I've to use Magento Web API's using OAuth . I have created a Consumer with web panel and i've consumer key and consumer secret key. now i have to find the Access token . so i refered some material and came to run the following command
oauth \
--verbose \
--query-string \
--consumer-key c9c60d4aaf670c86acee7e93bb776e45 \
--consumer-secret 0a0b845eb7507de84c63740b15561568 \
--access-token-url http://localhost/magento/oauth/token \
--authorize-url http://localhost/magento/oauth/authorize \
--request-token-url http://localhost/magento/oauth/initiate \
authorize
The response came like
Server appears to support OAuth 1.0a; enabling support.
Please visit this url to authorize:
http://localhost/magento/oauth/authorize?oauth_token=6a57c2e2d3f9883a94bfd2087dd95a89
Please enter the verification code provided by the SP (oauth_verifier):
Now i dont know where to find the verification code and how to use this.
Help me through this,. Thanks in advance:)
its returned when you do as it requested 'Please visit this url to authorize:'
in your case its
http://localhost/magento/oauth/authorize?oauth_token=6a57c2e2d3f9883a94bfd2087dd95a89
just paste that in you browser, and it should take you to an authorize or reject page. (will now be invalid)
this is based on the --authorize-url
i need admin access, so i use
--authorize-url http://www.myhost.com//admin/oauth_authorize
Related
I understand that I need to call:
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token' \
--header 'Content-Type: application/json' \
--data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
to get access token. There is some attempt to explain what are client_id, client_secret, code, redirect_uri, but it's totally cryptic to me. Can someone explain to me, what these are and where to get them?
I can login to company jira. I can create my personal access token in my profile. I cant get any meaningful support from my company. I need to get somehow from here to access token, so that I can call rest api.
OAuth needs that the user login through a web interface.
Once logged, is possible to retrieve the code you are looking for in the URL.
In my case, in order to get that code I have to open the oauth login web page of the service I want to use (in your case atlassian) and just login.
I usually manage this process with code, not using curls.
redirect_uri is where you want to be redirected after you login in the web interface.
i.e. Do I need to login with atlassian in order to call api and use data from my app ?
mobile app/Desktop App (redirect_uri will be a schema defined by you in the app, could be something like: myCompany://myApplicationExample or with desktop http://localhost should work ). In this case I suggest you to read something about deeplink for applications.
website (redirect_uri will the url of your website : https://yourwebsite.com
In my case, with the services I usually work with, cliend_id and client_secret are given per user or per application, when requested to the company which provides services you need.
I hope this can help you clarify
BY THE WAY:
if you say you already have an Access Token , you should be able to do everything without Loggin in, because the final purpose of login and use all this parameters you asked for, is to get an Access Token.
The endpoint you are trying to call, will just return you an Access Token.
The Access token is what you need in order to call rest api in this case.
I would suggest you to try to call an atlassian rest API you want, using the Access Token you already have in the headers of the rest API, and see the results.
In my case, I have to create an header like this:
Authorization : Bearer {your Access token}
I hope this helps you.
EDIT:
As shown in point 1 in this doc https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/
you should open this url by your application:
https://auth.atlassian.com/authorize?
audience=api.atlassian.com&
client_id=YOUR_CLIENT_ID&
scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO&
redirect_uri=https://YOUR_APP_CALLBACK_URL&
state=YOUR_USER_BOUND_VALUE&
response_type=code&
prompt=consent
read the doc on you should set redirect_uri (http://localhost is valid if is a desktop application, but you will have to implement an http listener in order to get the authorization code, I suggest you to set a schema in you app or simply use a web page url).
You should get a client_id by atlassian to use in the url,same for scope.
I don't know exaclty the state parameter but in the docs should be writtend.
Once logged you will be redirected to the redirect_uri you set, getting also this authorization_code, then you can call the /token endpoint in order to get the Access Token.
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token'
--header 'Content-Type: application/json'
--data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
Here you have to use the authorization code you get from the login, re use the same client_id, set also the client_secret (should be given with the client_id) and re use the same redirect_uri you used in the login url.
Once done you will have finally the Access Token, which must be used in order to call Apis.
as shown in the doc you should be able to call apis like this curl
curl --request GET \
--url https://api.atlassian.com/oauth/token/accessible-resources
--header 'Authorization: Bearer ACCESS_TOKEN'
--header 'Accept: application/json'
Where 'ACCESS_TOKEN' will be your access token obtained before.
Remind that an Access Token usually has an expiration date, after which you will need to login again or refreshing the token.
EDIT 2:
A Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication.
So basically is a constant string, this should be given to you from atlassian/jira in some way.
Client Secret should be given to you with Client ID from atlassian/jira.
Client_id and client_secret usually are also called api keys.
Usually the Scope is the name of the application you are requesting api keys for (you should request new api keys for each application),this is up to you, and should be comunicated to the company in your case (atlassian/jira) when requesting api keys.
(i.e. For my company I work with Trimble Connect, which is just a platform, everytime I develop for example a plugin/addon on top of it I ask them new api keys)
for what concerns the state:
state: (required for security) Set this to a value that is associated with the user you are directing to the authorization URL, for example, a hash of the user's session ID. Make sure that this is a value that cannot be guessed. You may be able to generate and validate this value automatically, if you are using an OAuth 2.0 client library or an authentication library with OAuth 2.0 support.
In the beginning I would try to give the state a random value.
I think you should ask to Atlassian how to get your api keys (maybe there's a page for that, like for Trimble Connect in my case).
I would send them an e-mail.
Seems you are not interested in call Apis from an application you are developing, but just from curls.
if I'm right, I know I have already told you, but if I were you I would definitely try to call an atlassian API not trying to get the access token from the OAuth Login, but using that ACCESS TOKEN you told me you told me you manually created.
Please try this curl:
curl --request GET \
--url https://api.atlassian.com/oauth/token/accessible-resources
--header 'Authorization: Bearer {ACCESS_TOKEN}'
--header 'Accept: application/json'
just use your Access Token string instead of {ACCESS_TOKEN} and see the results.
Using Kong API Gateway, I have added the OAuth2 plugin to all API's in the hopes of getting one token to access these API's.
When I call: www.example.com/oauth2/token with the required fields:
grant type, client id and client secret
it forces me to add the API: www.example.com/apiendpoint/oauth2/token
Unfortunately the token generated only has access to the specific API.
I've tried:
www.example.com/apis/oauth2/token
www.example.com/token
As well as reviewing the latest API Dos:
https://getkong.org/docs/0.10.x/admin-api/
none of which worked.
Is it possible to generate one token to access all the API's and if so how?
This isn't possible with Kong today - you are welcome to open an issue https://github.com/Mashape/kong/issues to raise the visibility of your request with the Kong community.
For people searching how to do this.
A way to achieve what was asked is by doing a post on the admin API:
$ curl -X POST http://kong:8001/oauth2_tokens \
--data "api_id=API-ID" \
--data "scope=SOME-SCOPE" \
--data "credential_id=KONG-APPLICATION-ID" \
--data "token_type=bearer" \
--data "access_token=SOME-TOKEN" \
--data "refresh_token=SOME-TOKEN" \
--data "expires_in=3600"
This way you can set a token in the desired APIs.
The KONG-APPLICATION-ID can be found in the /consumers/consumername/oauth2 API point.
I would like to pull the data from Twitter REST API. I have created the consumer key, secret and Access token, secret. I have tried with "Test OAuth", it generates a CURL command but if I change any one parameter then it is giving the below error.
Message: {"errors":[{"code":32,"message":"Could not authenticate you."}]}
Now I would like to call the twitter API using CURL in shell script for different screenNames.
I want a sample command some thing like mentioned below
curl --get 'https://api.twitter.com/1.1/statuses/user_timeline.json' --data 'count=2&screen_name=aswin' APIKEY:"xxxxxx",Acesstoken:"yyyyyyyy"
Thanks in advance.
Regards,
Aswin
I found the answer.
curl --get 'https://api.twitter.com/1.1/statuses/user_timeline.json' \
--data 'count=2&screen_name=twitterapi' \
--header 'Authorization: OAuth oauth_consumer_key="AAAAAAAAAAAAAAAAAAAA", oauth_nonce="BBBBBBBBBBBBBBBBBBBBBBB", oauth_signature="CCCCCCCCCCCCCCCCCCCCCCCCCCC", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1471672391", oauth_token="DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", oauth_version="1.0"'
Since your specific query doesn't require a user context you can use Application only authentication to make this request. The bearer token won't change per request so it should allow you to keep using curl.
https://dev.twitter.com/oauth/application-only
n.b. it won't work for all endpoints, but should for the case you listed.
Because most twitter requests require calculating the oauth signature, you should either write a client yourself or reuse an existing command line client.
https://github.com/twitter/twurl
https://github.com/sferik/t
https://github.com/yschimke/oksocial/wiki (Mac focused/cross service)
As you saw any change to the request will generally invalidate the query, and even time is one of the inputs.
I am trying to get a response from payever's API
I managed to get the authorization token using only my client_id and my client_secret, the problem is when I try to pass in the paramters as suggested by the documentation, I get the following error response:
u'{"error":"access_denied","error_description":"OAuth2 authentication required"}'
I assume it is because I didn't go through the whole OAuth2 flow, the problem is that to be compliant with that, I would need a confirmation code, which I never need since I can obtain the access token using only my client_id and client_secret.
Any ideas on how to do this? I have looked all around, trying to skip even some steps with the requests_oauthlib:
import requests_oauthlib
token = get_token(client_id, client_secret)
oauth = requests_oauthlib.OAuth2Session(client_id, redirect_uri=redirect_uri, scope=scope)
oauth.token = access_token
oauth.access_token = True
payments_url = 'https://mein.payever.de/api/payment'
rr = oauth.get(payments_url)
but no luck
u'{"error":"invalid_grant","error_description":"The access token provided is invalid."}'
EDIT:
I used subprocess.check_output('curl -......') and worked fine
By looking at the Payever API, I would not use requests_oauthlib, but pure requests instead. API seems to be extremely simple, so there is no need for Oauthlib.
I would start by accessing the resources with directly Curl in terminal or using pure Requests-library in Python.
API referece shows following way to get token:
curl -k https://mein.payever.de/oauth/v2/token \
-d client_id="{client_id}" \
-d client_secret="{client_secret}" \
-d grant_type="http://www.payever.de/api/payment" \
-d scope="API_CREATE_PAYMENT"
JSON response contains access_token and it can be used to access the resource with Curl command explained in the reference: Payever API reference
I'm trying to create a repo using Github API, but it always return this JSON:
{"message":"Not Found"}
But this error appears only when I try to create using OAuth access token in request header, if I use username and password, API create the repo and return a successful message.
Anyone had problems with this API endpoint?
You can create a new repository using the Python library, PyGithub.
from github import Github
g = Github("your username", "your password")
g = Github("your token") # safer alternative, if you have an access token
u = g.get_user()
repo = u.create_repo("name-of-your-repo")
This should solve your problem.
I had a different message come up with this
curl -i -d '{"name":"NAME"}' https://api.github.com/orgs/:ORG/repos?access_token=XXX
{
"message": "Must be an owner or admin of Organization."
}
But still not sure why I cannot create either
Ok
This worked for me
Create Auth Token
curl -u 'iwarner' -d '{"scopes":["repo"],"note":":NAME"}' https://api.github.com/authorizations
Create Repo - Need to contain "Authorization: token"
curl -i -H 'Authorization: token TOKENHERE' -d '{"name":":NAME"}' https://api.github.com/user/repos
This works, just tried it.
curl -F 'login=c00kiemon5ter' -F 'token=s3cr3t' https://github.com/api/v2/json/repos/create -F 'name=testapi' -F 'public=0'
Are we talking about API v2 or v3 ?
I do not know what technology you are using. But just in case of iOS, you can use this demo app which describes 3 simple ways to interact with the GitHub API.
Note: This demo app provide only few selected functionality.
GitHub-Interaction
Hope this helps!!
As of today, the GitHub v3 API documentation explicitly states:
Create
Create a new repository for the authenticated user. (Currently not enabled for Integrations)
EDIT:
The "not enabled for Integrations" means, if you get your OAuth token via one of your OAuth apps (which is an "integration") the GitHub API will refuse to create a repository with that function.
However, if you use some other access token (e.g. a personal access token you add yourself, see below) then the GitHub API will happily create a repository for you with the very same API call.
curl -u your_username -d '{"scopes":["repo"], "note":"Description of personal token"}' https://api.github.com/authorizations
That's the reason why the solution presented by Ian Warner works. The solution with PyGithub will suffer the same limitation. Only the token makes the difference!
EDIT: Not entirely true: With OAuth you can specify the scope to attach specific permissions to your OAuth token when authenticating (OAuth app flow). For creating repositories you need to have the 'repo' scope. (See also: Github v3 API - create a REPO)