I am trying Token based authentication with NancyFX. Token is getting generated perfectly but when I am passing header in Get Request, I can't get pass this.RequiresAuthentication() and getting unauthorized error.
Here is my token format
Token:{ token: "ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=" }
Am I passing wrong way?
I have also tried
Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}
and also
"Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}"
But nothing work.
Please let me know if any more details are required.
The value of the authorization header must simply read "Token ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY" (no quotes).
The brackets in the documentation threw me off as well.
Related
I receive an error in the emulator when I try to check for a custom claim field that does not exist on the request.auth.token object when checking storage.rules. The request fails which is correct if the property is missing but I am concerned about the error.
function isPlatformVerified() {
return request.auth.token.platformVerified == 'ok';
}
and this is the error shown in the emulator:
com.google.firebase.rules.runtime.common.EvaluationException: Error: /Users/marcel/git/dev/storage.rules line [68], column [14]. Property platformVerified is undefined on object.
I wish to check if the custom claims has this property and if it has that it contains the correct value. How do I do this without getting an error (or can I ignore this??)
Many thanks
Most likely the custom claim hasn't propagated to the client and rules yet.
Custom claims are part of the token that the client sends with its requests, and that token is only auto-refreshed once per hour. So it may take up to an hour before a new claim shows up in the client, and thus in the security rules.
You can force a refresh of the ID token on the client by calling user.reload(), to ensure that the new claims will be present before the auto-refresh.
I'm trying to make an authorized Google API call using a JWT.
But when I send the request I get this error:
{
"error": "invalid_grant",
"error_description": "Invalid JWT Signature."
}
I'm following this manual https://developers.google.com/identity/protocols/oauth2/service-account#httprest
The JWT consists of three parts: header, claim set and signature. The header is always the same for authentication and I set every neccessary parameter in the claim set.
Now for the signature it says that you have to encode the header and claim set using Base64url and concatenate them together with a period: {Base64url encoded header}.{Base64url encoded claim set}
Then you sign this using SHA256withRSA and encode the result as well using Base64url again. After that you get the JWT also by concatenating them together: {Base64url encoded header}.{Base64url encoded claim set}.{Base64url encoded signature}
But when I send the request using the JWT I always get the said error. I also tried encoding it first and then signing it but I get the same result.
Am I creating the signature correctly?
If so does anyone have an idea what else the problem could be?
So with the information you provided, your signature is invalid.
You can use https://jwt.io debugger to validate your token and compare the Base64url results.
I'm trying to get access token from hail after get an authorization code from url https://hail.to/oauth/authorise?client_id={$client_id}&redirect_uri={$redirect_url}&response_type=code&scope=user.basic+user.manage+org.basic+content.read+content.read+content.connections
After getting the code from the above url, the documentation they provide does not state what should be the correct parameter to get an access_token. The documentation says it should be a POST method to get access token by using url https://hail.to/api/v1/oauth/access_token?client_id={$client_id}&client_secret={$client_secret}&grant_type=authorization_code&code={$client_access_token_code}&redirect_uri={$redirect_url}.
When I try this, I get the following error response:
{
"error" : {
"message" : "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter.",
"error_code" : null
}
}
If anyone has faced this problem, please help me out on this.
I don't know what should be the correct parameter for grant type.
I am newbie to jmeter. I am trying to test to login to my site say (example.com/session/new).
I have added the http cookie manager and 2 http request defaults.
In the first, am visiting example.com/session/new and extracting the authenticity token in the response data using regex meta content="(.+?)"name="csrf-token" . Now, in the second http request, I have a post request with the parameters as
name:utf value:(tickmark)
name :authenticity_token value: ${token}
name:email value:test#test.com
name:password value:test.
name:commit value:Sign In
And then am asserting for a text post login.
When I run the test, the assertion fails. as it results in 404.
In the request, I can see utf8=%E2%9C%93+&authenticity_token=%24%7Btoken%7D&email=test%40test.com&password=test&commit=Sign+In. Please help me fix this.
I know this is an old post, but I've been struggling with this exact same query, so I've decided to post my answer in case it helps anyone - it worked first time for me. So after requesting the login page for my site, the following csrf token is embedded in the html response;
<input type="hidden" name="csrfToken" value="fe5a48ebda7b98cbbf885b4a220ebe0c23b11125-1459096615520-1ac64aa945986cb1bd318d9c"/>
So when making the initial request for the login page, instead of using a Regular Expression Extractor, if the token is in the body of the HTML response, use an XPath Extractor instead.
If your response is not XML/XHTML compliant then tick the 'use tidy' checkbox.
For reference name add the reference you wish to refer to the token as e.g. token. When you add your parameters to the login request, you can then refer to your csrfToken as ${token}
Then for X-Path query use;
//input[#name="csrfToken"]/#value
The following tutorial shows you how to use a Regular Expression Extractor, but it should also help you to understand how to set up the query a bit more;
https://www.youtube.com/watch?v=SVxB3Tk4O4A&feature=iv&src_vid=hGkrSFKcj10&annotation_id=annotation_85358
Looks like you did every thing good , except correlation . After decoding your error url , I found that you correlation is not working . Below is the decoding URL "utf8=✓ &authenticity_token=${token}&email=test#test.com&password=test&commit=Sign In."
In your "Regular expression extractor" add below details
1. Reference Name:token
2. Regular Expression : name="csrfToken" value="(.+?)"
3. Template : $1$
4. Match No: 1
Note: Check the occurrences of "csrfToken", if you required first occurrence then enter 1 , if you required 2nd occurrence enter 2 ....etc.
When I use the following URI for the Google OAuth request I get error below:
"Realm didn't match redirect_uri/origin. Error code: 2".
Can anyone tell me what I am doing wrong?
https://accounts.google.com/o/oauth2/auth?client_id=client_id_copied_from_the_developer_console&response_type=code&scope=openid%20email&redirect_uri=https://mysite.your-now.com/oauth2callback&state=security_token%3D138r5719ru3e1%26url%3Dhttps://mysite.your-now.com/navpage.do&login_hint=mycompany#gmail.com&openid.realm=your-now.com&hd=your-now.com
The realm value you are providing as openid.realm is malformed.
More specifically, the openid4java match method is failing with a MALFORMED_REALM result. Make sure you are providing a valid url as realm!
Hope that helps.