I am using WSO2 Identity Server for usernames and password. I am using WSO2 SCIM APIs for updating/resetting the user's password using the PATCH.
In the UI, the user has to enter the old password and new password.
But while resetting the user's password, I have to first verify users current password. Is there an API to verify the password in WSO2?
You can use getMe endpoint and act based on the response.
curl -v -k --user [username]:[password] https://localhost:9443/scim2/Me
Ref: https://docs.wso2.com/display/IS560/apidocs/SCIM2-endpoints/#!/operations#MeEndpoint#getUserMe
Related
I'm working in an instance of AppDynamics where we enter using SSO, so we just type the name of our account and enter without an user/password.
I need to create a custom event and, according to this documentation https://docs.appdynamics.com/display/PRO43/Alert+and+Respond+API#AlertandRespondAPI-CreateaCustomEvent
what I would need is to run a curl like curl -X POST --user user1#customer1:secret 'http://demo.appdynamics.com/controller/rest/applications/5/events?severity=INFO&summary=test1&eventtype=CUSTOM&customeventtype=mycustomevent&propertynames=key1&propertynames=key2&propertyvalues=value1&propertyvalues=value'
Problem is, I don't have an user/password. If I don't type them I get a 401 as expected.
I can see in My Preferences my username, but I can't find any password in the application.
Is there something I could do to find that password or something that would work for that POST to work?
The credentials for an SSO user reside with the Identity Provider (on your side) not the Service Provider (AppDynamics).
So there are two options here:
Create (or ask an admin to create) an AppDynamics user in the Controller Administration UI. Then use the username / password from this user in your requests.
Create (or ask an admin to create) and API Client configuration in the Controller Administration UI. Then use the Access Token in your requests (Docs: https://docs.appdynamics.com/appd/22.x/latest/en/extend-appdynamics/appdynamics-apis/api-clients)
We have authenticated kong with RBAC credentials. Before this, we are able to hit localhost:8001/default/apis?size=100. But after applying RBAC authentication, we are getting the below error
{
"message": "Invalid RBAC credentials. Token or User credentials required"
}
Please help with the steps to run this on browser or as curl request.
If you followed the installation instruction, Kong advised seeding Super Admin token.
This token can be used with appropriate header when calling Admin API.
For example using default header with token value 'password':
curl http://kong-ip:8001/ --header 'Kong-Admin-Token: password'
If you miss the step of seeding super admin. following this instruction to seed admin token and use it with header from prior reference.
We want to disable UI access for our build users.
They can not use plain-text password for REST APIs for security reasons.
I am trying following to get encrypted password without allowing Build users UI access.
- I created one build user(Non admin with UI disabled)
- Created access token for that build user using admin account.
When I try to use Token to fetch encrypted password of build user I get following error.
ANYBRIDGEBUCK:~ jainish.shah$ curl -H "Authorization: Bearer $TOKEN" http://jainish.artifactory.com/artifactory/api/security/encryptedPassword
{
"errors" : [ {
"status" : 404,
"message" : "User not found: token:automation"
} ]
Is there any other way to get encrypted password without using plain-text password or via UI.
The Get User Encrypted Password REST API requires that the request needs to be authenticated using a clear-text password. i.e. when submitting the request to Artifactory, the password provided for authentication needs to be in clear-text.
I work on Drupal8 project and created Rest API, everything works fine until I want to add Oauth2 when I try to get a token I got an invalid grant type error.
This is the error code:
{
"error": "invalid_grant",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "Check the configuration to see if the grant is enabled."
}
This is the url that i called:
http://myserver/oauth/token?grant_type=password&client_id=6db9da8d-b831-4381-b279-381bc5a57e90&scope&username=webmasterrest&password=webmasterrest&client_secret=$S$EamACyfemGWic74kmkwUvphMmr9FL132KC297mI1GEkTKhyBJyAo
I added a client, but I can't add a grant type "password" to this client, any help please?
To add Oauth 2 authentification
Install the module using Composer: composer config repositories.drupal composer https://packages.drupal.org/8 && composer require drupal/simple_oauth:^2. You can use any other installation method, as long as you install the OAuth2 Server composer package.
Generate a pair of keys to encrypt the tokens. And store them outside of your document root for security reasons.
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout > public.key
Save the path to your keys in: /admin/config/people/simple_oauth.
Go to REST UI and enable the oauth2 authentication in your resource.
Create a Client Application by going to: /admin/config/services/consumer/add.
Create a token with your credentials by making a POST request to /oauth/token. See the documentation about what fields your request should contain
(Not shown) Permissions are set to only allow to view nodes via REST with the authenticated user.
Request a node via REST without authentication and watch it fail.
Request a node via REST with the header Authorization: Bearer {YOUR_TOKEN} and watch it succeed.
From this
NOTE: I user drupal/simple_oauth version 2.x because i got an exception n version 3.x
I'm using Spring Security OAuth2 to implement username/password authorization. The problem is that the error in case of invalid password and expired password is the same: 'invalid_grant'.
I want that the clients of my API can distinguish between both cases and act accordingly. If the password is invalid, ask for password again. If the password is expired, ask to change the password.
Is there any better way than to check the error_description (which is different in both cases)?