Code that was previously working to get the logged in user is now failing. For the default role I have a few permissions including this one (in the list at /roles/xxx/permissions):
"get:/users/me"
To verify I didn't break something in the API, I logged in from Curl (names modified to protect the guilty):
curl -X POST "https://api.usergrid.com/xxx/xxx/token" -d '{"grant_type":"password", "username":"test", "password":"xxx"}'
This gets a valid response with an access token:
{"access_token":"YWMxxxNnAHCEeSEEUF6k0-adAAAAUcaO_3R5IcK1ftFnDt0x52NVSoHEATWD6Q","expires_in":604800,"user":{"uuid":"a2517xxx-d3dc-11e3-b4fb-17caf255a670","type":"user","name":"Test User","created":1399243032076,"modified":1399243032076,"username":"test","email":"test#test.com","activated":true,"picture":"http://www.gravatar.com/avatar/b64xxx217b34b1e8d3bd915fc65c4452"}}
Using this access token, compose the Curl request to get /users/me:
curl -X GET https://api.usergrid.com/xxx/xxx/users/me?access_token=YWMxxxNnAHCEeSEEUF6k0-adAAAAUcaO_3R5IcK1ftFnDt0x52NVSoHEATWD6Q
Now instead of working as I believe it used to, I get this:
{"error":"unauthorized","timestamp":1404289792782,"duration":0,"exception":"org.apache.shiro.authz.UnauthorizedException","error_description":"Subject does not have permission [applications:get:d5e9e5a0-d310-11e3-a524-df009e0fbc2f:/users/a25174ca-d3dc-11e3-b4fb-17caf255a670]"}
Have I broken something and just missing it? I tried deleting the permission and recreating it but that didn't help either. Thanks!
To my knowledge, you cannot use 'me' as the entity to retrieve self. You would need to specify the actually username or uuid of the user entity. Luckily when you retrieve a token, that info is passed back in the response, so you can save it.
See getting a user in the Apigee docs.
#remus question prompted me to find an example on the security page to show where I had gotten the permission from. However, the page http://apigee.com/docs/app-services/content/managing-access-defining-permission-rules now shows this example:
GET,PUT,POST,DELETE:/users/me/**
I'm fairly certain that wasn't the case earlier as this code had been working for weeks with the prior permission. Maybe I bumped my head :-) hopefully anyone else having this problem will find this. The curl examples posted in the question now work fine with this permission set (although I only added GET permission in my case).
Related
I am new to firebase and wanted to update the Authorized domains(was able to add domains a few weeks ago) for the authentication, but I am unable to delete or modify the domains. The website throw an "Error updating authorized domain list" error. Am I missing something?
I had same issue with the result that for any reasons one of the already listet domain was entered with https://.This produces an error. When you add a new url the old one in the list get send also with the request (look in dev console of your browser). If there are invalid values you get an error of invalid parameters (look also in dev console of your browser) but the user interface just say "error".
Its a little bit weird, maybe some month ago an entry with https:// was possible.
I had to delete the entry https://mydomain.de, after that I was able to replace it with mydomain.de without and also any other new domain.
For sure just one possible reason of problems with whitelisting, but maybe it helps someone.
I was having the same issue (using Chrome). I noticed it worked for Krueger
in Safari. I just opened up the Firebase authentication settings in Edge and had no problem adding a domain!
i already tried to find an answer here on nearly at any place at the web, but didn't find an answer that helped me out here - so i'm trying it here with this question:
i have to to get some information from a server in a domain, using https via indy components and the windows authentication. that's working quite fine (via IdHTTP1.Get(sURI)), the server logs are showing this (domain/user/request) and the response is always valid.
afterwards i try to post now some new values to the requested data, but this fails, since i get a "401" authenticaion error. BasicAuthentication=false, and HTTPOptions=[hoInProcessAuth,hoForceEncodeParams] via IdHTTP1.Post(sURI, Req_Json), where Req_Json is a UTF-8 encoded TStringStream. Now (and only when trying to POST) the IdHTTP1Authorization event is triggered twice, even if I do a handled=true there (read somewhere in a forum) it fails, if I do nothing there I get the same result: 401. There were some tips about the IdHTTP1SelectAuthorization event, but with that I had no luck, too.
Any ideas, where to start to get this solved? If there are any questions open, don't hesitate to ask!
p.s.: trying to post the same information via postman works correctly - so i guess it's about delphi/indy ...
Linkedin has a whole slew of fields to pull them with their API. But they say they want you to apply for something before you can request the fields (see a screenshot below). My question is, can I query those fields during development to test my app? Now Linkein returns error, if I try to request them. And Linkedin doesn't say anything about it in their API docs.
InternalOAuthError: Failed to obtain request token
Here is a screenshot.
I still don't know the answer whether I can test the behavior during development.
However, with trial and error method I found what permissions generate error in Linkedin. Lol thing is that you can request fields from those permissions just fine (no error throws), but cannot request permissions.
Fields from forbidden permissions (do not throw even if permissions are omitted in a request):
['languages', 'date-of-birth', 'phone-numbers', 'im-accounts'],
Forbidden permissions that throw:
['r_fullprofile', 'r_contactinfo'],
I want to comment on post with graph api
but dont work graph api
https://graph.facebook.com/id/comments?access_token=&message= test
Sadly I don't know how to use the Facebook Graph API, or HTTP, but I googled for how to post comments, and found this in the API documentation:
Publishing
You can publish new comments to any object as below:
POST /v2.2/{object-id}/comments HTTP/1.1
Host: graph.facebook.com
message=This+is+a+test+comment
Permissions
A user access token with publish_actions permission can be used to publish new comments.
The same user must also be able to comment on the object.
The can_comment field on individual comment objects indicates whether it is possible to reply to that comment by
publishing another.
You might be able to use this, but change the message to whatever specifies your graph.
However, keep in mind that this might not work, because I have no experience with the Facebook Graph API. I found this in the documentation.
I have created AccessTokenClientCredential and RefreshAccessToken in OAuth proxy through Apigee tool.
When I tried to access "https://damuorgn-prod.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials&client_id=07VoDotbGhyl3aG8GxjkyXivoTNH9oiQ&client_secret=fb8ZOrAUUSGp3FAv" URL after mentioning client Id and client secret ID, page is empty. It does not displays any error or displays with Token value.
Steps followed to create token from below URL
"http://apigee.com/docs/gateway-services/content/secure-calls-your-api-through-oauth-20-client-credentials".
Please advise.
Regards,
Damodaran
I tried both Test and Prod environment but there was no luck.
I have requested for Curl software installation. Is there any other way to test this URL without Curl software. Your immediate reply is appreciated. Thanks!
Curl https://damuorgn-test.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials -X POST -d 'client_id=qnYUqb6j3uGraRAh7JF9d651nUXNwMCC&client_secret=mjHIFMcTDCa3YQ6f'
Could you please check on this link from Curl software ?
It looks like there may be a couple of issues:
When I try your URL, I get a "CLASSIFICATION_FAILURE" error - which means the proxy can't be found. I noticed that you're using "damuorgn-prod.apigee.net" when you might have deployed your proxy to the test environment, and meant to use: "damuorgn-test.apigee.net".
In step 5.2 of the document you referenced, it says to use POST instead of GET. So you might try this:
curl https://damuorgn-test.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials -X POST -d 'client_id=07VoDotbGhyl3aG8GxjkyXivoTNH9oiQ&client_secret=fb8ZOrAUUSGp3FAv'
(When I try this, I get an "invalid client id" error, but maybe that client_id is no longer valid?)
Hope that helps,
Scott