I am building a program that will list albums/folders and images from my Amazon Cloud Drive. I am able to authenticate and get a token by following the instructions here at amazon public apis.
I am having trouble with the next call to get my endpoints described here under Account API.
Using get
GET : {{metadataUrl}}/account/endpoint Gets the customer end-point against
which REST queries will be executed.
So my request looks just like this in fiddler and on my site just like it is described on the Amazon site here under Get Endpoint. The only differences is the token for obvious reasons.
Sample Request:
GET /drive/v1/account/endpoint HTTP/1.1
Host: drive.amazonaws.com
Authorization: Bearer
Atza|IQEBLjAsAhQ5zx7pKp9PCgCy6T1JkQjHHOEzpwIUQM
My response is:
{
"message":"Authorization header requires 'Credential' parameter.
Authorization header requires 'Signature' parameter.
Authorization header requires 'SignedHeaders' parameter.
Authorization header requires existence of either a 'X-Amz-Date'
or a 'Date' header. Authorization=Bearer"
}
What I am expecting:
{
"customerExists": true,
"contentUrl": "https://content-na.drive.amazonaws.com/cdproxy/",
"metadataUrl": "https://cdws.us-east-1.amazonaws.com/drive/v1/"
}
I did find some information about building the objects in my response from amazon, however, it's not listed in the documentation on the amazon developer site. Is this something new that has not been updated in the docs or am I doing something wrong?
I had a new line between Authorization: Bearer and my token Atza|IQEBLjAsAhQ5zx7pKp9PCgCy6T1JkQjHHOEzpwIUQM. After removing the new line my issue was fixed..
Related
I have two headless backend services: Saleor and Strapi, which provide with GraphQL API for e-commerce development. The problem was to find a service, which can stitch two( or more ) GraphQL schemas so that I can have access to them by one endpoint. Such service is StepZen. Normally when trying to fetch requests on StepZen you would have to do it with
{
"Authorization": "apikey <apikey>"
}
as a header. And it would also work. But when you have some fields in schemas you stitching which Require JWT authentication you need somehow to pass in Authorization header Bearer token. In StepZen there is an opportunity to forward headers, so theoretically I could use that to forward Authorization header to fields, because StepZen also provides JWT Authentication when making your request instead of using API-Key. And THAT is the main problem(failing to access StepZen with only Bearer Token).
As it stays in documentation I changed my config.yaml file accordingly:
deployment:
identity:
jwksendpoint: https://<MY-DOMAIN>/.well-known/jwks.json
access:
policies:
- type: Query
policyDefault:
condition: '?$jwt'
Unfortunately trying after this accessing the endpoint with the Bearer Token as the value of Authorization header like this:
{"Authorization" : "Bearer <token>"}
got me always the same 401 error from StepZen, NOT Saleor( Unauthorized: missing or not allowed ), which means that none of my requests reach its endpoint. I am totally lost, because I tried already all combinations from the StepZen docs of config.yaml file and none of that worked. I would be very happy if someone could explain me what the problem is.
I'm attempting to interact with the Google Sheets API and running into an inexplicable problem that I'm finally reaching out to see how anyone else may have tackled it. Put simply, I can use the in-page API Explorer tool with only the https://www.googleapis.com/auth/spreadsheets.readonly OAuth2 scope at https://developers.google.com/sheets/api/reference/rest/v4/spreadsheets/get to query my spreadsheet (just the spreadsheet ID, leaving all other fields to empty defaults) and I'll see the 200 with the response in the bottom as expected.
Of course, I can't re-use the same access token that tool uses, but if provision an access code for the same user for my own app (same scope), and make the same GET request to https://sheets.googleapis.com/v4/spreadsheets/<spreadsheetId> in Postman (again, no other fields populated), substituting the access token into the Authentication header with Bearer <accessToken>, I get a 404.
I know the file is there - I've triple checked that I'm using the same spreadsheet ID across either request and I'm consistently getting a 404 (not a 401 or 403) indicating that my access token does authenticate.
I've tried broadening my OAuth2 scopes to include the full range listed on the API Explorer:
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/drive.readonly
https://www.googleapis.com/auth/spreadsheets
https://www.googleapis.com/auth/spreadsheets.readonly
Of course, I don't want to have to use all those scopes for my purposes - I'd like to use the most narrow scope possible, but I also wanted to rule out that it wasn't failing to work for some scoping scenario. No difference - still a 404 every time I make the request in Postman. I've tried issuing multiple access tokens now, using accounts.google.com to invalidate the tokens for my app between re-issuances, but to no avail.
To be clear, the Google Sheets API has been enabled for my app.
In hopes that someone else has experienced the same inability to query Google's v4 REST API despite using valid access tokens, could you share how you managed to do it?
I appreciate it!
Update:
So I've been playing around with the OAuth 2.0 Playground shared in the comments and found that the authorization endpoint I was using was identical, but the token endpoint differed. This doesn't seem to matter since I used the custom option to use the alternate endpoint and the Playground was still able to work without issue just like the API Explorer.
Using the custom entries, I also entered my own app's client ID and client secret (after registering the playground redirect URI), minimizing the differences between what I'm doing in Postman and in the various Google tools. Again, my GET request to the spreadsheet works without issue.
Just to be clear, here's what I've been doing in the Playground:
In Step 1, I've specified the https://www.googleapis.com/auth/spreadsheets.readonly scope to authorize. I click the Authorize APIs button and log in with the user account.
It returns with the authorization code, so I exchange that code for the tokens via a POST to the token endpoint.
I then make a GET request to https://sheets.googleapis.com/v4/spreadsheets/<spreadsheetId> with no additional headers and it works without issue - 200 OK and all the data I'm expecting to see.
Here my approach in Postman:
Make a GET request to:
https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&response_type=code&redirect_uri=https://<myDomain>/oauthResp&client_id=<appClientId>&scope=https://www.googleapis.com/auth/spreadsheets.readonly&state=abc123
Receive a response similar to the following in my browser on the redirect (since the domain intentionally 404s).
https:///oauthResp?state=abc123&code=zyx098&scope=https://www.googleapis.com/auth/spreadsheets.readonly
Make a POST request to: https://www.googleapis.com/oauth2/v4/token with a body of:
client_id=<appClientId>
client_secret=<appClientSecret>
redirect_uri=https://<myDomain>/oauthResp
grant_type=authorization_code
Receive a response similar to:
{
"access_token": "abc123",
"expires_in": 3599,
"refresh_token": "zyx098",
"scope": "https://www.googleapis.com/auth/spreadsheets.readonly",
"token_type": "Bearer"
}
Make a GET request to https://sheets.googleapis.com/v4/spreadsheets/<spreadsheetId> with a 'Content-Type' header of application/json and an 'Authorization' header of Bearer abc123 (per the access token above).
Unlike the API Explorer and the OAuth 2.0 Playground, this yields a 404 - exactly the issue I've been experiencing for no obvious reason.
Further, if I simply take the fresh access token from the Playground and drop that into Postman, I get the same 404.
Any other ideas?
I am using Google Cloud Endpoints with JWT Authorization and I am trying to Upload File from API.
There is no Issue with JWT as it is already working correctly with all other types ex. [application/JSON].
API POST Call (api/document/processrequest) with Content Type as multipart/form-data is saying Bad Format Response from Google Endpoints for Same Token.
API Post Call (api/document/processrequest) with ContentType (application/JSON) have no issues.
Is Google Cloud Point not supporting multipart/form-data?
Authorization Token is passed in Header. Authorization: Bearer [Token]
Everything works fine in Localhost/Development Environment without Endpoint.
Error Generated In Stackdriver Log:
Firebug error sample call:
Firebug success sample call with application/json:
I have specified application/JSON and multipart/form-data both in openapi specification.
Endpoints does not support multipart/form-data.
GET /imfpush/v1/apps HTTP/1.1
Host: mobilefoundation-3b-mf-server.mybluemix.net
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImp....
Content-Type: application/json
another type of invocation
curl -X GET -H "Authorization: Bearer eyJhbGciOiJSUzI1N...." "https://mobilefoundation-3b-mf-server.mybluemix.net/imfpush/v1/apps"
Error 502: Failed to make token request, reason: Unsuccessful request to Authorization Server, server responded with status code: 400 and body : {"errorCode":"invalid_client"}, check the Authorization URL: http://localhost:8080/mfp/api/az/v1/token
TL;DR: right now looks like there is a bug in the /imfpush/v1/apps endpoint where it does not filter the applications by the vendor (APNS, GCM, WNS), so you can only get a list of all applications instead...
Note however that it all depends on your end goal. You can accomplish this by code or by using tools such as curl or Postman, Swagger etc... it all depends on what you want to achieve.
Here are 3 ways:
In the local development server - not available in Mobile Foundation service on Bluemix, you can use this URL to see the REST endpoints exposed in Swagger. You can then view push-enabled applications with this one: http://localhost:9080/doc/?url=/imfpush/v1/swagger.json#!/Applications/getAllApplications
First, in MobileFirst Operations Console > Runtime Settings > Confidential clients:
Add (just an example, choose your own) a new user client (id: user, secret: user)
Add the apps.read and push.application.* scopes
Be sure to click on the knob and add the apps.read and push.applications.* scopes.
You will also be asked to authorize. Use the username and password for the user confidential client that you previously created.
Using the /imfpush service, as described below.
Using the mfpadmin service, as described below.
In my examples I will use Postman.
In MobileFirst Operations Console > Runtime Settings > Confidential clients:
Added (just an example, choose your own) a new user client (id: user, secret: user)
Added the apps.read and push.application.* scopes
Obtained an access token by making a POST request to http://localhost:9080/mfp/api/az/v1/token with:
Authorization tab:
Type: Basic Auth
user: user
password: user
Body tab:
x-www—form-urlencoded
grant_code: client_credentials
scope: apps.read push.application.*
Obtained the list of applications by making a GET request to http://localhost:9080/imfpush/v1/apps with:
Headers tab:
Authorization: Bearer the-access-token-from-step-2
To filter the list by platform, the URL should change to the following, like the example in the API documentation: http://localhost:9080/imfpush/v1/apps/?expand=true&filter=platform==A&offset=0&size=10 But since this does not work right now... use: http://localhost:9080/imfpush/v1/apps/
Of course, you need to change localhost to your server's host.
To only obtain a list of all applications, it'd be faster to use the mfpadmin service applications endpoint. Using Postman:
Created a new GET request to http://localhost:9080/mfpadmin/management-apis/2.0/runtimes/mfp/applications
You can change the domain to yours.
In the Authorization tab, I have set the following:
Type: Basic Auth
Username and Password: your username and password (to the console)
In return I have received a list of registered applications.
In my Rails 3 app, I am able to successfully authenticate using Oauth2 and able to get the metadata for a file. The downloadUrl is
https://doc-10-3o-docs.googleusercontent.com/docs/securesc/tj647mo7q16s2rquitcrcv800pkn7gcf/ap67p147th03cn8rjpu68i8qva3p7i8j/1345240800000/02289284805103305740/02289284805103305740/0BwsQ03A3DXbCTVBjUDlNNzNJNDQ?h=16653014193614665626&e=download&gd=true
The documentation states that I must do the following:
Gets a file's metadata by ID. To download a file's content, send an authorized HTTP GET request to the file's downloadUrl
I do not wish to use Google APIs Client Library for Ruby, but simply formulate a HTTP Request using HTTParty
Here is a snippet of the code I've been trying to get to work
response = HTTParty.get(https://doc-10-3o-docs.googleusercontent.com/docs/securesc/tj647mo7q16s2rquitcrcv800pkn7gcf/ap67p147th03cn8rjpu68i8qva3p7i8j/1345240800000/02289284805103305740/0?access_token={token})
open("/User/mymachine/test.pdf", 'wb'){|pdf| pdf << response.body}
I'm pretty sure I'm formulating the request wrong. Any help would be greatly appreciated. Thanks in advance.
You have to add the Authorization: Bearer header to your request, together with the access token you retrieved during the OAuth 2.0 flow.
Basically, your HTTP request must look like the one in the OAuth 2.0 documentation:
https://developers.google.com/accounts/docs/OAuth2WebServer#callinganapi
I'm not a Ruby expert, but the request using HTTParty should be:
response = HTTParty.get(downloadUrl, :headers => {"Authorization" => "OAuth {token}"})
Where downloadUrl is the one you got from the file's metadata and token is the access token you retrieved when performing authorization.