I'am using the Active Collab API V5 to create User from our Service Desk - the creation of the User with the following POST works.
curl -k -v -h "Content-Type:application/json" -h "X-Angie-AuthApiToken:XXXXXXX" -X POST -d '{"type": "Member","email": "XXXXXXXX#XXXXXX", "password": "XXXXX"}' https://URL/api/v1/users
Is it possible to send the invite link automatically? Like the User creation on the web interface (Send invite link from People page).
I found this API Reference https://developers.activecollab.com/api-documentation/v1/people/users/invite.html but on this way its only possible to invite directly to projects.
System makes a distinction between account creation, and invitiation (which includes account creation, but does a bit more). Here's how to invite one user or more users:
curl -h "Content-Type:application/json" \
-h "X-Angie-AuthApiToken:XXXXXXX" \
-X POST -d '{"role": "Member","email_addresses": ["X#Y.COM", "Y#X.com"], "custom_permissions": ["can_manage_projects", "can_manage_finances"]}' \
https://URL/api/v1/users/invite
Differences:
API end-point is different (/api/v1/users/invite),
Use role instead of type,
A list of more than one email address can be specified,
Custom permissions can be set,
You can't specify user's password. They will receive invitation email, and complete the process themselves.
Related
I created a public repository within my personal account, created a PAT w/ the workflow permissions checked, but am unable to disable the workflow via the API as I receive a message stating that I must have admin rights to the repository. I believe the PAT has the correct permissions so I’m unsure as to why this isn’t working.
Here is the command I am attempting to use (based on the documentation):
curl -s christronyxyocum:MY-PAT -X PUT -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/MY-USERNAME/MY-REPO/actions/workflows/workflow.yml/disable
I can retrieve information about the workflow without any issues so I believe that I have the correct URL and formatting, etc. I have even tried creating a new PAT with the same permissions and that one experiences the same error.
I have figured this out. Rather than using the username:token format like they show repeatedly in their documentation, you must use the -H "Authorization: bearer TOKEN" header with the curl command.
It's possible to "simulate" a user using the master key? I would like this feature to test what the user can really see in the application and verify that he does not have access to some part of it etc.
Is this possible without knowing the password of the user?
If you want to test how user, roles, and permissions work, a simple way to do it is to make command line REST requests against the parse-server. Here's the guide.
You should be able to go into your parse dashboard and locate a user, look at their session token and then use that in queries to simulate that user's permissions.
With a session token, you can query objects in parse like this:
$ curl \
-X GET \
-H 'X-Parse-Application-Id: ABC123 \
-H "X-Parse-Session-Token: r:XXXXXX" \
-H "Content-Type: application/json" \
https://cloud.so.good/parse/classes/Product
For a complex system, you'll want to cover your cloud code to ensure that all is working as expected. A good place to start would be with parse-server's extensive test coverage, including ACL's
You can create a Parse.Session object for the particular user, setting the user and expiresAt fields. You creating the object, get the sessionToken key from the object.
Then for any request you are trying to make, you will set the X-Parse-Session-Token header to be the value of the session token.
I have spent a lot if time in the documentation and this Q/A forum but have still not ascertained the information I need/understand. The model that I ham working with does not exactly meld with WSO2IS very well. The programmer is set in their ways and will not budge on change, nothing I can do about that. They are just after the security that is provided by WSO2IS. So here is programmers model, NOT sso.
user->web_site->wso2is authorization->website
It is to have every user login every time. What they want from wso2s is to send user_name, password and company_id and to return valid/invalid id and a set of permission. External id should work well as a claim for the company id.
I have been able to create a user, but not able to add a role for that user and I have not been able to get authorization. I can get some of the information about the user via SCIM : curl -v -k --user admin:admin https://wso2-dev.h3net.com:9443/wso2/scim/Users/d9bef03a-ddcf-44fc-a431-3b71e618b61e
What I need are 3 curl commands via REST like commands
Here's what I have for adding a user : curl -k -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{"user":{"username":"Gomez","realm":"PRIMARY","password":"Password1!","claims":[{"uri":"http://wso2.org/claims/givenname","value":"Gomez"},{"uri":"http://wso2.org/claims/emailaddress","value":"bnpatton#west.com"},{"uri":"http://wso2.org/claims/lastname","value":"Adams"},{"uri":"http://wso2.org/claims/mobile","value":"1234567890"}]},"properties":[]}' "https://wso2-dev.h3net.com:9443/api/identity/user/v0.9/me
This does not show haw to add a role for the user, just claims.
With something like the above, how would I do the following :
1. add roles to a user
2. authorize user when just only have user_name, password and company_id(external_id claim)
3. return permissions with authorization or a separate curl command?
Question 1
You can refer this comment for adding roles to the user using SCIM API.
Question 2
In this case, you can use XACML for claim based authorization. Please refer this blog for the implementation.
Question 3
WSO2IS server is working as policy decision point(PDP). Based on the decision you can access the resource in the resource server.
I'm attempting to pull a full list of users that have a specific app or Role on their onelogin account.
I've looked under both Roles and Users within the API but it doesn't appear it's possible to simply give the API a role name/ID and get all user's that are apart of it.
Is there an easy way to do this? It's to help automate auditing of auto-provisioned applications.
Thanks!
As described at the API documentation, at the User section.
you can use "query parameters" in order to filter users.
In your case you want to filter by role_id.
Imagine you want all the users with the role_id = 1:
curl 'https://api.<us_or_eu>>.onelogin.com/api/1/users?role_id=1' \
-X GET \
-H "Authorization: bearer:<access_token>"
In order to get the list of available roles you can execute:
curl 'https://api.<us_or_eu>.onelogin.com/api/1/roles' \
-X GET \
-H "Authorization: bearer:<access_token>"
I am working on ArangoDB 3.1 in stand-alone mode.
We are creating a Foxx API to authenticate the users who are accessing our database and our custom APIs. In order to activate authentication, we added the following statements in the arangod.conf file.
authentication = true
authentication-system-only = true
We created a user in arangosh for the database we are working on. When we log into the web console the username and password worked and we are able to access the database,APIs and also able to create users using the APIs.
But when we try to access using another browser or using curl command we are not able to see the user information. HTTP and curl commands are given below.
http://username:password#ip-address:portno/_db/AdtheorentDB/test-app/whoami
curl --basic --user "username:password" -X GET --header 'Accept: application/json' 'http://ip-address:portno/_db/databasename/test-app/whoami'
What might be the issue ?
The above curl command is obtained from the link given below.
ArangoDB authentication via HTTP