I have declared the following policy:
<validate-jwt header-name="MyCustomHeader" failed-validation-httpcode="401" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
<openid-config url="https://mytentant over here" />
</validate-jwt>
The problem is that I always get an error if I my request contains the Bearer keyword before the actual token... if I send the token plain and simple, it works!
Also, if instead of using MyCustomHeader I use the "official" Authorization header, the behavior switches back and the Bearer keyword becomes mandatory
Related
When I test with Advanced Rest Client(Arc) all nine API calls to REST API works fine.
I use method Get with two headers the first is Authorization Bearer
the second one is Content-type application/json. It works even if I remove
header Content-type application/json
Here is a screenshot of the response from Arc. This same REST API call give error from Azure Data Factory(ADF).
Sceenshot from Arc
I call nine REST API from Azure Data Factory(ADF) with the same base url but different Relative URL.
Out of these nine 6 works perfect.
When I use Azure Data Factory(ADF) I use additional header
Authorization Bearer #{activity('GetToken').output.access}
What is strange is that the exact same call from Arc works fine but I get error when I call from ADF. Note also that I get the exact same error if I remove the additional header
Authorization Bearer #{activity('GetToken').output.access}
I mean that the code in REST API doesn't know if the call is comming from Arc or ADF.
Note also the the error is from the source side so my call to REST API with method GET
can't be handled by the REST API code for some reason.
According to the documentation for the REST API it says that
Headers Content-type application/json and
Authorization Bearer
I tried to add a second additional header in ADF Headers Content-type application/json
but I get REST connector ignores any "Content-Type" header specified in additional headers when request body is empty.
I have tried to find any sensible information about my error but there no one that have had any similar. What I find very strange is that 6 Rest API calls works fine and the json that we receive when using Arc is valid.
I don't realy understand the error message when saying
Requested format \u0022application/json\u0022 is not supported
Supported MIME types are \u0022application/ld+json\u0022
Here is the complete error message I get Screen shot of error message for ADF
Your response data is JSON LD (Json linked data). Hence you are seeing this error.
To avoid this error use Content-Type header value as application/ld+json.
I have added the policy to validate jwt token in APIM. right now it validates and send error message and its all working fine. I am trying to send different error message for different scenario for e.g if the toke is not there or invalid I will return 401 with invalida token as error message or if the toekn is expired I want to send 401 with token is expired message. for this I am using something like below, is there any other way we can achieve instead have two different same policy?
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Invalid token or token not found." require-expiration-time="false" require-signed-tokens="true">
<openid-config url="server.config" />
<audiences>
<audience>serveraud</audience>
</audiences>
<issuers>
<issuer>serveriss</issuer>
</issuers>
</validate-jwt>
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Token Expired." require-expiration-time="true" require-signed-tokens="true">
<openid-config url="server.config" />
<audiences>
<audience>serveraud</audience>
</audiences>
<issuers>
<issuer>serveriss</issuer>
</issuers>
</validate-jwt>
You can put a condition check on the "failed-validation-error-message" in the policy. You may leverage "choose" condition :
https://www.codit.eu/blog/azure-api-management-conditional-policies/
APIM Policy to convert and incoming GET request to a POST request for my back end service
passing authorization token to subsequent request using JSON extractor in jmeter.
I have 2 requests
Token
Get Policy
Scenario : Generate the token and pass that token in header of 'Get Policy' request.
I have generated token and extracted using JSON extractor (name of the variable is TOKEN)
and Using Debug sampler i verified that bearer token is extracted.
after that i added 'HTTP Header Manager' to the next request. and added Authorization there like
Name = Authorization and Value = ${TOKEN}.
Getting 'Unauthorized access running the script while running the script for second (Get Policy) request.
For Bearer authorization, your header value must be Bearer YOUR_TOKEN, you missed Bearer keyword in value and HTTP Header Manager can not understand your authorization method.
Name = Authorization and Value = Bearer ${TOKEN}
I hope this can help you
As per RFC 6750
When sending the access token in the "Authorization" request header
field defined by HTTP/1.1 [RFC2617], the client uses the "Bearer"
authentication scheme to transmit the access token.
For example:
GET /resource HTTP/1.1
Host: server.example.com
Authorization: Bearer mF_9.B5f-4.1JqM
So correct configuration of the HTTP Header Manager would be:
I'm testing the Authorization Code Grant protocol on the instance of KeyRock GE at FIWARE-Lab using DHC web client.
So far I have succeeded on implementing the Authorization Request, and I obtain the code to be used on the Access Token Request. The URL for the Authorization Request is the following (although not executed on DHC, but on a regular browser so I can introduce my user and password):
https://account.lab.fiware.org/oauth2/authorize/?response_type=code&client_id=2122&redirect_uri=http%3A%2F%2Flocalhost%2FCallback
I have checked that the client_id and the redirect_uri are both correct against the values related with my application at my account at FIWARE-Lab.
Executing the following request (can't post images, so I'll describe)
POST
https:// account.lab.fiware.org/oauth2/token?grant_type=authorization_code&code=<code>&redirect_uri=http%3A%2F%2Flocalhost%2FCallback -- <code> is the code obtained on the Auth. Request
Authorization: Basic <XXXX> --- <XXXX> is the result of base64(client_id+":"+client_secret)
Content-Type: application/x-www-form-urlencoded
...I get the following error message:
{
"error":{
"message": "create_access_token() takes exactly 3 arguments (2 given)",
"code": 400,
"title": "Bad Request"
}
}
I've checked the authorization is correct (Basic using the OAuth credentials from my application), and I'm using the same redirect_uri used at the previous Authorization Request, and the code obtained from it.
¿What is wrong?
P.S.: If I remove any or all of the query parameters, I still get the same error
Don't pass the parameters in the url. Instead, add them to request's body as query string:
POST /oauth2/token HTTP/1.1
Host: account.lab.fiware.org
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <XXXX> --- <XXXX>
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=1234&redirect_uri=http%3A%2F%2Flocalhost%3A9000%2Fcodecallback.html
I suggest to follow the steps in the presentation:
Adding Identity Management and Access Control to your Application
It gives you details about what are the different requests that you have to follow and also what are the expected response of them.
I am having a native application in facebook. I tried to post to a user wall using the following header format
https://graph.facebook.com/100002944254185/feed?message=today
Authorization: OAuth oauth_version=1.0,oauth_nonce=5887e5b11904194f7d217e9b7f795d62, oauth_timestamp=1317623602,
oauth_consumer_key=129042607197622,
oauth_token=AAAB1XRLDTbYBAIfcTKw3mowkwjld89A4K7JVQHZAOM60Tmb8za6wjNq8sPTuHhiAVojKyXm9r1SB3OWlSkKWI2sn9lSAwQGE0giA0UTgCfgXcd0ZCe, oauth_signature_method=HMAC-SHA1,
oauth_signature=GKl%2Bvf3Vaq25XY7dTnb%2FJg3fip8%3D
Content-Type: application/X-WWW-form-urlencoded
when executing getting an error as
HTTP/1.1 400 Bad Request
WWW-Authenticate: OAuth "Facebook Platform" "invalid_request" "Expected 1 '.' in the input between the postcard and the payload"
Can anyone say what does this mean?
Instead of https://graph.facebook.com/100002944254185/feed?message=today and then the messy Authorization tags below it, just append the access_token onto the querystring of the https call so it looks like https://graph.facebook.com/100002944254185/feed?message=today&access_token=xxxx and HTTP Post that.