Im getting some 403 errors in some HERE position requests. Looks like that the servers are not synchronized.
My Account was created 2 weeks ago.
{"error":{"code":403,"description":"These credentials do not authorize access. Please contact your customer representative or submit a request here https://developer.here.com/contact-us to upgrade your account. You can also get valid credentials by registering for a free trial license on https://developer.here.com.","message":"Forbidden"}}
First, generate apiKey and bearer token in your here account. For the apiKey go to your profile, create a new app and then you can generate it under Credentials -> API Keys.
For the bearer token, you first need to create oauth tokens (under Credentials -> OAuth), download the credentials.properties file, then use their CLI to generate the bearer token. Before you can use the CLI, you need to install it and then set it up.
I'm on a mac, so for me this installed it:
$ brew install heremaps/olp-cli/olp
Follow instructions on their page for whatever OS you have. Now you are ready to generate the bearer token. Make sure you are in the same directory where you downloaded the credentials.properties file earlier:
$ olp credentials import default credentials.properties
Generate the token:
$ olp api token get
Now you have everything to do a call to their API (replace HERE_API_URL with the one you want. They have many different ones for various use-cases):
GET
https://{HERE_API_URL}?apiKey={YOUR_API_KEY} -H 'Authorization: Bearer {YOUR_TOKEN}'
Note: Do not use app_code and app_id. These have been deprecated.
I had the same issue when I had only one API key created. Once I created a second API key, the issue went away.
Make sure you have two API keys generated, even if you only use one. The documentation suggests setting two keys but it never mentions it's required.
Related
We are transitioning to using Terraform to create our architecture on Google Compute, and part of it utilises Firebase for the front-end. So far, I have managed to get this all working fine, but have hit a snag on Firebase Auth. Essentially, I want to allow 'Email/Password' authentication on a Firbase project programmatically.
The above shows where you find the setting in the UI console, but I want to be able to do that via an API/CLI, and also set the 'Authorised Domain'.
Yes, as of November 2022, this is now possible, either using Terraform, or the gcloud CLI and a bit of scripting. Both methods make use of the REST Identity Toolkit API.
If using Terraform: Your config file needs to specify a google_identity_platform_project_default_config resource: the documentation for it is available here. By way of example – assuming you've already declared a google_project resource called my_project, you could add the google_identity_platform_project_default_config resource as follows:
resource "google_identity_platform_project_default_config" "myconfig" {
project = google_project.myproject.project_id
sign_in {
allow_duplicate_emails = false
anonymous {
enabled = false
}
email {
enabled = true
password_required = false
}
}
}
This would enable email+password authentication, disallow anonymous access, and disallow duplicate email addresses.
If using the gcloud CLI: This would be a good deal fiddlier. I haven't tested it out completely, but it is presumably equivalent to what Terraform is doing behind the scenes. You need to obtain a service account access token, then use cURL (or a similar tool/API) to amend the Identity Toolkit configuration using the PATCH method (documentation here), supplying the token in the "Authorization" header.
gcloud lets you get an access token using the command gcloud auth print-access-token, but according to this 2021 blog post1 by #DazWilkin, the token obtained using your regular human credentials can't perform the necessary PATCH operation; you need to use a token backed by a service account that has the correct permissions.
The blog post gives further details, but roughly, the steps are:
Create a service account and give it the correct permissions. (Not necessary if you already have an appropriate service account; such an account can be created either using the Firebase console or Terraform's google_service_account resource.)
Create a JSON service account key file. (Not necessary if you already have a key created, plus a JSON file for it. These JSON files contain an object with the keys "project_id", "private_key_id", and "private_key", and are exactly the same sort of file as gets generated from the Firebase console if you go to "Project Overview" / "Project Settings" / "Service Accounts" / "Generate new private key". They can also be created programmatically using Terraform's google_service_account_key resource.)
Allow gcloud to perform operations using the service account's permissions, by running gcloud's "auth activate-service-account" subcommand: something like
$ gcloud auth activate-service-account --key-file=/path/to/key-file.json EMAIL_ADDRESS_OF_SERVICE_ACCOUNT
Obtain an access token for the service account by running gcloud auth print-access-token EMAIL_ADDRESS_OF_SERVICE_ACCOUNT.
Supply that token in the header of an HTTP PATCH request using cURL.
For more details, see the blog post; it's concerned with amending the "authorized domains" list for a Firebase project, but enabling email/password authentication would be very similar.
1 Also mentioned in this stackoverflow answer.
A client wants me to integrate his News from LinkedIn to his TYPO3 site.
Yes, I am one of more admins of the company page on linkedin, the app is verified by the client.
I have client_id and client_secret
When i do the request to get an accessToken, something like:
https://www.linkedin.com/oauth/v2/accessToken?grant_type=client_credentials&client_id=&client_secret=
the answer is
error "access_denied"
error_description "This application is not allowed to create application tokens"
I have no clue, what the necessary permissions are and where to set them.
Neither the linkedin backend nor the developers shows up with any proper link.
I know, this question has been asked before, but its about the permissions.
Please set me on the rail...
You are trying to use the 2-legged OAuth process which is by "client credentials" unfortunately that process is not available by default to all applications which is probably why you are receiving that message.
This is mentioned in the first paragraph of the documentation of the 2-legged OAuth process.
Your application cannot access these APIs by default
https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow?context=linkedin/context
Your application needs access to enterprise linkedin products that can perform API requests that are not member specific in order to be able to use that process.
By default the application only have access to the 3-legged process which involve a GET https://www.linkedin.com/oauth/v2/authorization before making a request to get access tokens.
More information about the 3-legged process can be found here
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context
I use the .net Packages CodeHelper.API.LinkedIn
.NET
using CodeHelper.API.LinkedIn;
LinkedInHelper _helper = new() {AccessToken = "{ACCESSTOKEN}" };
string _id = await _helper.GetAuthorID();
CURL
curl -H "Authorization: Bearer "
"https://api.linkedin.com/v2/me?projection=(id)"
More Information
CodeHelper.API.LinkedIn
Nuegt Pakcage
I want to know the api endpoint where I can post username and password and that should return me the auth token. For more clarity I am attaching the screenshot.
I know it's making call to following endpoint but these endpoint are not having any documentation, maybe they are not public.
https://containerimages.azz.net/artifactory/ui/userProfile
https://containerimages.azz.net/artifactory/ui/userApiKey
The APIs you mention in the question are UI APIs. Those are not public and might be a subject to change. You should rely on them.
If you wish to generate a Docker config.json file as the one shown in the screenshot, the auth part is simply a base64 encoding of the <USERNAME>:<PASSWORD>.
For the part use can use:
An access token - this is the preferred method as tokens are revokable an expirable
API Key
Encrypted password
Clear text password
All options should be base64 encoded as mentioned above.
You can avoid storing the Docker credentials in the config.json file by using a credentials store as described in the Docker login documentation.
If you wish to get an Artifactory API key for a user, you should use the Get API Key REST API.
I work on Drupal8 project and created Rest API, everything works fine until I want to add Oauth2 when I try to get a token I got an invalid grant type error.
This is the error code:
{
"error": "invalid_grant",
"message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
"hint": "Check the configuration to see if the grant is enabled."
}
This is the url that i called:
http://myserver/oauth/token?grant_type=password&client_id=6db9da8d-b831-4381-b279-381bc5a57e90&scope&username=webmasterrest&password=webmasterrest&client_secret=$S$EamACyfemGWic74kmkwUvphMmr9FL132KC297mI1GEkTKhyBJyAo
I added a client, but I can't add a grant type "password" to this client, any help please?
To add Oauth 2 authentification
Install the module using Composer: composer config repositories.drupal composer https://packages.drupal.org/8 && composer require drupal/simple_oauth:^2. You can use any other installation method, as long as you install the OAuth2 Server composer package.
Generate a pair of keys to encrypt the tokens. And store them outside of your document root for security reasons.
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout > public.key
Save the path to your keys in: /admin/config/people/simple_oauth.
Go to REST UI and enable the oauth2 authentication in your resource.
Create a Client Application by going to: /admin/config/services/consumer/add.
Create a token with your credentials by making a POST request to /oauth/token. See the documentation about what fields your request should contain
(Not shown) Permissions are set to only allow to view nodes via REST with the authenticated user.
Request a node via REST without authentication and watch it fail.
Request a node via REST with the header Authorization: Bearer {YOUR_TOKEN} and watch it succeed.
From this
NOTE: I user drupal/simple_oauth version 2.x because i got an exception n version 3.x
The http API docs request that a special token be created for several operations (e.g. List Buckets, All Changes)
X-Simperium-Token — Authentication token must have been created using an API key that has admin privileges
How do I create this token?
I have tried a few things:
curl -H 'X-Simperium-Token: {my admin key}' https://api.simperium.com/1/{app_name}/buckets.
This results in the "meta" buckets {"buckets": [{"name": "exception"}, {"name": "code"}, {"name": "message"}]} which is kind of interesting.
curl -H 'X-Simperium-API-Key: {my admin key}' -d '{"username":"{valid user}", "password":"{valid password}"}' https://auth.simperium.com/1/{app_name}/authorize/.
Result: invalid app credentials
Authorize with my normal key, which works fine and gives me an access token which I can use for the other (non-admin) operations.
My thinking is that I need to pass in my admin key into 'authorize' somehow and generate an auth token blessed with admin privileges for this user (to list all of his buckets, for example).
Thanks in advance.
You should be able to use the admin key directly for the token anywhere that requires a token that was created with an API key with admin privileges. We're currently working on the UI to actually create these API keys with different options. In the meantime, you can either use the admin key from your dashboard directly, or contact us and we can create one for you.