I am trying to auth with the Docker registry API at https://registry-1.docker.io/v1/
I am trying to do calls like
https://registry-1.docker.io/v1/repositories/_/ubuntu/tags
However I keep getting a reply as below:
401
{ server: 'gunicorn/18.0',
date: 'Sun, 01 Mar 2015 12:19:13 GMT',
connection: 'close',
expires: '-1',
'content-type': 'application/json',
'www-authenticate': 'Token',
pragma: 'no-cache',
'cache-control': 'no-cache',
'content-length': '35',
'x-docker-registry-version': '0.8.2',
'x-docker-registry-config': 'prod',
'strict-transport-security': 'max-age=31536000' }
{"error": "Requires authorization"}
I have read all available guidelines as in the docs and forums.
Following those guidelines I first auth towards the HUB and request a Token. This suceeds and I get the token and a cookie from the HUB. Then I supply all this towards the Registry API as follows:
{
'set-cookie': 'csrftoken=VfHe6...; Expires=Sun, 28 Feb 2016 12:19:13 GMT; Max-Age=31449600; Path=/; Secure',
'www-authenticate': 'Token signature=VfHe6...,repository="ubuntu",access=read',
'x-docker-token': 'Token signature=VfHe6...,repository="ubuntu",access=read',
Authenticate: 'Token signature=VfHe6...,repository="ubuntu",access=read',
Authorization: 'Token signature=VfHe6...,repository="ubuntu",access=read'
}
There is this single line in the docs you shared:
Token is only returned when the X-Docker-Token header is sent with request.
You need to send 'X-Docker-Token: true' when you authenticate on the hub, then you receive in the header a 'X-Docker-Token' back. Send this out as 'Authorization:' to the registry in 'X-Docker-Endpoints' and you're in.
Good luck! :)
Related
For the cookie that is attached to http request we use "req.headers.cookie". Just like that I want to be able to console log the set-cookie value.
Currently I'm using "res._headers" which logs
[Object: null prototype] {
'x-powered-by': 'Express',
location: 'secrets',
vary: 'Accept',
'content-type': 'text/html; charset=utf-8',
'content-length': '58',
'set-cookie': [
'connect.sid=s%3A0nacHXK6fTKoQwBsVNvjW659OltdoVMR.L38W5Exjqg7wHnx70MF8OQu05uOFzWrrxJCgZ41RX7o; Path=/; HttpOnly'
]
But how can I just log the connect.sid(set-cookie) value?
Tried: res._headers"
I'm new to VISA developer and trying to send requests to https://sandbox.api.visa.com/cofds-web/v1/datainfo to check whether the credit card is valid or not in Python.
Python code:
cert = 'C:\\Users\\user\\visa_cert\\cert.pem'
ca_cert = 'C:\\Users\\user\\visa_cert\\ca_cert.cer'
key = 'C:\\Users\\user\\visa_cert\\my_key.pem'
user_id = 'your user id of your project'
password = 'your password of your project'
timeout = 10
cred_info = 'credit_info.json'
payload = json.loads('''{
"requestHeader": {
"requestMessageId": "6da6b8b024532a2e0eacb1af58581",
"messageDateTime": "2019-02-35 05:25:12.327"
},
"requestData": {
"pANs": [
4072208010000000
],
"group": "STANDARD"
}
}
''')
try:
response = requests.post(url,
verify = (ca_cert),
cert=(cert, key),
# headers = headers,
auth=(user_id, password),
json = payload,
timeout=timeout
)
except Exception as e:
print(e)
Execution itself succeeded, but the response says the "Ecpectd input credential was not present"
Response header and contetns are as below.
# response header:
{'Server': 'nginx', 'Date': 'Fri, 03 Jun 2022 13:52:17 GMT', 'Content-Type': 'application/json;charset=UTF-8', 'Content-Length': '130', 'Connection': 'keep-alive', 'X-SERVED-BY': 'c6795c5t4', 'X-CORRELATION-ID': '1654264337_872_241384137_c6795c5t4_VDP_WS', 'X-ERROR-ORIGIN': '9200', 'X-APP-STATUS': '400', 'X-Frame-Options':
'SAMEORIGIN', 'X-XSS-Protection': '0', 'X-Content-Type-Options': 'nosniff', 'Strict-Transport-Security': 'max-age=31536000;includeSubdomains', 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '-1'}
# response content:
b'{"responseStatus":{"status":400,"code":"9125","severity":"ERROR","message":"Expected input credential was not present","info":""}}'
I followed the instruction here(https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl#configuring_a_twoway_ssl_keystor...) to generate the CA certificate, double-checked my user_id and password are correct and two-way SSL certificate is active.
I googled this error, but I'm still not sure how to fix this problem.
Thank you.
passiveradio
So this API requires Message Level Encryption so I have been struggling to figure out how to implement the MLE with the API, if you try to use the Visa Developer Center with MLE enabled you will get the error you're getting but if you run it with MLE enabled it works.
So if you figure out how to implement MLE in the code I would be grateful because the documentation is very vague.
https://developer.visa.com/pages/encryption_guide
I'm still learning on how to use REST API. Right now I want to integrate a FatSecret Rest API for my mobile apps development. I'm currently stuck at step 2 here.
This is my current code which I referred from HERE (under CLIENT CREDENTIALS GRANT TYPE section):
import requests, json
import urllib3
urllib3.disable_warnings()
token_url = "https://oauth.fatsecret.com/connect/token"
test_api_url = "https://platform.fatsecret.com/rest/server.api"
#client (application) credentials
client_id = "<CLIENT_ID>"
client_secret = "<CLIENT_SECRET>"
#step A, B - single call with client credentials as the basic auth header - will return access_token
data = {'grant_type': 'client_credentials',
'scope': 'basic'}
access_token_response = requests.post(token_url, data=data, verify=False, allow_redirects=False, auth=(client_id, client_secret))
print(access_token_response.headers)
print(access_token_response.text)
print(access_token_response.status_code)
tokens = json.loads(access_token_response.text)
print("access token: " + tokens['access_token'])
#step B - with the returned access_token we can make as many calls as we want
api_call_headers = {'Authorization': 'Bearer ' + tokens['access_token']}
api_call_response = requests.get(test_api_url, headers=api_call_headers, verify=False)
print(api_call_response.text)
But I got these errors:
{'Date': 'Wed, 03 Nov 2021 14:13:17 GMT', 'Content-Type': 'application/json; charset=UTF-8', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Set-Cookie': 'AWSALB=ulzLdAF+yzvlb1zyySg3WOSoBgvDZVL924yxgKUcgcXfDccOCZVe+toy32y9oHStYz3ljYQBgSuXCZvC5bKSALd5nRVnsmb/kOipLY7EcSG5qUjcDUkkfkRxbtjj; Expires=Wed, 10 Nov 2021 14:13:16 GMT; Path=/, AWSALBCORS=ulzLdAF+yzvlb1zyySg3WOSoBgvDZVL924yxgKUcgcXfDccOCZVe+toy32y9oHStYz3ljYQBgSuXCZvC5bKSALd5nRVnsmb/kOipLY7EcSG5qUjcDUkkfkRxbtjj; Expires=Wed, 10 Nov 2021 14:13:16 GMT; Path=/; SameSite=None; Secure', 'Cache-Control': 'no-store, no-cache, max-age=0', 'Pragma': 'no-cache', 'Server': 'Kestrel', 'X-Powered-By': 'ASP.NET'}
{"error":"invalid_client"}
400
---------------------------------------------------------------------------
KeyError Traceback (most recent call last)
<ipython-input-24-9611470e9c26> in <module>()
24 tokens = json.loads(access_token_response.text)
25
---> 26 print("access token: " + tokens['access_token'])
27
28 #step B - with the returned access_token we can make as many calls as we want
KeyError: 'access_token'
I've already tried some other solutions on this platform but most of them would return this error like {"error":"invalid_request"} or {"error":"invalid_client"}.
I'm not sure what went wrong? Is it the OAuth2.0? Should I use other oauth? Can someone kindly help me how to get through this. Thank you in advance.
Two things:
The error (invalid_client) sounds like the client_id is not recognized by the service. I would suggest trying curl (see the example they listed) to make sure the service provides a good response to your credentials before trying to get it to work in your script.
Without seeing the variable "tokens", I cannot tell if the JSON conversion was successful or not. I would check the type of tokens to see if the JSON was successfully converted and if that key exists.
I have a developer token for box and the box app all set up. when I use Postman I get the data that I am looking for returned. I have looked at the headers that Postman is sending and have provided the same in my code.
axios({
async: true,
crossDomain: true,
url: 'https://api.box.com/2.0/files/<File ID>/',
method: 'GET',
headers: {
'Postman-Token': '<Postman Token>',
'cache-control': 'no-cache',
Authorization: 'Bearer <Developer Token>',
Accept: '*/*',
},
}).then((res) => {
console.log(res);
}).catch(console.error);
This returns a 403 in the browser.
This is the Response Headers from Postman:
Date:"Wed, 03 Apr 2019 06:04:45 GMT"
Content-Type:"application/json"
Transfer-Encoding:"chunked"
Connection:"keep-alive"
Strict-Transport-Security:"max-age=31536000"
Cache-Control:"no-cache, no-store"
ETag:""0""
Content-Encoding:"gzip"
Vary:"Accept-Encoding"
BOX-REQUEST-ID:"<BOX-REQUEST-ID>"
Age:"0"
Response Headers from bowser
Access-Control-Allow-Origin: *
Age: 0
BOX-REQUEST-ID: <BOX-REQUEST-ID>
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json
Date: Wed, 03 Apr 2019 06:36:01 GMT
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Origin,Accept-Encoding
Error in browser dev tools
GET https://api.box.com/2.0/files/<File ID>/ 403 (Forbidden)
Error: Request failed with status code 403
at createError (createError.js?2d83:16)
at settle (settle.js?467f:18)
at XMLHttpRequest.handleLoad (xhr.js?b50d:77)
From a ReactJS - Redux front app, I try to get the Location Header value of an REST API response.
When I Curl this :
curl -i -X POST -H "Authorization: Bearer MYTOKEN" https://url.company.com/api/v1.0/tasks/
I Have this answer :
HTTP/1.1 202 ACCEPTED
Server: nginx
Date: Fri, 12 Aug 2016 15:55:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: https://url.company.com/api/v1.0/tasks/status/idstatus
When I make a Fetch in ReactJS
var url = 'https://url.company.com/api/v1.0/tasks/'
fetch(url, {
method: 'post',
credentials: 'omit',
headers: {
'Authorization': `Bearer ${token}`
}
}
)
I don't have any Headers in the response object :
No header in Fetch request
I tried all the response.headers functions I've found in https://developer.mozilla.org/en-US/docs/Web/API/Headers :
response.headers.get('Location');
But well, as headers is empty, I have empty results.
Do you know why I can't get a proper Header object filled with the headers values ?
Thanks to John, I've found the answer.
I just had to put
Access-Control-Expose-Headers: Location
To my response headers and it worked, so now I can access Location value with :
response.headers.get('Location');
Thx John !
Besides to expose the Location Header in the server.
I just could access the location in the react application with:
response.headers.location;