I'm trying to get the access token on Postman. I'm in "Get acces token", "body" and I'm using the 'POST' method (not the 'GET' one). When I click on the "send" button, I read this message:
{
"timestamp": "2022-11-07T21:26:28.119+00:00",
"status": 401,
"error": "Unauthorized",
"message": "",
"path": "/oidc/accessToken"
}
I think the problem is my oauth2 url. I didn't understand how to get one. I read on the internet that the url should be like this:
https://id:secret#mywebsite.com
Is it correct? I doesn't work for me.
How could I write a correct oauth2 url?
Thank you in advance!
PS: the 'code snippet' is this one:
curl --location --request POST 'https://link/accessToken' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'APIM-Debug: true' \
--data-urlencode 'client_id=' \
--data-urlencode 'client_secret=' \
--data-urlencode 'username=myusername' \
--data-urlencode 'password=mypassword' \
--data-urlencode 'grant_type=client_credentials'
I'm trying to trigger "play" -funtion with spotify API and tcl/http.
Here is the concept, in curl: https://developer.spotify.com/console/put-play/
curl -X "PUT" "https://api.spotify.com/v1/me/player/play" --data "{\"context_uri\":\"spotify:album:5ht7ItJgpBH7W6vJ5BqpPr\",\"offset\":{\"position\":5},\"position_ms\":0}" -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer "
Here's a working example with tcl using exec curl:
set url https://api.spotify.com/v1/me/player/play?device_id=$device_id
set data "{\"context_uri\":\"spotify:album:5ht7ItJgpBH7W6vJ5BqpPr\",\"offset\":{\"position\":5},\"position_ms\":0}"
if {[catch {
exec curl -X "PUT" "$url" --data $data -H "Accept: application/json" \
-H "Content-Type: application/json" -H "Authorization: Bearer $oauth"
} msg]} then {
puts $msg
}
But i'd like to do it with tcl/http, if it's possible.
Here is my best shot so far doing this with http, but it says "malformed json".
if {$incoming == ".play"} {
::http::register https 443 {::tls::socket -autoservername 1}
::http::config -urlencoding utf-8 -useragent {JSON curl/7.55. 1}
set spot_url [http::geturl https://api.spotify.com/v1/me/player/play? \
-method PUT \
-query {{device_id:"d70b1f06*MASKED*36c308",
"context_uri":"spotify:album:5ht7ItJgpBH7W6vJ5BqpPr","offset":{"position":5},"position_ms":0}} \
-headers [list Accept application/json Content-Type application/json Authorization "Bearer $::access_token"]]
set spot_temp [::http::data $spot_url]
::http::cleanup $spot_temp
::http::cleanup $spot_url
return $spot_temp
}
Any idea how to send it correct to avoid malformed json? :D
Thanks!
Short Version:
I use Node-RED automation to manage network.
Via Node-RED I query the Arris SB8200 Cable Modem to get connection and event status hourly and store in a database.
A recent Comcast modem firmware update forces usage of user/pw on the modem to retrieve status.
I have been unable to successfully authenticate and retrieve status via cURL but can do so from a browser.
I have googled and tried a dozen different cURL authentication approaches without success. There are 3 complicating factors:
Username/password authentication. I am assuming this is just basic auth and shouldn't be an issue but see #2.
There is a session cookie "credential" that must be maintained across requests. This shouldn't be a problem but no matter what I try no cookies are captured in my specified cookies.txt file.
A manual login (to https://192.168.100.1/) is immediately followed by a redirect (to https://192.168.100.1/cmconnectionstatus.html). When I try to use the chrome dev tools "save as cURL" only the redirect is available, not the initial login so I cannot capture the login cURL.
I am hoping somebody who reads this has cURL'd into an SB8200 cable modem (or similar) with user/pw authentication and can just post the details. More likely will be many suggestions of things to try and some google result links, most of which I likely tried already. What would be most helpful to start I think is troubleshooting why I cannot get a successful login and the credential cookie set on my initial cURL.
BTW - The username and password are known to me, were set by me, and work fine to login from a browser. I think no matter how I have passed in the credentials I am just being returned the login form again. Maybe basic auth will never work and I need to do something else.
EDIT: I discovered the "Preserve Log" option in Chrome dev tools. This allowed me to copy as curl both the login and the redirect actions. And running the login curl (which does use basic auth) does return me on stdout a credential cookie. I was not able to get this cookie stored in my cookies.txt file using the cookie options in curl. And immediately using the returned cookie in the redirect curl does not get me the expected results and instead returns the login page. But I am getting closer.
Here is the Chrome-captured cURL for the login and redirect from the browser:
curl 'https://192.168.100.1/cmconnectionstatus.html?<REDACTED>' \
-H 'Connection: keep-alive' \
-H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' \
-H 'DNT: 1' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'Authorization: Basic <REDACTED>' \
-H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' \
-H 'Accept: */*' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' \
-H 'X-Requested-With: XMLHttpRequest' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Cookie: HttpOnly: true, Secure: true' \
--compressed \
--insecure
curl 'https://192.168.100.1/cmconnectionstatus.html' \
-H 'Connection: keep-alive' \
-H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'DNT: 1' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-User: ?1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Cookie: HttpOnly: true, Secure: true; credential=gmhyY4SjR3qiWBiNIOtivpj4TF5Zwad' \
--compressed \
--insecure
Here is the HTML document returned when I try to login:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<script src="jquery-1.7.1.min.js"></script>
<script src="json2.js"></script>
<script src="main_arris.js"></script>
<script src="jquery-2.0.3.min.js"></script>
<script>
$(document).ready(function(){
$("#htmlheader").load("htmlheader.htm");
});
</script>
</head>
<body>
<div id="htmlheader"></div>
<div class="header">
<script>
$(document).ready(function(){
$("#pageheaderA").load("pageheaderA.htm");
});
</script>
<div id="binnacleWrapper1" class="binnacleItems_hide" style="display:none;">
<div id="binnacleWrapper2" class="binnacleItems_hide" style="display:none;">
<div id="binnacleWrapperLeft"><img src="px1_Ux.png" alt="" class="binnacleWrapperShim"></div>
<div id="binnacleWrapperRight"><img src="px1_Ux.png" alt="" class="binnacleWrapperShim"></div>
<div id="binnacleWrapperMiddle">
<div id="binnacleInnards">
<div id="binnacleIndicatorWrap"></div>
<div id="binnacleModelName">
<span id="thisModelNumberIs">
<label id="model">SB8200</label></span></div>
</div>
</div>
</div>
</div>
<div id="pageheaderA"></div>
<div class="container">
<div class="subHeader">
<div class="subHeadcontent">Login</div>
</div>
<form action="">
<br>
<b>Username:</b><br>
<input type="text" id="username" onkeypress="return checkForActivate(event)">
<br>
<br>
<b>Password:</b><br>
<input type="password" id="password" onkeypress="return checkForActivate(event)">
<br>
<br>
<input type="button" id="loginButton" onclick="validate(this.form)" value="Login">
</form>
</div>
<div class="spacer40" style="text-align: center; color: red; font-weight: bold;"></div>
<div class="spacer70"></div>
</div>
<!--gap<div id="bmtg"><div class="gap1"><div class="gap2"><div class="gap3"><div class="gap4"></div></div></div></div></div>-->
<div id="fg1"><div id="fg2"><div id="fg3"><div id="fg4"><div id="fg5"><div id="fg6"><div id="fg7">
<div id="logo_bottom"><img src="px1_Ux.png" alt="ARRIS" title="ARRIS" class="logo_bottom"></div>
<div id="copyright">
©CommScope, Inc. All rights reserved. ARRIS, SURFBOARD and SURFBOARD MAX are trademarks of CommScope, Inc.<br />All other trademarks are the property of their respective owners.
</div>
</div></div></div></div></div></div></div>
<!--/div-->
<script>
function authenticateUser(user, password)
{
var token = user + ":" + password;
// Base64 Encoding -> btoa
var hash = btoa(token);
var auth = hash;
sessionStorage.setItem('auth', auth);
return auth;
}
function validate( form )
{
$(".spacer40")[0].innerHTML = "";
authenticateUser(form.username.value, form.password.value);
localStorage.setItem('username', form.username.value);
eraseCookie("credential");
$.ajax({
type: 'GET',
url:"/cmconnectionstatus.html?" + sessionStorage.getItem('auth'),
contentType: 'application/x-www-form-urlencoded; charset=utf-8',
xhrFields: {
withCredentials: true
},
headers: {
'Authorization': 'Basic ' + sessionStorage.getItem('auth')
},
success: function (result) {
var token = result;
createCookie("credential", result);
window.location.href = "/cmconnectionstatus.html";
},
error: function (req, status, error) {
alert(error);
}
});
}
function checkForActivate( e )
{
if( e.keyCode == 13 )
{
document.getElementById("loginButton").click();
}
return true;
}
</script>
<!--/div-->
</body>
</html>
Solved it myself. Once I was able to save the login as curl in chrome, things fell in place. Looks like I was missing some required curl options in my initial attempts. I still need to skinny this down to the minimal necessary options, eliminate the double copy of user/pw chrome encoded, and add error checking. But the following will successfully login and pull modem status for an Arris SB8200. Never did get curl to store the credential cookie in a cookies.txt file so just used a local shell variable.
cookie=`curl 'https://192.168.100.1/cmconnectionstatus.html?<REDACTED>' -H 'Connection: keep-alive' -H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' -H 'DNT: 1' -H 'sec-ch-ua-mobile: ?0' -H 'Authorization: Basic <REDACTED>' -H 'Content-Type: application/x-www-form-urlencoded; charset=utf-8' -H 'Accept: */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' -H 'X-Requested-With: XMLHttpRequest' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Dest: empty' -H 'Accept-Language: en-US,en;q=0.9' -H 'Cookie: HttpOnly: true, Secure: true' --compressed --insecure`
curl 'https://192.168.100.1/cmconnectionstatus.html' -H 'Connection: keep-alive' -H 'sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"' -H 'sec-ch-ua-mobile: ?0' -H 'Upgrade-Insecure-Requests: 1' -H 'DNT: 1' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H 'Sec-Fetch-Site: same-origin' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-User: ?1' -H 'Sec-Fetch-Dest: document' -H 'Accept-Language: en-US,en;q=0.9' -H 'Cookie: HttpOnly: true, Secure: true; credential='$cookie --compressed --insecure
Im doing a http request to an Api, and my response is always not decoding special chars. Already tried to add utf-8 content type and accept enconding header but its not solving.
curl --location --request POST 'https://example.com/clients.json?api_key=12345678' --header 'Content-Type: application/json;' --header 'Cookie: _makeover_app_ix_com_session=BAh7BzoPc2Vzc2lvbl9pZCIlZTQ5YWQyYTE0YjMyZTI0OTgwNmI5NjgxZmRkYzkxZTciCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7BjoKZXJyb3IiRXXvbWUgbsOjbyBlc3TDoSBkaXNwb27DrXZlbC48YnIvPkNvbnRyaWJ1aW50ZSBuw6NvIMOpIHbDoWxpZG88YnIvPgY6CkB1c2VkewY7B1Q%3D--9cd818580f4d9c76ac84be57dfcc33436eda021e' --data-raw '{
"client": {
"name": "Customer name"
}
}'
Response Example:
{"error":"Nome n\u00e3o est\u00e1 dispon\u00edvel."}
Those characters are UTF-8 characters, but they are also encoded using JSON / Javascript unicode escape sequences.
CURL is not going to alter the HTTP response for you, but a JSON parser will know what to do with it. If you want to do something with this on the command-line, you might like the jq command.
curl --location --request POST 'https://example.com/clients.json?api_key=12345678' --header 'Content-Type: application/json;' --header 'Cookie: _makeover_app_ix_com_session=BAh7BzoPc2Vzc2lvbl9pZCIlZTQ5YWQyYTE0YjMyZTI0OTgwNmI5NjgxZmRkYzkxZTciCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7BjoKZXJyb3IiRXXvbWUgbsOjbyBlc3TDoSBkaXNwb27DrXZlbC48YnIvPkNvbnRyaWJ1aW50ZSBuw6NvIMOpIHbDoWxpZG88YnIvPgY6CkB1c2VkewY7B1Q%3D--9cd818580f4d9c76ac84be57dfcc33436eda021e' --data-raw '{
"client": {
"name": "Customer name"
}
}' | jq .
I want to send message to private user not in any bot or group. How i can send ?
Thanks in advance
Line have API to send to one private user.
curl -v -X POST https://api.line.me/v2/bot/message/push \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {channel access token}' \
-d '{
"to": "U4af4980629...",
"messages":[
{
"type":"text",
"text":"Hello, world1"
},
{
"type":"text",
"text":"Hello, world2"
}
]
}'
See the documentation: https://developers.line.biz/en/reference/messaging-api/#send-push-message