Currently I'm accessing JIRA API in C#.Net application with username and password. But I need to access the JIRA API without entering a username and a password even without hashed username and passwords. Is there any way to create an API key and access JIRA API with that?
Yes, JIRA supports OAuth for that purpose, see: https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Example+-+OAuth+authentication
Unfortunately there's no C# sample code provided, but you should be able to assemble a solution from the other programming languages here:
https://bitbucket.org/atlassian_tutorial/atlassian-oauth-examples/src
You should use a generic OAuth library anyhow.
Oauth is great for when you need the actual user to log in and you are in the context of a browser.
However, for server-to-server communication that is not linked to any specific user (e.g. CI) you may want to create a "bot" account on your jira server and authenticate with API tokens. Creation of tokens is described here: https://confluence.atlassian.com/cloud/api-tokens-938839638.html
Then you can use [user-email]:[auth-token] as user/password to basic auth. Examples:
Curl
curl -u bot#company.com:AAABBBCCC https://[company].atlassian.net/rest/api/latest/issue/DEV-123
NodeJS got:
const issueContent = await gotService.get(
'https://[company].atlassian.net/rest/api/latest/issue/DEV-123',
{
auth: 'bot#company.com:AAABBBCCC'
}
)
Best approach for this is to read the documentation of the JIRA version you are using, since different versions could have different ways to approach Rest APIs.
For me below endpoint worked with Basic auth:
curl -u username:password -X GET -H "Content-Type: application/json" http://localhost:8080/rest/api/2/issue/createmeta
Related
So, I'm build an API System. I want to use KeyCloak for authentication as well as user management because it has a nice access control. I'm integrating it with Ktor and I want my user to use their own UI. Or at least, I want to make the UI.
I've read about Theme Customization but that's not what I want. I also come to know that the KeyCloak UI is tightly integrated within their code. I was just hoping to know if at least when one of the client app is a mobile app, would I be able to use for example android UI for the whole login flow?
If it's not possible which I think it's unlikely to be possible, is there any other library or framework for access control, prefereably one that work with Ktor?
If you do not want to use Keycloak UI nor create your own custom themes, you can leverage the Resource Owner Password Credentials Grant flow.
For this create a new or use an existing confidential client. Make sure to toggle the Direct Access Grants Enabled switch to ON.
After this obtain a token from your client (web page, CLI, mobile). Here I'm using curl and jq for simplicity:
KCHOST=https://yourkeycloak.com
REALM=your-realm
CLIENT_ID=your-confidential-client
CLIENT_SECRET=xxxxxxx-yyyyyyyy-zzzzzzzzz
ACCESS_TOKEN=`curl \
-d "client_id=$CLIENT_ID" -d "client_secret=$CLIENT_SECRET" \
-d "grant_type=client_credentials" \
"$KCHOST/auth/realms/$REALM/protocol/openid-connect/token" | jq -r '.access_token'`
P.S. For debugging I have created a CLI tool called brauzie that
can help you fetch and analyse your JWT tokens (scopes, roles, etc.). It could
be used for both public and confidential clients. You could as well
use Postman and https://jwt.io
HTH :)
You can also use the Keycloak Admin Client as described here.
As all I want to do is connect to my own site, I should be able to ignore oAuth and do token-baseed authentication as per:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
My curl request looks exactly like:
curl -X POST "https://magento.host/index.php/rest/V1/integration/admin/token" \
-H "Content-Type:application/json" \
-d '{"username":"test#example.com", "password":"123123q"}'
The response I get is a HTML page from my own site that basically says 'page not found' I'm obviously going to the correct domain, but it seems something else in the URL is incorrect. Any ideas?
Am I using the wrong URL?
In version 1.9 you need to create a Guest endpoint. Then you don't need to use oAuth. You can see how to use it here: http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
An authentication system that uses REST so that you do not need to actually track or manage the users in your system. This is done by using the HTTP methods POST, GET, PUT, DELETE. We take these 4 methods and think of them in terms of database interaction as CREATE, READ, UPDATE, DELETE.
There is no direct way to use REST token based authentication on the Magento 1.x version. You need to write this functionality to you for your own. I have write this functionality by using REST API and you can also follow this article for more details.
https://www.ipragmatech.com/magento-token-base-rest-api-for-authentication-and-authorization
I have a jenkins server using the Github OAuth plugin and authorized in the "Authorized applications" section of github, it works fine from my browser, i can access to the jenkins server as long as i'm authenticated with github.
Is there a way to access to the jenkins server api using oauth credentials/token from CURL or a ruby client?
I've generated a token in https://github.com/settings/applications -> Personal access tokens -> Generate new token (there is no option to scope it to a third party application)
that token works fine to access github :
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://api.github.com/user
however, that token is not valid for jenkins-server:
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://jenkins-server/user/restebanez/api/json/\?pretty\=true
It generates this error:
<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
```
the jenkins server has installed GitHub API Plugin 1.58 and Github Authentication plugin 0.19
I'm probably missing some fundamentals of oauth b/c i have googled this for a while and i haven't found anything
I'm not sure if you ever got to the bottom of this, but after trying several routes I finally got a scripted build using Github OAuth on Jenkins. The trick is that the API token is not one for GitHub but rather one from Jenkins.
For my setup I have a machine user on github, I logged in normally via the web with that user, then clicked on the username in the upper right corner. From there I clicked "Configure" on the left-hand menu, and finally "Show API Token" in the main content area.
Once I had that I could run:
curl --user <username>:<api_token> https://jenkins-server/user/<username>/api/json/?pretty=true
More information.
You should just use a Jenkins API token. This is configurable per user. See $JENKINS_URL/me
This will allow your scripted client to access Jenkins regardless of whatever authentication strategy is being used.
You should use "Basic" rather than "token"
For example:
curl -H "Authorization: Basic cfbcff42e6a8a52a1076dd9fcxx"
https://jenkins-server/user/restebanez/api/json
This worked for me (using getting commit statuses as an example):
url=https://api.github.com/repos/myowner/myrepo/commits/f40ddce88593482919761f74910f42f4b84c004b/statuses
curl -X GET -u :${GITHUB_TOKEN} ${url}
Does the WSO2 API Manager provide APIs for user registration and management?
To be more specific, the documentation states that the user can sign up using the store interface. Is there also an equivalent API that I can use to:
register new users
to authentication existing users
to initiate password recoveries
Please add the wso2am tag to this question (see related comment).
Apart from managing users through the product's Management Console, every carbon server also exposes its management services as web services.
As far as user management is concerned, you can find API samples at the following links (note that these might be specific to work on a particular carbon version):
https://svn.wso2.org/repos/wso2/people/asela/wso2-samples/user-manager/user-admin-client/
http://blog.facilelogin.com/2010/05/managing-users-and-roles-with-wso2.html
Yes, API Store has an exposed API which can be used to register new users (User Signup) and authenticate users (Login).
SignUp
curl -X POST -b cookies http://localhost:9763/store/site/blocks/user/sign-up/ajax/user-add.jag -d "action=addUser&username=user2&password=xxx&allFieldsValues="
(Above allFieldsValues will be | seperated values for user fields, firstname, lastname, email, etc. ex :allFieldsValues=lakmali|erandi|lakmali#abc.com)
Login
curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d 'action=login&username=user1&password=xxx'
But password recovery functionality is not available yet. It will be avilable in future releases.
I'm trying to create a repo using Github API, but it always return this JSON:
{"message":"Not Found"}
But this error appears only when I try to create using OAuth access token in request header, if I use username and password, API create the repo and return a successful message.
Anyone had problems with this API endpoint?
You can create a new repository using the Python library, PyGithub.
from github import Github
g = Github("your username", "your password")
g = Github("your token") # safer alternative, if you have an access token
u = g.get_user()
repo = u.create_repo("name-of-your-repo")
This should solve your problem.
I had a different message come up with this
curl -i -d '{"name":"NAME"}' https://api.github.com/orgs/:ORG/repos?access_token=XXX
{
"message": "Must be an owner or admin of Organization."
}
But still not sure why I cannot create either
Ok
This worked for me
Create Auth Token
curl -u 'iwarner' -d '{"scopes":["repo"],"note":":NAME"}' https://api.github.com/authorizations
Create Repo - Need to contain "Authorization: token"
curl -i -H 'Authorization: token TOKENHERE' -d '{"name":":NAME"}' https://api.github.com/user/repos
This works, just tried it.
curl -F 'login=c00kiemon5ter' -F 'token=s3cr3t' https://github.com/api/v2/json/repos/create -F 'name=testapi' -F 'public=0'
Are we talking about API v2 or v3 ?
I do not know what technology you are using. But just in case of iOS, you can use this demo app which describes 3 simple ways to interact with the GitHub API.
Note: This demo app provide only few selected functionality.
GitHub-Interaction
Hope this helps!!
As of today, the GitHub v3 API documentation explicitly states:
Create
Create a new repository for the authenticated user. (Currently not enabled for Integrations)
EDIT:
The "not enabled for Integrations" means, if you get your OAuth token via one of your OAuth apps (which is an "integration") the GitHub API will refuse to create a repository with that function.
However, if you use some other access token (e.g. a personal access token you add yourself, see below) then the GitHub API will happily create a repository for you with the very same API call.
curl -u your_username -d '{"scopes":["repo"], "note":"Description of personal token"}' https://api.github.com/authorizations
That's the reason why the solution presented by Ian Warner works. The solution with PyGithub will suffer the same limitation. Only the token makes the difference!
EDIT: Not entirely true: With OAuth you can specify the scope to attach specific permissions to your OAuth token when authenticating (OAuth app flow). For creating repositories you need to have the 'repo' scope. (See also: Github v3 API - create a REPO)