I followed this page to practice GitHub API and try to edit my profile
https://docs.github.com/en/rest/reference/users
curl -X PATCH -H "Accept: application/vnd.github.v3+json" -H "Authorization: token MyToken" https://api.github.com/user -d '{"name":"myname"}'
But got the error message:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/users#update-the-authenticated-user"
}
I am very new to GitHub API, any help is appreciated!
As long as you have replaced MyToken by an actual PAT (Personal Access Token), registered to your account, this should work.
It should update the authenticate user.
Check first its old name (before renaming it) does exist with curl and its write outs:
curl -w '%{response_code}' 'https://api.github.com/users/<username>'
... Unless you are part of an organization that enforces SAML SSO for authentication, : see "Authenticating for SAML SSO".
But I suspect this is not your case.
The OP ITnewbie confirms in the comments it was a scope issue
Removed and regenerate the token which includes all permission, then it's work!
iqbal was, in the comments, following the "Get your own user profile" GitHub REST API tutorial.
When I changed the url from
curl -i -u your_username:your_token api.github.com/<<your user name>> to
curl -i -u your_username:your_token api.github.com/users/<<your user name>>, it worked.
Related
Trying to authenticate with the snapchat API through CURL and I"m not sure what I'm doing wrong. I have tried the following:
curl -X GET \
-H "client_id={}" \
-H "redirect_url={}" \
-H "response_type=code" \
-H "scope=snapchat-marketing-api" \
https://accounts.snapchat.com/login/oauth2/authorize
through my terminal and I'm getting the following error:
curl: (3) URL using bad/illegal format or missing URL
zsh: command not found: -H
I'm fairly new to this so would appreciate any guidance. I was expecting to be redirected into a browser to authenticate and would be given a temp access token or refresh token
As per Snapchat documentation, you can actually pull the code by turning the request into a URL and the code will be displayed in the browser/address bar at the end of the redirect link after you authorise the app.
take bellow URL and fill in your details as required and follow it via your browser:
# Sample URL to redirect the OAuth users to - Single Scope
https://accounts.snapchat.com/login/oauth2/authorize
?client_id=4cxxxx8-1c33-xxxx-8798-xxxxxxxx
&redirect_uri=https://test.animalfarm.com/callback
&response_type=code
&scope=snapchat-marketing-api
I’m trying to set up Keycloak using nginx as proxy.
The idea is to log in to web app using javascript adapter and then for each API request, nginx should ask Keycloak if token is valid (session could be revoked, etc.).
I’ve set it up without nginx locally - I have keycloak on my VM and I used Keycloak Gatekeeper to proxy API requests. It worked with no issues whatsoever.
Then, I deployed Keycloak and web app that uses js adapter on cluster and in nginx I proxied URLs required for login. Next, I configured auth module to call /auth/realms/cerulean-magnolia/protocol/openid-connect/token with grant_type=urn:ietf:params:oauth:grant-type:uma-ticket. There could be better endpoint to call but I’m always getting invalid_grant Invalid bearer token anyway.
Login works but when I try to use generated token, it becomes invalid and I can’t use it anymore.
I’ve set PROXY_ADDRESS_FORWARDING to true.
Any attempt of using this token ends up in getting:
{
"error": "invalid_grant",
"error_description": "Invalid bearer token"
}
If I would generate this token manually (via forwarded port) using password:
curl -L -X POST 'https://localhost:8141/auth/realms/cerulean-magnolia/protocol/openid-connect/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=lei' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=openid' \
--data-urlencode 'username=...' \
--data-urlencode 'password=...' --insecure | jq
and then use this token to do:
http --verify=no -f https://localhost:8141/auth/realms/cerulean-magnolia/protocol/openid-connect/token grant_type=urn:ietf:params:oauth:grant-type:uma-ticket audience=lei-api response_mode=decision authorization:"Bearer ..."
It works fine. But if I use token generated via web app, I always get 401.
I’d be grateful for any help or hints.
Thanks in advance,
Patryk
I've been experimenting with using Duck CLI to upload files to Dropbox in Windows 10 64-bit. If I submit a request like:
call duck --assumeyes --username abcd --password 1234 --upload "dropbox:/Test Folder" "Test.txt"
then it prompts me for the OAuth2 token and a browser tab appears with the authorization code. I supply this and the upload starts. All good. I want to bypass this and use a code that I have generated without the prompt. I tried:
call duck --assumeyes --password <generated key> --upload "dropbox:/Test Folder" "Test.txt"
but I still get the prompt and browser tab. I want the whole upload to proceed with no prompts. What am I missing?
As a matter of interest, this works as required (with no prompt being issued):
curl -X POST https://content.dropboxapi.com/2/files/upload ^
--header "Authorization: Bearer <generated key>" ^
--header "Dropbox-API-Arg: {\"path\": \"<DestinationFolder>\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" ^
--header "Content-Type: application/octet-stream" ^
--data-binary "#<filename>"
but the upload speed is only around 1.4Mb/s. Using Duck it is 11 Mb/s, so eight times faster!
Please try to use your email address registered with Google as the username parameter. This way the OAuth tokens are found in the login keychain (macOS) or credential manager (Windows).
I need to authenticate admin user via curl command so I can pragmatically add,delete, modify users in wso2
I can call the api end points for user add/mod/delete no problem. But without being able to first authenticate to wso2 it is all for naught. When I send the curl command I get no response back, and nothing shows in the logs.
This is my basic curl command, right out of the books:
curl -X POST "https://xxxxxxx.com:9443/login/portal" -H "Content-Type: application/x-form-urlencoded" -d "username=uid&password=foo&grantType=password"
You can use SCIM APIs with basic authentication to manage users.
If you want to use OAuth2 tokens, you can get them like this.
curl -k -d "grant_type=password&username=<username>&password=<password>"
-u <Consumer_key>:<Consumer_secret>
-H "Content-Type: application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token
[1] https://docs.wso2.com/display/IS530/SCIM+1.1+APIs
I have been working on setting up authorization using keycloak, and have set up specific roles and permissions based on resources and but the JWT access token contains only the details about the roles and not the permission assigned to the user.
I want the access token to include permission details and have tried the methods on Keycloak documentation:
1) Using permission ticket cannot generate the ticket using
http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission
it shows:
{
"error": "invalid_bearer_token",
"error_description": "Could not obtain bearer access_token from request."
}
and thus cannot generate the RPT and get details of the permissions.
Also tried using the entitlement API.
2) Using entitlement API:
curl -X GET \
-H "Authorization: Bearer ${access_token}" \
"http://localhost:8080/auth/realms/hello-world-authz/authz/entitlement/${resource_server_id}"
I tried using postman and it shows 404 Not Found..
Can anyone show me the correct procedure to include the permission in the access token or generate the RPT correctly.
Keycloak provides a discovering document for Authorization Services. You can obtain from following url.
curl -X GET http://localhost:8080/auth/realms/{realm}/.well-known/uma2-configuration -H "Authorization: Bearer ${access_token}"
here localhost and 8080 are for keycloak host and port
error says token you are using is not valid for the client.
I was able to get RPT using below command
curl -X POST http://localhost:8080/auth/realms/${realm}/protocol/openid-connect/token -H "Authorization: Bearer ${access_token}" --data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" --data "audience={resource_server_client_id}" --data "permission=Resource#Scope"
Keycloak responds to the client with the RPT