I have created Rest application with spring oauth2 using JDBCTokenStroe. Backend is postgres.
I am able to create access token but while fetching data using this access token application throwing error like
"Failed to deserialize access token for 05ba6b42-7624-4281-8e53-5f97376fc3df"
and rest response is :
Invalid access token: 05ba6b42-7624-4281-8e53- 5f97376fc3df
invalid_token
This application is working fine with mysql db but not with Postgres .
Can any one help me out what could be the issue?
My issue is fixed now. I just updated my postgres jdbc jar file with latest version. Now its working fine.
Thanks
Related
in order to programmatically retrive some AppTraces and AppExceptions info from an Azure Application Insights Logs resource, we followed the instructions included in the following article advicing to adopt the new Azure Monitor Query client library for .NET to fulfill the purpose.
https://learn.microsoft.com/it-it/dotnet/api/overview/azure/Monitor.Query-readme?view=azure-dotnet
Strictly following the above article instructions (and using the DefaultAzureCredential object to authenticate), we managed to get the client library's LogsQueryClient object working fine in the local version of the developed web api (ASP .NET Core 6.0). And so, locally we are eable to fetch the logs info we need.
But once we published the web api on the Cloud (under the same Azure subscription of the Application Insights target resource) we started to get the following error:
Message: The provided credentials have insufficient access to perform the requested operation
Status: 403 (Forbidden)
ErrorCode: InsufficientAccessError
N.B.
Surprisingly we didn't find any thread explaining, step by step how to fix the problem with specific reference to the new Azure Monitor Query client library.
To fix the issue, we tried replacing the class DefaultAzureCredential with the class ClientSecretCredential generating and assigning it a new client secret.
Here are the details concerning the steps we followed to implement the ClientSecretCredentials.
In particular, we have:
Setup a new Azure AD Application.
Assigned it the required permissions ==> Data.Read (Read Log Analytics data - Granted from Admin).
Assinged to the Registered App (AAD Application) the Reader Role from the Application Insights Resource's Access control (IAM) section of the Azure Portal.
Created a new client secret for the AAD Application.
Created a new Azure Web API, on witch we Installed the Azure Monitor Query client library for .NET.
To retrive Logs data, we programmatically istantiated a new Azure.Identity.ClientSecretCredential object, assigning it the right tenantId, the client (application) ID of the AAD Application and the client secret previously generated for the App Registration.
In the Program.cs file of the web api we created a singleton instance of the class LogsQueryClient assigning it the above ClientSecretCredential object.
And finally we invoked the QueryWorkspaceAsync method of the class LogsQueryClient, passing it the WorkSpaceId of the Application Insights Resource (whom logs have to be read) and the query to retrive.
Unfortunately, replacing the class DefaultAzureCredential with ClientSecretCredential didn't work and the error message keeps to be the same.
N.B.
The AAD User Type of the user who: developed and released the web api, registered the new Azure AD Application and granted it the necessary permissions is "Member".
The above user, refers to the same tenant id as the resources he managed in the above steps (Web Api, AAD Application etc).
During the release process of the web api, a new API Management service was specifically created by the same user releasing the app.
Here are the code snippets:
Program.cs
builder.Services.AddAzureClients(builder =>
{
static LogsQueryClient func(LogsQueryClientOptions options)
{
options.Retry.Mode = Azure.Core.RetryMode.Exponential;
options.Retry.MaxRetries = 5;
var csc = new ClientSecretCredential(tenantId, clientId, clientSecret);
return new LogsQueryClient(csc, options);
}
builder.AddClient<LogsQueryClient, LogsQueryClientOptions>(func);
var credentials = new ClientSecretCredential(tenantId, clientId, clientSecret);
builder.UseCredential(credentials);
});
Controller.cs (get logsQueryClient through dependency injection)
Response<LogsQueryResult> response = await logsQueryClient.QueryWorkspaceAsync(workSpaceId, query);
The provided credentials have insufficient access to perform the requested operation
The error clearly shows that it doesn't have a sufficient access to process the request.
To identify the new RBAC permission, Azure App Insights REST API takes an hour to sync with AAD and it throws Status 403 as error code without complete sync. Refer MS-DOC for related stuff
Basically, this error can happen when the user doesn't have access to authorize Access token with AAD
Provide the required access to the user which you want to authorize.
Make sure to check your request are valid before processing your APi request in Production Environment. (Token, GUID, etc.,).
Thanks for your appreciated help.
We finally managed to spot where the problem was.
After the point 3 listed in our original post:
<<Assign to the Registered App (AAD Application) the "Reader Role" for the Application Insights acting from the resource's Access control (IAM) section of the Azure Portal.>>
... We omitted to do the same thing for the Log Analytics workspace.
Each Application Insight resource refers infact to a specific Workspace.
For that reason, it is necessary to assign the same reader role to the Registered App also for the above workspace.
Log Analytics workspaces too have infact an Access control (IAM) section in the Azure Portal, just like the other resources.
Assigning this role to the AAD registered app the issue was fixed.
Iam trying to hit the api provided in the airflow ui on aws console. I tried to access the web server but when i try to get the list of dags iam getting unauthorized error. Do we need any role or permission to access rest api and get the expected response out. I tried with webtoken creation and passed in to hit api. Tried with basic auth and aws signatures as well.
Do we need any extra permissions?
In order to access the Airflow API, an IAM entity (e.g. user, role, etc) needs access to one or more of the following managed permissions policies:
AmazonMWAAFullConsoleAccess
AmazonMWAAFullApiAccess
AmazonMWAAReadOnlyAccess
AmazonMWAAWebServerAccess
AmazonMWAAAirflowCliAccess
References:
Accessing an Amazon MWAA environment (AWS)
Creating an Apache Airflow web login token (AWS)
I am trying to use Microsoft flow to retrieve Microsoft Bookings data. Im doing this by using the HTTP with azure AD connector. I have set up all permissions. it was working perfectly fine before till yesterday the connector said i'm unauthorized to retrieve the data. i can't even hit https://graph.microsoft.com/beta/bookingBusinesses/page_id/appointments anymore. Is there some issue with Microsoft ??? or is there an issue on my side.i’ve used graph explorer and im able to successfully retrieve the bookings api. could someone provide some feedback as this is becoming business critical as i need to obtain the data for reporting. Or maybe guide me on how i can retrieve an access token that never expires. It would be much appreciated if someone can really help me out. I've attached a screenshot of my flow failing.
Screenshot of HTTP with Azure AD failing . I've just also found out that i can query https://graph.microsoft.com/beta but i cant hit the BookingBusinesses api
Screen shot of https://graph.microsoft.com/beta working using connector
What i have already tried:
Deleted the connection and created it again
Created a connection using another account
Created App registrations and used the Client_id, tenant_id and client_secret to Created a connection using the HTTP request. but still doesn't work
Screenshot of HTTP Request Connector, but this still failed
App registration Permissions
For this problem, I test it by "Invoke an HTTP request" first but as I'm not familiar with this action, I didn't request it success. But we can also use "HTTP" action in microsoft flow to get the access token and use the access token to do the request as you mentioned in comments.
The reason for you failed to use the access token to request the graph api is you set the grant_type as client_credentials when you request for the access token. Since the permissions you added are "delegated" type but not "application" type, so we can not use "client_credentials" grant to get the access token. We need to use "password" as the grant_type (shown as below screenshot).
Then use "Parse JSON" action to parse the response of the "HTTP" request above to get the access token. And use the access token to request the graph api.
My guess is the flow connector lost its refresh token or something to that effect. you may need to just refresh your flow connector. either by switching accounts or smoething or deleting the azure ad connector and reconnecting it.
give that a try
I am using a tutorial: http://swift.openstack.org/development_saio.html
I'm currently trying to create a swift environment for some test, but got the following error when getting an X-Storage-Url and X-Auth-Token using test command.
UnauthorizedThis server could not verify that you are authorized to access the document you requested.
I am new for openstack, Ples help me..
Try Installing memcache in the server.
In Openstack swift Auth tokens are stored in memcache. So if memcache is not installed auth tokens are not stored which results in failure of authorization.
Hi
I am developing an application on android(3.0) and trying to use the Evernot API. I downloaded Evernote API with sample and trying to play with it.
I working with evernote sample application name "HelloEDAM" , when i run the application following error displays at screen
"Error initializing Evernote API".. i have the API consumer secret and consumer Key which is send by Evernote to me and also providing the right username and password. Any idea what could be the problem?
many thanks !!
That error is shown if we're unable to authenticate to Evernote. Common causes of this are:
Your application doesn't have internet permissions
Your consumer key and consumer secret are incorrect
You requested a web service API key, which must authenticate using OAuth, but are attempting to authenticate using username & password
You are using an Evernote username and password from our production service but are attempting to authenticate against our sandbox server
We also log a message that contains the exception that caused the error.