I configured a REST webservice (a Spring Boot webapplication) on WSO2 AM and used the default /* mapping for resources. My webservice takes an assignee (text) and file parameters.
When I perform the calls, I've noticed that request parameters are not forwarded (HTTP Headers are) to the backed services. For example:
curl -i -X POST -H "Content-Type: multipart/form-data" -H "X-PD20-BillingSubscriptionId: e87d4400-b05f-4f40-9c39-06ae4d28cf4d" -H "Authorization: Bearer rrxRV5F6jdkSBcEPXv7I1yFl2x8a" -F "documentFile=#src/test/resources/sample-files/test-fea-1firma.pdf" -F "assignee=bla.bla#gmail.com" http://api.linksmt.it:8280/fea/1.0.0/signRequest
As you can see, It's a form that posts 2 fields, one of them being a file and another a simple text field.
The call is succesfully forwarded to the backed service but without the actual fields values (the headers instead are correctly passed, though their keys are lower-cased, that is "X-PD20-BillingSubscriptionId" is passed as "x-pd20-billingsubscriptionid").
Any hint on why is this happening?
Thanks
Ok, the problem was the same as described in multipart form data file upload using WSO2 API manger ? and I had to uncomment the declarations for
within the $WSO2_AM/repository/conf/axis2/axis2.xml file (and restart the server).
Related
Normally we are able to play around with REST APIs related to application, since the application has method to let us create a JWT Token for authentication.
But we are unable to create an application, don’t understand where and we can get the token to authorize us to let us create an application.
Let me tell step by step how to do that
Open the file {AMS_INSTALL_DIR}/webapps/root/WEB-INF/web.xml and change the following line
<filter-class>io.antmedia.console.rest.AuthenticationFilter</filter-class>
with this one
<filter-class>io.antmedia.console.rest.JWTServerFilter</filter-class>
Open the file {AMS_INSTALL_DIR}/conf/red5.properties and change the following lines
server.jwtServerControlEnabled=false
server.jwtServerSecretKey=
with these ones. You can use any 32 character alphanumeric key.
server.jwtServerControlEnabled=false
server.jwtServerSecretKey=WRITE_YOUR_32_CHARACTER_SECRET_KEY
For our sample we use cizvvh7f6ys0w3x0s1gzg6c2qzpk0gb9 as secret key
Restart the service
sudo service antmedia restart
Generate JWT Token. There are plenty of libraries that you can do programmatically. The easiest way for now is using JWT Debugger. So our generated token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk
Make the call to Create Application as follows
curl -X POST -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk" "https://ovh36.antmedia.io:5443/rest/v2/applications/testapp"
The result should be something like {"success":true,"message":null,"dataId":null,"errorId":0}
The app should be generated in a couple of seconds. You can get the list of the applications with the following command
curl -X GET -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk" "https://ovh36.antmedia.io:5443/rest/v2/applications"
References:
Web Panel REST Methods
Web Panel REST Methods JWT Documentation
I have created an application in the developer portal in WSO2 and am trying to generate a token using this curl command:
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=password&username=alex&password=alex123&scope=somescope" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But I get the below response:
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
I have tried also the following command :
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=client_credentials&client_id=&client_secret=" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But with no success, I can generate the token from the devportal no problem but while executing it does not recognize the client for some reason. Could someone tell me what might be the problem for this.
You are missing the client id and secret in the Authorization header. You need to base64 encode client id and secret.
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=Username&password=Password" -H "Authorization: Basic Base64(clientid:client_secret)"
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic VjhZRVdfUldISURZb0hJSU5yOTczVEhqYnBnYTpyVGg4N1VhUERPdGFlN25GUFFLc1pCR2FJdm9h"
So I kinda half solved it because it is still not giving me the desired behavior. In carbon port 9444 I added a user and assigned it roles to the application that I want the token and when executed the curl i got the token did the same thing for carbon but with port 9443 and it still displays as
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
Is there a reason for this?
The following are the complete steps on registering an application in devportal, generating the client credentials, generating the access token, and using the access token to invoke the API calls. Please note that all these steps are achieved via the wso2am-3.2.0 devportal REST API calls.
WSO2 REST APIs are protected using OAuth2 and access control is achieved through scopes. Before you start invoking the API, you need to obtain an access token with the required scopes. This guide will walk you through the steps that you will need to follow to obtain an access token. First, you need to obtain the consumer key/secret key pair by calling the dynamic client registration (DCR) endpoint. You can add your preferred grant types to the payload. A Sample payload is shown below.
{
"callbackUrl":"www.google.lk",
"clientName":"rest_api_devportal",
"owner":"admin",
"grantType":"client_credentials password refresh_token",
"saasApp":true
}
Create a file (payload.json) with the above sample payload, and use the cURL shown below to invoke the DCR endpoint. The authorization header of this should contain the base64 encoded admin username and password. Format of the request
curl -X POST -H "Authorization: Basic Base64(admin_username:admin_password)" -H "Content-Type: application/json" -d #payload.json https://<host>:<servlet_port>/client-registration/v0.17/register
Following is a sample response after invoking the above curl.
{
"clientId": "fOCi4vNJ59PpHucC2CAYfYuADdMa",
"clientName": "rest_api_store",
"callBackURL": "www.google.lk",
"clientSecret": "a4FwHlq0iCIKVs2MPIIDnepZnYMa",
"isSaasApplication": true,
"appOwner": "admin",
"jsonString": "{\"grant_types\":\"client_credentials password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api_devportal\"}",
"jsonAppAttribute": "{}",
"tokenType": null
}
Next, you must use the above client id and the secret to obtain the access token. We will be using the password grant type for this, you can use any grant type you desire. You also need to add the proper scope when getting the access token. All possible scopes for devportal REST API can be viewed in the OAuth2 Security section of this document and the scope for each resource is given in the authorization section of resource documentation. Following is the format of the request if you are using the password grant type.
curl -k -d "grant_type=password&username=<admin_username>&password=<admin_password>&scope=<scopes separated by space>" -H "Authorization: Basic base64(cliet_id:client_secret)" https://<host>:<gateway_port>/token
Shown below is a sample response to the above request.
{
"access_token": "e79bda48-3406-3178-acce-f6e4dbdcbb12",
"refresh_token": "a757795d-e69f-38b8-bd85-9aded677a97c",
"scope": "apim:subscribe apim:api_key",
"token_type": "Bearer",
"expires_in": 3600
}
Now you have a valid access token, which you can use to invoke an API. Navigate through the API descriptions to find the required API, obtain an access token as described above and invoke the API with the authentication header. If you use a different authentication mechanism, this process may change.
For further details please refer https://apim.docs.wso2.com/en/3.2.0/develop/product-apis/devportal-apis/devportal-v1/devportal-v1/#section/Authentication
I am configuring a solar device on the field that runs a small web server to upload data to a web service.
However the web service needs to have authentication and ssl. There is a way to configure an upload url endpoint but not a way to save the headers to a file etc.
Is it possible to login pass the headers to the next request and post data all in one request?
Something like
curl -d "email=sadf#yahoo.com&password=asds&submit=Login" --dump-header headers http://localhost:3000/users/login **>** curl -X POST http://localhost:3000/test --data-urlencode point="<status>A note</status>" -H 'Content-Type: application/xml'
I am learning REST API and URI design and I have found one here:
https://raw.githubusercontent.com/JeanVEGA/MI-MPR-DIP-Admission/master/examples/requests.sh
I have a few questions.
There is for example:
User.resetPassword, anonymous by User's {email}
curl -i -X POST http://localhost:9090/admission/services/user/person/email:{email}/reset_password
I do not understand construction email:{email}... what does it mean? It means that if I have String path param, I need to do it in this way?
The similar is here:
Term.get
curl -i -H "Accept: application/json" -H "X-CTU-FIT-Admission-Session: [session identifier from User.identity]" http://localhost:9090/admission/services/term/dateOfTerm:{dateOfTerm}/room:{room}
room:{room} - Is this because room should be for example 123ABC? So it is not a number so it need to be written in this way?
And my last question:
User.resetPassword for User by Admission Code, send notification to User's Email and this {email}
curl -i -H "X-CTU-FIT-Admission-Session: [session identifier from User.identity]" -X POST http://localhost:9090/admission/services/user/admission/{admissionCode}/person/email:{email}/reset_password
My poiont of question is "reset_password" ... I thought due to right design principles that no verb should be in URI... because if the verb is in URI, I thought that it means that resource is actually an operation.
That url can be only a resource identifier. So this is an url template which waits a unique email address as a parameter. A filled in template should look something like this:
./person/email:my#email.adr/reset_password
note:
The reset_password is not a valid REST resource (it describes a service not a resource) and the POST method is mostly for resource creation (not for update or partial update). Real REST requests look like this:
PUT ./person/email:{email}/password "newpass"
PUT ./person/{id}/password "newpass"
PUT ./person/email:{email}/identification_factors/password "newpass"
PATCH ./person/email:{email}/identification_factors {password: "newpass"}
and so on...
I use this shell:
(1)curl -X POST http://localhost:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "changzhi", "password":"dddddd"}}}' -H "Content-type: application/json"
And in http.log I find a instance:
(2)url -i -X GET http://10.0.3.139:35357/v3/projects -H "User-Agent: python-keystoneclient" -H "Forwarded: for=10.0.3.139;by=python-keystoneclient" -H "X-Auth-Token: 04ef789a010c6f252a9f572347cac345
Q:In (1), I can get a long json string. It include token.id . But I don not know what the difference between X-auth-token in (2) and token.id . Could someone tell me the difference ?Thank you !
Since the first query is against the endpoint for port 5000, it is handing back a user token.
The second query is against the endpoint for port 35357, typically set up as the management endpoint for Keystone. So that token will be different, plus the call is against /projects not /tokens.
You can pass X-auth-token as a header for subsequent http requests, but realize that admin tokens and user tokens offer differing access to resources.
Keystone services are provided by 2 endpoints, one having port 5000 and other being 35357.
35357 port offers admin related operations whereas port 5000 offers general API functionality.
Tokens can be Scoped (for specific Project/Domain) or Unscoped (generated just with username/password).
When you request a Token using v2 api , you receive tokenId in the response whereas in v3 api the tokenId is in response header for key : X-Subject-Token.
You need to provide X-Auth-Token in every API request . You can also use super user in X-Auth-Token header. Super user token is present in keystone.conf (admin_token key)