Apple Music Kit unable to get proper Music-User-Token generated - api

Im creating a login with apple music feature on a PHP coded website, so far so good. Im able to login get the access_token from the user, im also able to get public track and playlist info using my encrypted developer token.
But I would also like to create a library playlist for that logged in user, the docs in apple suggest that to make personal changes I need to add a special header:
Music-User-Token: [music user token]
I assumed that the Music-User-Token is the access_token of the user, but that fails, I also tried the id_token from the logged in session, but it also fails.
My end CURL request looks something like this:
curl -v \
-H 'Content-Type: application/json' \
-H 'Music-User-Token: USER_MUSIC_TOKEN' \
-H 'Authorization: Bearer DEVELOPER_TOKEN' \
--request POST \
--data '{"attributes":{"name":"1622799194 playlist","description":""},"relationships":{"tracks":{"data":[{"id":"1560879523","type":"songs"}]}}}' \
"https://api.music.apple.com/v1/me/library/playlists"
The response I get is:
* upload completely sent off: 135 out of 135 bytes
< HTTP/1.1 403 Forbidden
< Content-Type: application/json;charset=utf-8
< Content-Length: 132
< Server: daiquiri/3.0.0
< x-apple-jingle-correlation-key: 7QETXMYLA5HYFGWO75NMIYAZ2E
< x-apple-request-uuid: fc093bb3-0b07-4f82-9ace-ff5ac46019d1
< b3: fc093bb30b074f829aceff5ac46019d1-3adb16d23e03d043
< x-b3-traceid: fc093bb30b074f829aceff5ac46019d1
< x-b3-spanid: 3adb16d23e03d043
< apple-seq: 0.0
< apple-tk: false
< apple-originating-system: MZStorePlatform
< X-Apple-Application-Site: ST11
< X-Apple-Application-Instance: 2513606
< x-responding-instance: MZStorePlatform:2513606:::
< apple-timing-app: 11 ms
< Cache-Control: private, no-cache, no-store, no-transform, must-revalidate, max-age=0
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< is-jetty: true
< x-apple-lokamai-no-cache: true
< x-daiquiri-instance: daiquiri:48626004:st53p00it-qujn14050101:7987:21HOTFIX5
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Date: Fri, 04 Jun 2021 09:55:15 GMT
< Connection: close
<
* Closing connection 0
{"errors":[{"id":"7QETXMYLA5HYFGWO75NMIYAZ2E","title":"Forbidden","detail":"Invalid authentication","status":"403","code":"40300"}]}
How do I generate the proper for Apple Music Kit Music-User-Token manually?
Thank you!

Related

Authenticate via api-key in chrome web store api

I would like to automate chrome extension deployment and followed this guide for the most part: https://developer.chrome.com/webstore/using_webstore_api. I created a project in my developer console, activated the Chrome Web Store API. Next step is creating the right credentials. There are three different ones, when i let google help me choose it tells me that API-key is just fine to use for this API, so i did.
My question: How can i use this API-key to make API calls? I tried to include the key in the params as pointed out in the docs but that doesn't work. If this is the wrong approach i really don't understand, that these sort of authentication is suggested by the developer console.
As i try to automate things on a build server without using chrome or some other browser i cannot really use OAuth credentials.
curl \
-H "x-goog-api-version: 2" \
-H "Content-Length: 0" \
-H "Expect:" \
-X GET \
-v \
"https://www.googleapis.com/chromewebstore/v1.1/items/ITEM_ID?projection=draft&key=API_KEY"
results in
https://www.googleapis.com/chromewebstore/v1.1/items/ITEM_ID\?projection\=draft\&key\=API_KEY
* Trying 172.217.17.234...
* Connected to www.googleapis.com (172.217.17.234) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /chromewebstore/v1.1/items/ITEM_ID?projection=draft&key=API_KEY HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.43.0
> Accept: */*
> x-goog-api-version: 2
> Content-Length: 0
>
< HTTP/1.1 401 Unauthorized
< Vary: X-Origin
< WWW-Authenticate: Bearer realm="https://accounts.google.com/"
< Content-Type: application/json; charset=UTF-8
< Date: Thu, 15 Sep 2016 14:14:18 GMT
< Expires: Thu, 15 Sep 2016 14:14:18 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
* Connection #0 to host www.googleapis.com left intact
{"error":{"errors":[{"domain":"global","reason":"required","message":"Login Required","locationType":"header","location":"Authorization"}],"code":401,"message":"Login Required"}}
I also tried to set it as header but neither of these worked.

Invalid Document Stream when uploading thumbnail to OneDrive

I download a JPEG thumbnail.
curl -L 'https://api.onedrive.com/v1.0/drive/items/EF393A3B6CA330A3!112/thumbnails/0/small/content' \
-H "Authorization: Bearer $AUTH" \
> image
I then try to use that very same downloaded image as a custom thumbnail.
curl -v 'https://api.onedrive.com/v1.0/drive/items/EF393A3B6CA330A3!112/thumbnails/1/source/content' \
-X PUT -H 'Content-Type: image/jpeg' -H "Authorization: Bearer $AUTH" \
-d #image
but it doesn't work.
< HTTP/1.1 400 Bad Request
< Via: 1.1 BY3302____PAP061 (wls-colorado)
< Content-Length: 71
< Content-Type: application/json
* Server Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 is not blacklisted
< Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
< X-WLSPROXY: BY3302____PAP061
< X-MSNSERVER: DM2301____PAP093
< X-QosStats: {"ApiId":0,"ResultType":2,"SourcePropertyId":0,"TargetPropertyId":42}
< X-ThrowSite: 3683.1abb
< X-AsmVersion: UNKNOWN; 19.22.0.0
< P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
< Date: Fri, 17 Jul 2015 06:59:24 GMT
<
* Connection #0 to host api.onedrive.com left intact
{"error":{"code":"invalidRequest","message":"Invalid Document Stream"}}
What does OneDrive want me to do to upload the thumbnail?
I looked at the "example", but it didn't shed much light.

cURL hangs at: "no chunk, no close, no size. Assume close to signal end"

When using this command to stream upload to a Apache/PHP server
curl -X POST \
-i --data-binary #customfile.app \
-H "Transfer-Encoding: chunked" \
-H "Content-Type: application/app" \
-H "X-CustomHeader1: customvalue1" \
-H "X-CustomHeader2: customvalue2" \
-H "X-CustomHeader3: customvalue3" \
-H "X-CustomHeader4: customvalue4" \
-H "X-CustomHeader5: customvalue5" \
-H "X-CustomHeader6: customvalue6" \
--ignore-content-length \
--progress-bar -vvv \
http://[DOMAIN]/upload.php
The command hangs as follows:
* Hostname was NOT found in DNS cache
* Trying [IP_ADDRESS]...
* Connected to [DOMAIN] ([IP_ADDRESS]) port 80 (#0)
> POST /upload.php HTTP/1.1
> User-Agent: curl/7.37.1
> Host: [DOMAIN]
> Accept: */*
> Transfer-Encoding: chunked
> Content-Type: application/app
> X-CustomHeader1: customvalue1
> X-CustomHeader2: customvalue2
> X-CustomHeader3: customvalue3
> X-CustomHeader4: customvalue4
> X-CustomHeader5: customvalue5
> X-CustomHeader6: customvalue6
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Date: Thu, 12 Feb 2015 11:10:17 GMT
Date: Thu, 12 Feb 2015 11:10:17 GMT
* Server Apache is not blacklisted
< Server: Apache
Server: Apache
< Vary: Content-Type
Vary: Content-Type
< Content-Length: 0
Content-Length: 0
< Connection: keep-alive
Connection: keep-alive
* no chunk, no close, no size. Assume close to signal end
<
Now, when the no chunk, no close, no size. Assume close to signal end message appears I do a checksum on both the local and server file to prove they are both the same, which they are. Meaning that the file successfully uploads, but for some reason the connection is not closed.
Why is that and how do I resolve it? Can I tell cURL to close the connection when the whole file has been uploaded? Thanks
You specifically tell curl to ignore the content-length set by the server. Because of this the end of the response will be assumed to be connection close. But the server does not close because it waits for more requests.
Apart from that: I don't think you can just add "Transfer-Encoding: chunked" as a custom header. It is not enough to tell the server that the content will be sent in chunks but curl actually has to use chunked encoding which it probably does not.
I had a funny case when this happened with a JSP page.
Flushing a newline helped:
<%
out.println("");
out.flush();
%>

Jenkins API authentication 403

I'm trying to access a Jenkins instance via its remote API. I'm using a command like the following:
`curl -v -X GET https://jenkins.somewhere.com/job/trt/api/xml --user user#gmail.com:abc123abc123abc123acb123`
The user ID and API token are taken from my User page. The Jenkins instance is secured to use Google Apps SSO for its Security Realm, and Role-based strategy for Authorization. My user is in a role which has all permissions, however I get a 403 response, and it seems to think I'm the "anonymous" user (response below). How can I diagnose what's going wrong?
< HTTP/1.1 403 Forbidden
< Date: Tue, 30 Sep 2014 09:29:49 GMT
* Server Jetty(8.y.z-SNAPSHOT) is not blacklisted
< Server: Jetty(8.y.z-SNAPSHOT)
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Content-Type: text/html;charset=utf-8
< X-Hudson: 1.395
< X-Jenkins: 1.574
< X-Jenkins-Session: 0a2fc55a
< X-Hudson-CLI-Port: 37761
< X-Jenkins-CLI-Port: 37761
< X-Jenkins-CLI2-Port: 37761
< X-You-Are-Authenticated-As: anonymous
< X-You-Are-In-Group:
< X-Required-Permission: hudson.model.Hudson.Read
< X-Permission-Implied-By: hudson.security.Permission.GenericRead
< X-Permission-Implied-By: hudson.model.Hudson.Administer
< Set-Cookie: JSESSIONID.cf04cd2b=rdgbn9cxz0s045quzsaybywo;Path=/
< Via: 1.1 jenkins.somewhere.com
< Vary: Accept-Encoding
< Content-Length: 578
<
<html><head><meta http-equiv="refresh" content="1;url=/securityRealm/commenceLogin?from=%2Fjob%2Ftrt%2Fapi%2Fxml"><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fjob%2Ftrt%2Fapi%2Fxml');</script></head><body style="background-color:white; color:white;">
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->

Authenticate an app and get the access token in flattr api v2

I am a bit stuck in authenticating my app and get an access token, when following this instructions: http://developers.flattr.net/v2/
Step 1, Authenticate works fine. I get back the code, and my app is listed in my Settings/Applications with the correct scope.
Then I try to get the access token via the following curl command:
curl -v --user MY_KEY:MY_SECRET -H "Content-Type: application/json"\
-X POST -d '{"grant_type": "authorization_code",\
"redirect_uri": "http://localhost/", "code": "MY_CODE"}'\
https://flattr.com/oauth/token
Unfortunately I always get "invalid_request"
< HTTP/1.1 400 Bad Request
< Strict-Transport-Security: max-age=500
< Set-Cookie: PHPSESSID=d9972s9r5a7t4p0ch4chc4dqh2; path=/; domain=.flattr.com; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json; charset=utf-8
< Content-Length: 291
< Connection: close
< Date: Wed, 16 Nov 2011 22:38:30 GMT
< Server: lighttpd
<
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed."}
Thanks!
I found a bug in the process and it is now smashed. Should be working smooth if you try the request again!