WSO2: APIM scope apim:subscribe can be added to WSO2 Identity Server - wso2-api-manager

I have integrated WSO2 (IS-KM-5.6.0) with APIM 2.5.0.
I am using below command to generate access token with default scope
curl -u : -k -d "grant_type=password&username=ldapuser#local.com#carbon.super&password=password" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9445/oauth2/token
it gives me proper access token with scope as default. Below is the result of the above command:
{"access_token":"5218d614-e327-379f-819a-b9572daa106d","refresh_token":"4ed7484d-ca30-31c1-8bce-e778f4aab6fd","scope":"default","token_type":"Bearer","expires_in":2568}
But, I am unable to use this in invoking the rest APIs of APIM (publisher rest APIs) to perform below activities:
a) getting store application details
b) adding applications etc etc
I read in WSO2 documents that to use the store and publisher restAPIs, only scopes which are available for APIM store and publisher can only be used.
So,Can these store or publisher restAPIs be invoked without scopes (apim:subscribe) or is there any other way to do so?
Any help?
Thanks

The store or publisher restAPIs can't be invoked without scopes.
For publisher & store there are separate scope. Scope for store & for creating application is same apim:subscribe. Scope for publisher related apis is apim:api_view. You can get api specific scopes from store & publisher api documentation. FYI you can specify multiple scopes in one shot as well.

Related

Calling Firebase Remote Config REST API without auth

I want to use Firebase Remote Config API via REST in a mobile app. Due to technical limitations, I can't use the Android/iOS SDK so I have to resort to the REST API.
However, that API requires authentication using a private key -- obviously I can't include that key in the application.
I don't need any other Firebase service at this time, just the remote config.
How can I work around this limitation? I tried following the guide at https://firebase.google.com/docs/remote-config/use-config-rest, but as mentioned it requires to first generate a short-lived OAuth2 token using the auth API.
According to the documentation on using the Remote Config REST API:
This document describes how you can use the Remote Config REST API to read and modify the set of JSON-formatted parameters and conditions known as the Remote Config template.
So the REST API is for modifying Remote Config variables, the type of action you could also do in the Firebase console. It is not for use in regular clients, which consume the configuration variables. For that you'll have to use one of the provided clients, as there is no REST API and the wire protocol is not documented.

Firebase: 403 PERMISSION_DENIED (FirebaseError: Installations): Requests are blocked, after updating SDKs (FirebaseInstallationsService)

I updated the Firebase SDKs of my Firebase for Web application.
Since the update my application no longer starts and throws the following error:
Any idea what is going on?
Uncaught (in promise)
FirebaseError: Installations: Create Installation request failed with error "403 PERMISSION_DENIED: Requests to this API firebaseinstallations.googleapis.com method google.firebase.installations.v1.FirebaseInstallationsService.CreateInstallation are blocked." (installations/request-failed).
It turns out that new versions of Firebase SDKs depend on a new internal infrastructure service, called FIS (the Firebase Installations Service) for targeting identifiers ("FIDs" or "Instance-IDs").
If you are using API key restrictions for the API keys you use in your application, you will have to extend those restrictions to allow usage with the new Firebase Installations Service at firebaseinstallations.googleapis.com.
To allow your API key in question to be used with the new Firebase Installations API:
go to the Google Cloud Console
choose the relevant project (i.e. the project you use for your application)
open the menu and go to APIs & Services -> Credentials
click Edit API key for the API key in question
scroll down to API restrictions
from the dropdown, choose Firebase Installations API
click Save
wait a couple of minutes for Google servers to update and retry...
Note: If you cannot find the Firebase Installations API in the list of APIs, you might first have to enable the API for your project (to do so click here).
Note: If you are not sure which API key is used in your application, you can check the usage numbers of Firebase Installations API per API key.
Note: Verify your fix by checking if you can see successful 200 requests increasing on the Firebase Installations API request metrics page.
Test if your configuration works with the following CURL command:
api_key=<YOUR_API_KEY>;
project_identifier=<YOUR_PROJECT_ID>;
app_id=<YOUR_FIREBASE_APP_ID_SIMILAR_TO_1:12345678:android:00000aaaaaaaa>;
curl -H "content-type: application/json" -d "{appId: '$app_id', sdkVersion: 't:1'}" https://firebaseinstallations.googleapis.com/v1/projects/$project_identifier/installations/?key=$api_key;
If your API key uses App restrictions you will have to expand your CURL request with the respective HTTP headers identifying your application:
Android: -H "x-android-package: com.rayo.example.app" -H "x-android-cert: 1234567890ABCDEF1234567890ABCDEFAABBCCDD"
iOS: -H "x-ios-bundle-identifier: com.rayo.example.app"
Webapp: -H "Referer: https://www.your.webapp.com/page?p=1"

WSO2: Can IS access token be used for APIM access token for APIs for same users?

When integrating the WSO2 Identity Server (5.6.0) and WSO2 APIM (2.5.0). I came across one scenario where I want the token which I am generating while logging into IS should be used also for invoking APIs in APIM which are created by the same user.
I am creating user in IS and it is getting reflected in APIM but the token which is generated for IS is getting saves in IDN_OAUTH2_ACCESS_TOKEN of IS DB and for APIM while invoking any APIs for the same user, the token are getting saved in IDN_OAUTH2_ACCESS_TOKEN of APIM.
I want to use the same token which was generated in IS to invoke APIs which the same user created in APIM.
Any guidance in this direction will help me to understand.
Thanks
In a distributed deployment of APIM, you can use IS as the key manager node. The following document explains how to set it up.
https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
This document explains (step 3) how to share databases between APIM and IS. You can use the same to achieve what you want.
In short, you need to configure IS to use the APIM DB (shared between 2 nodes) instead of its own IS DB.
You also have to map the Application in the API store to the OAuth app you have created in IS. See this doc for that.
https://docs.wso2.com/display/AM260/Provisioning+Out-of-Band+OAuth+Clients

WSO2 API publisher and store issue

I need add multiple API publisher and store but I don't want to use WSO2 UI to add one by one.
How to use program to add all API publisher and store?
Thank you.
You can use the APIs published by WSO2. Take a look at their documentation.
Before you make an API calls, you to have call following APIs to receive scope & access_token:
Register your application using /register.(the client from which you will be making API call needs to be verified.)
Get access_token using /token API.

Manage subscriptions on WSO2 API Manager without API Store Interface

I am using WSO2 API Manager to expose few APIs. But I don't want that the consumer use the API store for the subscriptions. The creation of subscriptions/applications and Access tokens should be managed through by my custom web application.
I have checked the WSO2 API Manager docs https://docs.wso2.com/display/AM210/apidocs/store/ and imported the swagger in SoapUI. When I try to invoke the store api of my local API Manager I am getting the HTML content of API store page. see below screenshot.
Can anyone please help what I am doing wrong? Or is there any other way to the requirement.
You need to pass token which is generated by passing scope and client secret key and password as described in https://docs.wso2.com/display/AM210/apidocs/store/#guide

Resources