent them to this Google OAuth2 endpoint. In your request, fill out all the parameters as required by the doc: Latitude API scope, client_id, etc. Google, as an authorization server, will take care of user authentication, session selection, and user consent. If the user grants access to her data to your API, you will receive an authorization code either in the title of the browser window or at a localhost port.
Once you have the code, you can exchange it for an access token and a refresh token. The access token is what you need to call the API and access the user's data. It is short lived though - check the expired_in parameter in the response, I believe it is 3600 sec. - so you will need to periodically ping the token endpoint with your long lived refresh token and exchange it for an access token.
You can find a more thoroough description of this flow in the doc linked above.