I have a GraphQL API published with APIM(version 3.2.0) which is protected by a scope (say a local scope named test_scope which is based on a role named test which has the API subscribe permission). I am using WSO2 IS(version 5.11.0) as an identity provider with oauth/openid connect configured. What I am trying to achieve is below
Get the jwt token by login with /oauth2/authorize IS endpoint
using the token from step 1 to get jwt token based on my scope (test_scope) with /oauth2/token APIM endpoint.
using the token obtained in step 2 to access the api endpoint published with APIM
What I tried so far is using the jwt access token from step 1 to do step 2 using the following curl.
curl -i -X POST -u <CLIENT_ID>:<Client_SECRET> -k -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<JWT>' -H 'Content-Type: application/x-www-form-urlencoded' https://<IP>:<Port>/oauth2/token
When I get the token and invoked the secured API endpoint it says 'User is NOT authorized to access the Resource'. How to get the access token with required scopes to overcome this issue.
Related
I am trying to follow this documentation to get my firestore collections and documents in postman.
When I send this request
curl --location --request GET 'https://firestore.googleapis.com/v1/projects/{project-id}/databases/(default)/documents/{document-id}'
I get an empty object.
My challenge is I have failed to get the access token without implementing the sign with the feature.
I need to use http transformation to get the data using REST API but the api uses bearer token authorization. Can sobody can help me how create the mapping to retrive the data from the web ?
You can refer to below answer on how to use Informatica to request bearer token and then use it in subsequent process. This is answered assuming API output is JSON, but you can use it for any other output type like csv/xml.
Basically this is a 2 step process.
Request bearer token using user/pass through HTTP transformation. You may need a non-expiary service user.
The bearer token you got form step 1 use it in next HTTP transformation which calls actual API.
Informatica how to POST JSON data with Bearer Token in Header
I'm trying to insert a new record in a Firebase Cloud Firestore database via its REST API and curl.
Reading from the database is working as expected since the operation is public. Create operation is not listed in the database rules and it is performed only server side, but I'm unable to do it using only the project API KEY.
Take for example the following curl request:
curl --header "Content-Type: application/json" \
--request POST \
--data '{"fields":{"myField": {"stringValue": "test"}}}' \
https://firestore.googleapis.com/v1/projects/**MY_PROJECT**/databases/\(default\)/documents/**MY_COLLECTION**?key=**MY_KEY**
The above request returns "403: Missing or insufficient permissions.". The provided api key is fetched from the Firebase project's settings -> Web API key.
Am I missing something or authentication via only API keys is not possible?
p.s. I forgot to mention that the API KEY is unrestricted in the GCP dashboard.
The Firestore REST API doesn't support passing API keys. You'll notice that in the documentation, there is no mention of a "key" parameter.
If you want to perform authenticated operations using the REST API, you'll have to follow the documentation on authentication and authorization. To summarize:
For authentication, the Cloud Firestore REST API accepts either a
Firebase Authentication ID token or a Google Identity OAuth 2.0 token.
The token you provide affects your request's authorization:
Use Firebase ID tokens to authenticate requests from your application's users. For these requests, Cloud Firestore uses Cloud
Firestore Security Rules to determine if a request is authorized.
Use a Google Identity OAuth 2.0 token and a service account to authenticate requests from your application, such as requests for
database administration. For these requests, Cloud Firestore uses
Cloud Identity and Access Management (IAM) to determine if a request
is authorized.
We are trying to get the ngnix + work as an API gateway with JWT token authorization.
https://auth0.com/blog/use-nginx-plus-and-auth0-to-authenticate-api-clients/
We are following the below document , but one question is not clear , how the front end will get the JWT token , that need to be passes as -H in every request ?
Logically, the ngnix should expose one api to generate tokens. How this can be achieved.
Nginx can only validate, not generate JWT. You need to generate the JWT inside your application using the same secret key. See the Nginx blog for an example (Section "Issuing a JWT to API Clients"). In their example, they issue a JWT using shell commands but of course you can also do this with a JWT library of your choice inside your application.
My API uses bearer token for authentication and the controller use Authorize attribute.
Whenever I query the API using postman. It for some reason sends a ARRAffinity cookie with every request along with the bearer token.
However, when I call the same API endpoint with fiddler without he cookie. It fails with a 401 Randomly. YES Randomly some requests would get 200 success and some would fail with 401.
However, when I pass the ARRAffinity cookie via fidler. It works without any failure.
Is there a way to stop Web Api or azure from generating the ARRAffinity cookie. I just want to use bearer and not the cookie.
Is there a way to stop Web Api or azure from generating the ARRAffinity cookie.
We can easily turn ARR Affinity off in the azure portal. detail steps are as blow:
Step 1: Navigate to your Web Api in the Azure portal.
Step 2: Select Application settings in the Settings blade.
Step 3: Off ARR Affinity.
Step 4: Select Save.
For more information please refer to document