Normally we are able to play around with REST APIs related to application, since the application has method to let us create a JWT Token for authentication.
But we are unable to create an application, don’t understand where and we can get the token to authorize us to let us create an application.
Let me tell step by step how to do that
Open the file {AMS_INSTALL_DIR}/webapps/root/WEB-INF/web.xml and change the following line
<filter-class>io.antmedia.console.rest.AuthenticationFilter</filter-class>
with this one
<filter-class>io.antmedia.console.rest.JWTServerFilter</filter-class>
Open the file {AMS_INSTALL_DIR}/conf/red5.properties and change the following lines
server.jwtServerControlEnabled=false
server.jwtServerSecretKey=
with these ones. You can use any 32 character alphanumeric key.
server.jwtServerControlEnabled=false
server.jwtServerSecretKey=WRITE_YOUR_32_CHARACTER_SECRET_KEY
For our sample we use cizvvh7f6ys0w3x0s1gzg6c2qzpk0gb9 as secret key
Restart the service
sudo service antmedia restart
Generate JWT Token. There are plenty of libraries that you can do programmatically. The easiest way for now is using JWT Debugger. So our generated token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk
Make the call to Create Application as follows
curl -X POST -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk" "https://ovh36.antmedia.io:5443/rest/v2/applications/testapp"
The result should be something like {"success":true,"message":null,"dataId":null,"errorId":0}
The app should be generated in a couple of seconds. You can get the list of the applications with the following command
curl -X GET -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk" "https://ovh36.antmedia.io:5443/rest/v2/applications"
References:
Web Panel REST Methods
Web Panel REST Methods JWT Documentation
Related
I have created an application in the developer portal in WSO2 and am trying to generate a token using this curl command:
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=password&username=alex&password=alex123&scope=somescope" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But I get the below response:
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
I have tried also the following command :
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=client_credentials&client_id=&client_secret=" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But with no success, I can generate the token from the devportal no problem but while executing it does not recognize the client for some reason. Could someone tell me what might be the problem for this.
You are missing the client id and secret in the Authorization header. You need to base64 encode client id and secret.
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=Username&password=Password" -H "Authorization: Basic Base64(clientid:client_secret)"
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic VjhZRVdfUldISURZb0hJSU5yOTczVEhqYnBnYTpyVGg4N1VhUERPdGFlN25GUFFLc1pCR2FJdm9h"
So I kinda half solved it because it is still not giving me the desired behavior. In carbon port 9444 I added a user and assigned it roles to the application that I want the token and when executed the curl i got the token did the same thing for carbon but with port 9443 and it still displays as
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
Is there a reason for this?
The following are the complete steps on registering an application in devportal, generating the client credentials, generating the access token, and using the access token to invoke the API calls. Please note that all these steps are achieved via the wso2am-3.2.0 devportal REST API calls.
WSO2 REST APIs are protected using OAuth2 and access control is achieved through scopes. Before you start invoking the API, you need to obtain an access token with the required scopes. This guide will walk you through the steps that you will need to follow to obtain an access token. First, you need to obtain the consumer key/secret key pair by calling the dynamic client registration (DCR) endpoint. You can add your preferred grant types to the payload. A Sample payload is shown below.
{
"callbackUrl":"www.google.lk",
"clientName":"rest_api_devportal",
"owner":"admin",
"grantType":"client_credentials password refresh_token",
"saasApp":true
}
Create a file (payload.json) with the above sample payload, and use the cURL shown below to invoke the DCR endpoint. The authorization header of this should contain the base64 encoded admin username and password. Format of the request
curl -X POST -H "Authorization: Basic Base64(admin_username:admin_password)" -H "Content-Type: application/json" -d #payload.json https://<host>:<servlet_port>/client-registration/v0.17/register
Following is a sample response after invoking the above curl.
{
"clientId": "fOCi4vNJ59PpHucC2CAYfYuADdMa",
"clientName": "rest_api_store",
"callBackURL": "www.google.lk",
"clientSecret": "a4FwHlq0iCIKVs2MPIIDnepZnYMa",
"isSaasApplication": true,
"appOwner": "admin",
"jsonString": "{\"grant_types\":\"client_credentials password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api_devportal\"}",
"jsonAppAttribute": "{}",
"tokenType": null
}
Next, you must use the above client id and the secret to obtain the access token. We will be using the password grant type for this, you can use any grant type you desire. You also need to add the proper scope when getting the access token. All possible scopes for devportal REST API can be viewed in the OAuth2 Security section of this document and the scope for each resource is given in the authorization section of resource documentation. Following is the format of the request if you are using the password grant type.
curl -k -d "grant_type=password&username=<admin_username>&password=<admin_password>&scope=<scopes separated by space>" -H "Authorization: Basic base64(cliet_id:client_secret)" https://<host>:<gateway_port>/token
Shown below is a sample response to the above request.
{
"access_token": "e79bda48-3406-3178-acce-f6e4dbdcbb12",
"refresh_token": "a757795d-e69f-38b8-bd85-9aded677a97c",
"scope": "apim:subscribe apim:api_key",
"token_type": "Bearer",
"expires_in": 3600
}
Now you have a valid access token, which you can use to invoke an API. Navigate through the API descriptions to find the required API, obtain an access token as described above and invoke the API with the authentication header. If you use a different authentication mechanism, this process may change.
For further details please refer https://apim.docs.wso2.com/en/3.2.0/develop/product-apis/devportal-apis/devportal-v1/devportal-v1/#section/Authentication
Using the plugin, dropbox media importer in a wordpress app. I add the client key and secret after creating a personal dropbox app with full dropbox permission, I attempt to authorize the request but it returns an error that says invalided client_id or secret. When I try to do the curl request with the client_id & secret I get the same response.
Request:
curl -X POST https://api.dropboxapi.com/2/auth/token/from_oauth1 \
--header "Authorization: Basic <REDACTED>" \
--header "Content-Type: application/json" \
--data "{\"oauth1_token\": \"qievr8hamyg6ndck\",\"oauth1_token_secret\": \"qomoftv0472git7\"}"
Response:
{"error_summary": "invalid_oauth1_token_info/", "error": {".tag": "invalid_oauth1_token_info"}
The /2/auth/token/from_oauth1 endpoint you're attempting to use is only for exchanging existing OAuth 1 access tokens (e.g., as previously retrieved for use with the now-retired Dropbox API v1) for OAuth 2 access tokens.
If you're just integrating now, you wouldn't have any OAuth 1 access tokens, and so shouldn't be using this endpoint. (Accordingly, it's indicating that the oauth1_token and oauth1_token_secret values you're supplying are incorrect; the ones you're using are just copied from the documentation, but you would need to supply your real values.)
Instead, you should implement the Dropbox OAuth 2 app authorization flow. You can find more information in the documentation and guide.
I am writing an application in which I would like to use Firebase for the authentication of any sort of back end calls. Is there a way for me to get a token through a CLI or curl for local testing without having to spin up a front end to get the token?
As a resume (to me and maybe others) from #James-Poag answer, use:
curl 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"email":"[user#example.com]","password":"[PASSWORD]","returnSecureToken":true}'
Where:
email (string): The email the user is signing in with.
password (string): The password for the account.
returnSecureToken (boolean): Whether or not to return an ID and refresh token. Should always be true.
The property idToken from response payload is the parameter you're looking for.
Well i have made a front end one page html to generate dummy firebase ID token for your application, in case anyone needs it
Firebase Token Generator
They changed the link - see REST API.
curl 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"email":"[user#example.com]","password":"[PASSWORD]","returnSecureToken":true}'
In the example above, you would replace [API_KEY] with the Web API Key
of your Firebase project, [user#example.com] with the user's email and
[PASSWORD] with the user's password.
I'm following Clarifai's guide to make a cURL request and get the tags related to the image.
In the guide it says that I can do either this:
curl "https://api.clarifai.com/v1/tag/?url=https://samples.clarifai.com/metro-north.jpg" \
-H "Authorization: Bearer {access_token}"
or this:
curl "https://api.clarifai.com/v1/tag/" \
-X POST --data-urlencode "url=https://samples.clarifai.com/metro-north.jpg" \
-H "Authorization: Bearer {access_token}"
So what I do is that I type in the access token that I get when I create a new application and I change the link of "samples.clarifai.com" for a random link of a random image, but every time I want to do this I get the following message on terminal:
{"status_code": "TOKEN_INVALID", "status_msg": "Token is not valid. Please use valid tokens for a application in your account."}
Any idea why I keep getting this eben though my access token is right?
Thanks!
Just so there can have an official answer for this but Marcus Müller is totally right.
You should be sure to remove the braces with the Bearer access token. But you still want to be sure everything else is fine. This does assume though that you have generated a proper access token either by the Developer Documentation or within your Applications page once you have logged in.
I configured a REST webservice (a Spring Boot webapplication) on WSO2 AM and used the default /* mapping for resources. My webservice takes an assignee (text) and file parameters.
When I perform the calls, I've noticed that request parameters are not forwarded (HTTP Headers are) to the backed services. For example:
curl -i -X POST -H "Content-Type: multipart/form-data" -H "X-PD20-BillingSubscriptionId: e87d4400-b05f-4f40-9c39-06ae4d28cf4d" -H "Authorization: Bearer rrxRV5F6jdkSBcEPXv7I1yFl2x8a" -F "documentFile=#src/test/resources/sample-files/test-fea-1firma.pdf" -F "assignee=bla.bla#gmail.com" http://api.linksmt.it:8280/fea/1.0.0/signRequest
As you can see, It's a form that posts 2 fields, one of them being a file and another a simple text field.
The call is succesfully forwarded to the backed service but without the actual fields values (the headers instead are correctly passed, though their keys are lower-cased, that is "X-PD20-BillingSubscriptionId" is passed as "x-pd20-billingsubscriptionid").
Any hint on why is this happening?
Thanks
Ok, the problem was the same as described in multipart form data file upload using WSO2 API manger ? and I had to uncomment the declarations for
within the $WSO2_AM/repository/conf/axis2/axis2.xml file (and restart the server).