I just started using the stormpath-default-spring-boot-starter (1.2.0) library for new Rest API platform that we are building. I was expecting the access cookie to be generated by the following code on authenticating the user so that subsequent API calls can be authenticated by the cookie. Account is authenticated however the cookie is not getting generated.
AuthenticationRequest request = UsernamePasswordRequests.builder()
.setUsernameOrEmail(userId)
.setPassword(pwd)
.withResponseOptions(UsernamePasswordRequests.options().withAccount())
.build();
Account account = null;
try {
account = app.authenticateAccount(request).getAccount();
}
catch (ResourceException ex) {
throw(ex);
}
Following here is the property file entries,
stormpath.spring.security.enabled = false
security.basic.enabled = false
Help is much appreciated.
I think you may be mixing contexts here.
The code you provided looks like the type of manual code required when you are using the Java SDK directly and not using an integration, like the Stormpath Spring Boot integration.
When you are using the Stormpath Default Spring Boot Starter you get a bunch of endpoints automatically that you can use to authenticate and have cookies set.
For example, you have a /login endpoint.
If you fire up your example app, you should be able to go to:
curl localhost:8080/login
You will get back a login model that looks something like this:
{
"form": {
"fields": [
{
"name": "login",
"label": "Username or Email",
"placeholder": "Username or Email",
"required": true,
"type": "text"
},
{
"name": "password",
"label": "Password",
"placeholder": "Password",
"required": true,
"type": "password"
}
]
}
}
You can then authenticate with a POST:
curl -v -H "Content-Type: application/json" -X POST \
-d '{"login": "<email>", "password": "<password>"}' \
http://localhost:8080/login
You'll get a response like this:
> POST /login HTTP/1.1
> Host: localhost:8080
< HTTP/1.1 200
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Mon, 05 Dec 2016 05:30:25 GMT
<
* Connection #0 to host localhost left intact
{
"account": {
"href": "https://api.stormpath.com/v1/accounts/<account id>",
"createdAt": "2016-03-04T06:29:48.506Z",
"modifiedAt": "2016-08-17T18:01:07.812Z",
"username": "<username>",
"email": "<email>",
"givenName": "<givenName>",
"middleName": null,
"surname": "<surname>",
"status": "ENABLED",
"fullName": "<full name>",
"emailVerificationStatus": null,
"passwordModifiedAt": "2016-05-24T02:14:01.000Z"
}
}
The response contains both the access_token and the refresh_token cookies as well as a JSON response containing the account information.
If you want to use OAuth2, you have a /oauth/token endpoint that supports both the grant_type=password and the grant_type=client_credentials flow:
curl -v -X POST \
-d grant_type=password -d username=<email> -d password=<password> \
http://localhost:8080/oauth/token
You'll get a response like:
> POST /oauth/token HTTP/1.1
> Host: localhost:8080
< HTTP/1.1 200
< Set-Cookie: access_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...;Max-Age=3600;path=/;HttpOnly
< Set-Cookie: refresh_token=eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...;Max-Age=5184000;path=/;HttpOnly
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Type: application/json;charset=ISO-8859-1
< Content-Length: 933
< Date: Mon, 05 Dec 2016 05:38:53 GMT
<
* Connection #0 to host localhost left intact
{
"access_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoiYWNjZXNzIiwiYWxnIjoiSFMyNTYifQ...",
"refresh_token": "eyJraWQiOiJSOTJTQkhKQzFVNERBSU1HUTNNSE9HVk1YIiwic3R0IjoicmVmcmVzaCIsImFsZyI6IkhTMjU2In0...",
"token_type": "Bearer",
"expires_in": 3600
}
I hope this helps!
Full disclosure: I am one of Stormpath's Java Developer Evangelists
Related
I found the CLI or API request methods and they work for me, like this:
# source /etc/kolla/admin-openrc.sh
# openstack user password set --password newpsw --original-password oripsw
Or
# source /etc/kolla/admin-openrc.sh
# curl -v -s -X POST $OS_AUTH_URL/auth/tokens?nocatalog \
-H "Content-Type: application/json" \
-d '{ "auth": { "identity": { "methods": ["password"], \
"password": {"user": {"domain": {"name": "'"$OS_USER_DOMAIN_NAME"'"}, \
"name": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"} } }, \
"scope": { "project": { "domain": { "name": "'"$OS_PROJECT_DOMAIN_NAME"'" }, \
"name": "'"$OS_PROJECT_NAME"'" } } }}'
< HTTP/1.1 201 CREATED
< Date: Mon, 18 Oct 2021 11:44:39 GMT
< Server: Apache
< Content-Length: 720
< X-Subject-Token: gAAAAABhbV4o9WvatToB4Z7dUhaNqyYqpwUt4T3wwOmnN2-YCioaSYZ-HpqdWNDvAq0pvnSe6qIuvoZXOIUjmxxUu03tWk2mp2TOJ_LTLECXOHqlQT22vqNvgJj_YTgOWbwHVlrrqbkcUWM4WDvbsD1HjM8xiEYidSNMzpw2LOHtO43cIN0nyvs
< Vary: X-Auth-Token
# export OS_TOKEN=gAAAAABhbV4o9WvatToB4Z7dUhaNqyYqpwUt4T3wwOmnN2-YCioaSYZ-HpqdWNDvAq0pvnSe6qIuvoZXOIUjmxxUu03tWk2mp2TOJ_LTLECXOHqlQT22vqNvgJj_YTgOWbwHVlrrqbkcUWM4WDvbsD1HjM8xiEYidSNMzpw2LOHtO43cIN0nyvs
# curl --header "Content-Type: application/json" --request POST --data '{"user":{"password":"123","original_password":"aaa"}}' http://10.32.17.172:5000/v3/users/e1c5cc75489f4e0cbb05c39d03b46097/password
The Change password for user method at the last of API request documentation.
But I need to achieve that by using openstacksdk in our project, I found the last method in the openstacksdk documentation -- update_user(user, **attrs), it seems the most like I look for. Unfortunately, the openstack.identity.v3.user instance doesn't have the original_password, and my code can't work:
import openstack
conn = openstack.connect(
region_name = 'RegionOne',
auth_url = 'http://10.32.17.172:35357/v3',
domain_name = 'Default',
project_name = 'admin',
username = 'admin',
password = '123'
)
user_args = {
"name":"admin",
"pasword":'aaa', # new password
"password_expires_at":None,
"links":{u'self': u'http://10.32.17.172:5000/v3/users/e1c5cc75489f4e0cbb05c39d03b46097'},
"enabled":True,
"domain_id":"default",
"original_password": "123",
}
conn.identity.update_user(user_args)
How could I implement change current user passord by openstacksdk? Thanks advance.
Solve by this:
import openstack
conn = openstack.connect(
...
)
user_args = {
"id":"e1c5cc75489f4e0cbb05c39d03b46097"
}
user = conn.identity.get_user(user_args)
user.description = "test_update_psw"
user.password="123456"
conn.identity.update_user(user)
Update the user's info should use the user object instead of the dictionary like the question's code.
Shame of my bad program language skill and lack of API documentation knowledge.
And thank you very very much for one people who called tanjin.
I have developed an Python webapp on GCP App Engine.
I want to use OAuth 2.0 client ID as an authentication for my app.
In APIs & Services -> Credentials there is an OAuth 2.0 client ID with my app URL added as Authorized redirect URIs.
My Postman access token configuration looks like the following:
And authorization configuration:
Despite that I am getting following response: Status: 401 Unauthorized
Info from the header: WWW-Authenticate: Bearer, error="invalid_token"
Response body:
{
"code": 16,
"message": "JWT validation failed: Bad JWT format: Invalid JSON in header",
"details": [
{
"#type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "auth"
}
]
}
What I am doing wrong? How should I troubleshoot this?
EDIT: Adding request
POST /parse HTTP/1.1
Host: [my_app_name].appspot.com
Content-length: 0
Content-type: application/json
Authorization: Bearer [token_generated_by_postman]
My request to google healthcare API is not working from OAuth 2.0 playground using refresh token option. I am getting "status": "PERMISSION_DENIED". The requested API has been enabled for many days. Here's the Request and Response details.
POST
/v1alpha2/projects/<project_id>/locations/<location>/datasets?
datasetId=<dataset_id> HTTP/1.1
Host: healthcare.googleapis.com
Content-length: 0
Content-type: application/json
Authorization: Bearer
HTTP/1.1 403 Forbidden
Content-length: 767
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Fri, 12 Jul 2019 17:57:39 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="46,43,39"
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "PERMISSION_DENIED",
"message": "Cloud Healthcare API has not been used in project <project_id> before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/healthcare.googleapis.com/overview?project=<project_ud> then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"code": 403,
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"url": "https://console.developers.google.com/apis/api/healthcare.googleapis.com/overview?project=<project_id>",
"description": "Google developers console API activation"
}
]
}
]
}
}
You are using the Alpha endpoint for the Healthcare API, which has been decomissioned by Google. You can see how to make the transition for the Beta API in here: https://cloud.google.com/healthcare/docs/how-tos/transition-guide.
Also note that in addition to the change in the Request URL
/v1beta1/projects/<project_id>/locations/<location>/datasets
the response now is a long-running operation:
https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.operations
I am trying to get OAuth2 token for authorization on my local JHipster server.
Everything is setup correctly and working, I can login via Web GUI.
But when I try to get token via cURL I get POST method not allowed
My cURL request is as following:
curl -X POST -vu client:secret http://localhost:8080/oauth/token -H "Accept: application/json" -d "username=admin&password=admin&grant_type=password&scope=read&client_id=CLIENTID&client_secret=CLIENTSECRET"
Thanks to this post, I have tested JHipster UAA, alongside JHipster version 5 .
This command could be a working sample:
curl -X POST -v http://[server-ip]:9999/oauth/token -i
-H "Accept: application/json"
-H "Authorization: Basic aW50ZXJuYWw6aW50ZXJuYWw="
-d "username=admin&password=admin&grant_type=client_credentials&scope=web-app"
Important notice:
Username and password must be replaced with yours.
The BASE64 encoded value of your 'clientId + ":" + clientSecret' must be set in header.
In my case BASE64('internal:internal')='aW50ZXJuYWw6aW50ZXJuYWw='
https://www.base64encode.org/ can be used to encode your text.
Since you have put client Id and secret on message Header, no need to provide it on message body.
And this could be a sample output:
{
"access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJ3ZWItYXBwIl0sImV4cCI6MTUzNTM2ODEyNiwiaWF0IjoxNTM1MzY2MzI2LCJqdGkiOiJiYjYwMWVkYS01NjUyLTQ5OTgtYWJkNS04YzYxZjA3Y2U1ODUiLCJjbGllbnRfaWQiOiJpbnRlcm5hbCJ9.lNqpfE7N6XJVFe9t7zPbwokU_zl4AFIAmQJZ_Hb2ok0vBpWrDMf3v6KgEEi5bN2iyRd0TQBelSIJothrsYHoTk0ZaeeK9BM97OJr4Uc8kLzn2Vp-xpBk8-n2PlwAKIRojoOxMnBp0nA2qjPieaPV2Fj1HETmK2gZ38lQcZ_KJLD-ug9AT9_N1E9SwRjt1yfZtd64IJZOQGqcZ05VCAj54jxH9lyvX-_1NY2Iq2aA5-cGbOftmv0sUjF15EiTGps6YtFUrJqKs8PmDofMImyqjAwB3yNObpg7c6PbeCXWYLAir5IOFdueTys3cLLyrhE78GJ3OiKSAA128nZSeUbiAg",
"token_type" : "bearer",
"expires_in" : 1799,
"scope" : "web-app",
"iat" : 1535366326,
"jti" : "bb601eda-5652-4998-abd5-8c61f07ce585"
* Connection #0 to host [server-ip] left intact
}
Using the default generated jhipster app (3.5.0), this is how you would curl a token for the admin user:
> curl -X POST -u jhipsterapp:my-secret-token-to-change-in-production -i -H 'Accept:application/json' http://localhost:8080/oauth/token -d "username=admin&password=admin&grant_type=password&scope=read%20write"
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Application-Context: jhipster:swagger,dev:8080
Cache-Control: no-store
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 22 Jul 2016 13:09:38 GMT
{
"access_token" : "4a1ae413-5cd7-46e9-8a33-31698218d43e",
"token_type" : "bearer",
"refresh_token" : "537f231c-e6e0-4499-bbd8-9580eee02f79",
"expires_in" : 1799,
"scope" : "read write"
}
Note: here is my .yo-rc.json:
{
"generator-jhipster": {
"jhipsterVersion": "3.5.0",
"baseName": "jhipster",
"packageName": "com.mycompany.myapp",
"packageFolder": "com/mycompany/myapp",
"serverPort": "8080",
"authenticationType": "oauth2",
"hibernateCache": "ehcache",
"clusteredHttpSession": "no",
"websocket": "no",
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": "no",
"buildTool": "maven",
"useSass": false,
"applicationType": "monolith",
"testFrameworks": [
"gatling"
],
"jhiPrefix": "jhi",
"enableTranslation": true,
"nativeLanguage": "en",
"languages": [
"en"
]
}
}
In the recent two days I got an error in my process which worked successfully on a daily base in the recent year.
The bigquery.jobs.query() is not recognize the TABLE_DATE_RANGE (table wildcard function).
This is my Request (After I changed my ID):
POST https://www.googleapis.com/bigquery/v2/projects/foo/queries?key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer XXXXXX
X-JavaScript-User-Agent: Google APIs Explorer
{
"query": "SELECT COUNT( 1) AS CNT FROM TABLE_DATE_RANGE(DEV.FACT_,TIMESTAMP('20141018'),TIMESTAMP('20141019'))",
"dryRun": true,
"kind": "bigquery#queryRequest",
"defaultDataset": {
"datasetId": "DEV"
}
}
This is the response:
404 Not Found
- Hide headers -
cache-control: private, max-age=0
content-encoding: gzip
content-length: 146
content-type: application/json; charset=UTF-8
date: Sun, 19 Oct 2014 07:54:53 GMT
expires: Sun, 19 Oct 2014 07:54:53 GMT
server: GSE
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found: Table foo:DEV.FACT_"
}
],
"code": 404,
"message": "Not Found: Table foo:DEV.FACT_"
}
}
When I Execute the query in the browser I get result.
When I remove the dryRun Attribute or set it to be False I get the result (200 OK)
Can Google explain what is the reason for this ?
Regards,
Liad
Thanks for the report.
It looks like TABLE_DATE_RANGE resolution is broken for dry run queries. I've filed a bug, we should have a fix soon. If you'd like to track the resolution, you can file a bug in the public issue tracker here: https://code.google.com/p/google-bigquery/.