I am trying to execute some administrative tasks on my Cloud Firestore (upload some data, ... etc.). I read through the documentations here
Use a Google Identity OAuth 2.0 token and a service account to authenticate requests from your application, such as requests for database administration.
This referred to the documentation here on how to make Authorized API Call after generating JWT. I am struggling with generating the JWT.
This is what I tried:
I formed the header and the claim set
{"alg":"RS256","typ":"JWT"}.
{
"iss":"761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5#developer.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/prediction",
"aud":"https://oauth2.googleapis.com/token",
"exp":1328554385,
"iat":1328550785
}
Went to https://jwt.io/ to generate JWT with RSA256. It asks for public key and private key. I understand the private key can be generated in json formate from service account I created under https://console.cloud.google.com/iam-admin/serviceaccounts. However, I am not sure where to obtain the public key. jwt.io does not generate jwt. I only get 'invalid signature'.
There are many examples in the web using SDK or libraries. However, I could not see any example on how to generate JWT manually (if that is possible at all) to use it with Postman. Any idea?
Thanks to #JohnHanley. I managed to generate the token. This is not entirely withing Postman (I am still relying on jwt.io to generate the jwt).
after creating service account here. add a key and download the p12 file (not json). The default secret is notasecret
convert p12 to pem and extract the public key:
$openssl pkcs12 -in postman-admin-private.p12 -out postman-admin-private.pem -nodes
$openssl rsa -in postman-admin-private.pem -outform PEM -pubout -out postman-admin-public.pem
Open both pem files and copy the private and public keys into jwt.io (using RSA256 option)
Make sure you use the email address of the service account in iss field
Here is the request in postman:
curl --location --request POST 'https://oauth2.googleapis.com/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion='{generated jwt}'
next would be to make it entirely within Postman. I have not tried that but this post seems to be an option
Related
I want to know the api endpoint where I can post username and password and that should return me the auth token. For more clarity I am attaching the screenshot.
I know it's making call to following endpoint but these endpoint are not having any documentation, maybe they are not public.
https://containerimages.azz.net/artifactory/ui/userProfile
https://containerimages.azz.net/artifactory/ui/userApiKey
The APIs you mention in the question are UI APIs. Those are not public and might be a subject to change. You should rely on them.
If you wish to generate a Docker config.json file as the one shown in the screenshot, the auth part is simply a base64 encoding of the <USERNAME>:<PASSWORD>.
For the part use can use:
An access token - this is the preferred method as tokens are revokable an expirable
API Key
Encrypted password
Clear text password
All options should be base64 encoded as mentioned above.
You can avoid storing the Docker credentials in the config.json file by using a credentials store as described in the Docker login documentation.
If you wish to get an Artifactory API key for a user, you should use the Get API Key REST API.
I'm trying to test my application that uses Firebase for push notifications using postman.
I'm specifically testing the Http v1 Api, and looking how to authorize the request.
What I need to get right is getting the OAuth2 token to use in Postman, which I should be able to do on the OAuth 2.0 playground although I'm not sure how.
I have my privatkey.json file that I've downloaded from the firebase console, I just need to know how to use it to get the token that I would add as a bearer authorization header for my POST requests
I was able to send a message through the FCM v1 HTTP API by requesting the following scopes in the OAuth2 playground:
email, https://www.googleapis.com/auth/firebase.messaging
After authorizing this, I exchanged the authorization code for refresh and access tokens.
I then passed the resulting access token into the call with FCM:
curl -X POST -H "Authorization: Bearer MY_ACCESS_TOKEN" -H "Content-Type: application/json" -d '{"message":{
"notification": {
"title": "FCM Message",
"body": "This is an FCM Message",
},
"token": "MY_DEVICE_TOKEN"
}
}' https://fcm.googleapis.com/v1/projects/MY_PROJECT_ID/messages:send
In the above CURL request replace the following placeholders with the relevant values for you:
MY_PROJECT_ID is the Firebase project ID, which you can get from the project settings page in the Firebase console
MY_DEVICE_TOKEN is the registration token of the device that you want to send the message to. For a web client, see how to get the current registration token.
MY_ACCESS_TOKEN is the OAuth2 access token that you got from the OAuth2 playground using the steps outlined above.
The FCM documentation on authenticating FCM v1 requests may be confusing since it only calls out the OAuth2 token. It actually first generates a self-signed JWT (JSON Web Token) by calling new google.auth.JWT(...). This involves downloading a private key, and generating the JWT locally through a JWT library.
The self-signed JWT is then passed to jwtClient.authorize(...), which gives back tokens including an access_token. The latter is an OAuth2 access token, similar to the one we got above.
I created a small project on hithub that includes both a postman collection and environment and nodejs project that uses the downloaded service-key.json to generate an access token which solves my problem above. It's not as elagent as using only postman (which to me seems impossible), but it works well enough since the access tokens live for about an hour.
I work on Drupal8 project and created Rest API, everything works fine until I want to add Oauth2 when I try to get a token I got an invalid grant type error.
This is the error code:
{
"error": "invalid_grant",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "Check the configuration to see if the grant is enabled."
}
This is the url that i called:
http://myserver/oauth/token?grant_type=password&client_id=6db9da8d-b831-4381-b279-381bc5a57e90&scope&username=webmasterrest&password=webmasterrest&client_secret=$S$EamACyfemGWic74kmkwUvphMmr9FL132KC297mI1GEkTKhyBJyAo
I added a client, but I can't add a grant type "password" to this client, any help please?
To add Oauth 2 authentification
Install the module using Composer: composer config repositories.drupal composer https://packages.drupal.org/8 && composer require drupal/simple_oauth:^2. You can use any other installation method, as long as you install the OAuth2 Server composer package.
Generate a pair of keys to encrypt the tokens. And store them outside of your document root for security reasons.
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout > public.key
Save the path to your keys in: /admin/config/people/simple_oauth.
Go to REST UI and enable the oauth2 authentication in your resource.
Create a Client Application by going to: /admin/config/services/consumer/add.
Create a token with your credentials by making a POST request to /oauth/token. See the documentation about what fields your request should contain
(Not shown) Permissions are set to only allow to view nodes via REST with the authenticated user.
Request a node via REST without authentication and watch it fail.
Request a node via REST with the header Authorization: Bearer {YOUR_TOKEN} and watch it succeed.
From this
NOTE: I user drupal/simple_oauth version 2.x because i got an exception n version 3.x
Generated the token Using this file for authentication.
After that, I generated a rest url by reading this document
I hit from my terminal curl "https://sampleproject-763e9.firebaseio.com/USERS.json/?auth=my generated token from above file".
For the generation of my token, I used these two things:
Enter User ID:userM1
My Jason which I got from firebase by going into project settings->serviceaccounts->adminsdk and clicking generate new private key.
I got this error
{ "error" : "Invalid claim 'kid' in auth header: '5e3994c7ce7839ecbe22b9c01e0cc0e1db2593b1' with iat: '1505402027'" }.
This is how my database looks like
These are the rules for my private database.My output.
This not the way to get authentication to firebase secret database.
After generating the token from json you have to generate access token by signing in.
Im getting some 403 errors in some HERE position requests. Looks like that the servers are not synchronized.
My Account was created 2 weeks ago.
{"error":{"code":403,"description":"These credentials do not authorize access. Please contact your customer representative or submit a request here https://developer.here.com/contact-us to upgrade your account. You can also get valid credentials by registering for a free trial license on https://developer.here.com.","message":"Forbidden"}}
First, generate apiKey and bearer token in your here account. For the apiKey go to your profile, create a new app and then you can generate it under Credentials -> API Keys.
For the bearer token, you first need to create oauth tokens (under Credentials -> OAuth), download the credentials.properties file, then use their CLI to generate the bearer token. Before you can use the CLI, you need to install it and then set it up.
I'm on a mac, so for me this installed it:
$ brew install heremaps/olp-cli/olp
Follow instructions on their page for whatever OS you have. Now you are ready to generate the bearer token. Make sure you are in the same directory where you downloaded the credentials.properties file earlier:
$ olp credentials import default credentials.properties
Generate the token:
$ olp api token get
Now you have everything to do a call to their API (replace HERE_API_URL with the one you want. They have many different ones for various use-cases):
GET
https://{HERE_API_URL}?apiKey={YOUR_API_KEY} -H 'Authorization: Bearer {YOUR_TOKEN}'
Note: Do not use app_code and app_id. These have been deprecated.
I had the same issue when I had only one API key created. Once I created a second API key, the issue went away.
Make sure you have two API keys generated, even if you only use one. The documentation suggests setting two keys but it never mentions it's required.