i'm trying to create an application with the Admin Services from a webservice. So i called the admin Service "IdentityApplicationManagementService" and i use the function "createApplication".
To test it, i used SoapUI and it worked fine. I can see the App from the management console in the "Service provider" section. But when i log in the API Store as admin (for example), i can't see the application created.. So i can't subscribe any API with it.
So does somebody know how to make the application created visible on the Store ?
Apps created via admin services will not be available in store side. If you need to create applications using a REST service, you can use store api explained in this documentation. It will be available in the API store.
Login to Store :
curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d 'action=login&username=admin&password=admin'
Create and application via store api. :
curl -X POST -b cookies http://localhost:9763/store/site/blocks/application/application-add/ajax/application-add.jag -d 'action=addApplication&application=NewApp1&tier=Unlimited&description=&callbackUrl='
Related
I'm developing a solution that has: an Authorization Server (AS), a Resource Server and two clients. The two clients are: a web app with Angular 2 and a mobile app with Angular 2 + Ionic 2. I have started to develop the Authorization Server following this sample https://github.com/Baeldung/spring-security-oauth
For both the clients, I have decided to use the "Password Code Grant" because the client are trusted by the AS.
But now I have a problem storing the "client secret code" on the apps. Because the API (.../oauth/token) is secured by Basic Authentication so every time that I ask a token to the AS I need to send something like that:
curl.exe -v -u client_id:client_secret http://localhost:8080/backend/oauth/token -d grant_type=password -d client_id=client_id -d username=admin -d password=admin
So, the questions are:
Where I can store safely the client secret code on the apps?
Is it safe to remove the Basic Authentication from the oauth API?
Have I use another code grant type?
Thank you,
Paolo
Applications running in a browser (Angular) are not able to keep their secrets safe, so I would choose the OAuth2 Implicit flow. The implicit flow requires the use of HTTPS for communication with your Authorization Server, since the tokens are transferred over the network.
You should not remove the authentication from the token endpoint - it would compromise other flow types. For example the authorization grant flow doesn't require the client to be served by HTTPS and the auth code can be visible to anyone, so the token endpoint secret is important there (the Resource Server must ask for the tokens using HTTPS).
Using the implicit flow, you will have to check the validity time of the access token and request a new one before the current one expires. For example using the prompt=none auth request parameter.
Have installed the API Manager 1.10.0 on a single machine and got everything running. Created and published API containing Openstack's Keystone URL. However when i try to consume API via API console in API store i get the MANAGEMENT CONSOLE as i response.
Have looked at the curl sent and the IP is not right.
Curl request from API Console
Keystone API URLs
Why am i not able to use the API? Why is the Production endpoint in the API overview not used? (it works perfectly fine with a REST Client or even with the same Curl request once i change to IP)
When we construct API endpoint URLs we will use following properties defined in API Manager configuration file(api-manager.xml). If you haven't changed anything there then default ports(8280/8243) will appear there. If you can please try this with private browsing window with https session.
And if you replace curl with IP and correct port 8280, 8243 then did it worked as expected?
<GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint>
Thanks
sanjeewa.
I've been trying to integrate my application (ruby) with a Google AppScript (published as a Web Application with access level as 'only me') on behalf of a Google Apps account for quite some time, but I can't get a handle of it. Maybe I'm missing a key concept here or that sort of authentication/authorization isn't available when making requests in the background.
The script works fine when I'm logged in to gmail and access the script endpoint. I can also successfully connect to it using a sinatra application authenticated with openid.
I've already tried to use google-api-ruby-client, but I can't get the authorization scope right (service name). I've also tried clientlogin in gdata-ruby-util, to use Gmail login/password and get an authorization error message when trying to fetch from the script url.
Is it doable? Can anyone point me in the right direction?
Unfortunately, Contentservice in Apps Script (which I think you are using to create your webservice) doesn't provide any authentication mechanism. If you are accessing it from a server side script, you can use a token string which is known by your webservice app and your server to provide a level of security to your publicly accessible webservice.
Here are some similar discussion
How to use Google Apps Script ContentService as a REST server
Google App Script: ContentService web app usage
I have an application that monitors CI jobs, and I've added a jenkins installation to my account. Typically, this application is internal to the company I work at, but our jenkins servers aren't accessible outside the LAN.
To lookup the status of a build, I to a python urllib.urlopen on
http://hostname/job/job_name/lastBuild/api/json
then parse the json result
When trying to connect to https://webiken.ci.cloudbees.com, I get an HTTPError because the URL requires authentication. Is there anyway to configure my jenkins to be public?
Thanks,
Sam
you can use HTTP Basic authentication with your cloudbees credentials to access the API :
curl https://webiken.ci.cloudbees.com/job//api/json --user ndeloof#cloudbees.com:
Also see this wiki page on how to make your Jenkins instance public.
I am working on a cloud based application, I am assigned the work to implement Salesforce API in my application. I am done with all the authentication process and I am even able to push the leads in api.
But the problem is that I can only authorize my developer account thru it, the account from which I have taken consumer key and secret.
You need to create an package with your remote access settings (aka key & secret) and install it into the other org(s).