User not authenticated - autodesk-forge

Im trying to download a file as described in forge documentation.
So im getting an access token with scope=data:read for the first 2 steps :
curl
-v 'https://developer.api.autodesk.com/authentication/v1/authenticate'
-X 'POST'
-H 'Content-Type: application/x-www-form-urlencoded'
-d 'client_id=xxx&client_secret=xxx&grant_type=client_credentials&scope=data:read'
It works up to the GET hubs/:hub_id/projects endpoint.
Then, the GET projects/:project_id/folders/:folder_id/contents endpoint requires data:write, so im adding it:
curl
-v 'https://developer.api.autodesk.com/authentication/v1/authenticate'
-X 'POST'
-H 'Content-Type: application/x-www-form-urlencoded'
-d 'client_id=xxx&client_secret=xxx&grant_type=client_credentials&scope=data:read%20data:write'
It returns an access token without any issue, but when i use for this endpoint, i get a "User not authenticated" error.
I honestly dont know where its coming from, i tried without the url-encoded space as well, no difference.
Thanks in advance for any pointers in the right direction.

Related

Watson API - Retrieve and Rank - Error uploading JSON

I'm following the tutorial at Retrieve and Rank - Get Started, and I'm at the following step:
Issue the following command to upload the cranfield_data.json data to the example_collection collection. Replace {username}, {password}, {solr_cluster_id}, and {/path_to_file} with your information:
$ curl -X POST -H "Content-Type: application/json" -u "{username}":"{password}" "https://gateway.watsonplatform.net/retrieve-and-rank/api/v1/solr_clusters/{solr_cluster_id}/solr/example_collection/update" --data-binary #{/path_to_file}/cranfield_data.json
I'm lobbing the request with the correct username and password, and correct cluster_id and path to the json, but I get the following error:
$ curl -X POST -H "Content-Type: application/json" -u "username":"password" "https://gateway.watsonplatform.net/retrieve-and-rank/api/v1/solr_clusters/cluster_id/solr/example_collection/update" --data-binary #forum_data/parsed_answers.json
Error: WRRCSH006: Error forwarding request [/solr/example_collection/update] for Solr cluster [sc5b47c5e3_bab3_4aff_a818_f0d786d6dece].
Turns out there were characters in the JSON causing it be malformed.
Just verify the JSON "parsed_answers.json", to check for all the punctuations i.e. ";","," to be correctly placed and as per the defined schema, and try to re-upload

Publish to Chrome Webstore using the items.Publish API and cURL

We are developing a Chrome Extension and, as part of the release build, we want to publish it to the Chrome Webstore for testing.
We are using cURL to send the http requests.
Using the information in :
https://developer.chrome.com/webstore/using_webstore_api
we have successfully updated the store, but I am seeing an odd error when trying to publish it using the information in
"Publishing an item to trusted testers" in the above link.
The command line looks like this as suggested in the link above:
curl -H "Authorization: Bearer %refresh_token%" -H "x-goog-api-version: 2" -H "Content-Length: 0" -H "publishTarget: trustedTesters" -X POST -v https://www.googleapis.com/chromewebstore/v1.1/items/%app_id%/publish
When I run this I get an error back stating that the publish condition is not met. The error message states that we should set publish_to_trusted_testers=true, but I can find no documentation suggesting how or where I should set this.
Note that access tokens are working OK, and the PUT command to upload the new extension is also successful.
Any advice would be gratefully accepted.
Jon
https://developer.chrome.com/webstore/webstore_api/items/publish#parameters
The docs on https://developer.chrome.com/webstore/using_webstore_api don't currently point to the correct use of the api, but the publish docs are correct.
I tried url query and it succeeded:
curl \
enter code here-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "x-goog-api-version: 2" \
-H "Content-Length: 0" \
-X POST \
-v \
https://www.googleapis.com/chromewebstore/v1.1/items/$APP_ID/publish?publishTarget=trustedTesters

Is there an API call for changing user password on keycloak?

I am trying to implement my own form for changing a user's password. I tried to find an API for changing a user's password in Keycloak but I couldn't find anything in the documentation.
Is there an API for doing it?
you can use PUT /auth/admin/realms/{realm}/users/{id}/reset-password
{id} is the user id in keycloak (not the login)
Here is s sample body.
{ "type": "password", "temporary": false, "value": "my-new-password" }
UPDATE Keycloak 12
The solution described below will no longer work in Keycloak Versions 12 or higher as the developers decided to remove all Account Rest APIs as described in this issue.
Thanks to #Radivarig for pointing this out!
Solution for Keycloak 11
Keycloak recently introduced this feature, but it's currently still in preview and therefore not documented.
To make it work, you need to activate the account_api feature by starting keycloak with the parameter -Dkeycloak.profile.feature.account_api=enabled like so:
bin/standalone.sh -Dkeycloak.profile.feature.account_api=enabled
(source: https://www.keycloak.org/docs/latest/server_installation/index.html#profiles)
After that, you can use POST /auth/realms/your-realm/account/credentials/password and provide the http Header Accept: application/json. The header will make keycloak use a RestAPI-Service which is accepting and returning JSON (instead of the default form-based one which is only accepting x-www-form-urlencoded and returns HTML.)
As Request-Body, provide a JSON like this:
{
"currentPassword": "oldPassword",
"newPassword": "newPassword",
"confirmation": "newPassword"
}
A full example with curl would look like this:
curl --request POST 'https://path-to-your-host.com/auth/realms/your-realm/account/credentials/password' \
--header 'Accept: application/json' \
--header "Authorization: Bearer $ACCESS_TOKEN" \
--header 'Content-Type: application/json' \
--data-raw '{
"currentPassword": "oldPassword",
"newPassword": "newPassword",
"confirmation": "newPassword"
}'
Note that - as written above - this feature is still in preview and might change in the future. So use it with caution!
Rather than specifying a new password manually a better security practice is to use the
PUT /auth/admin/realms/{realm}/users/{id}/execute-actions-email
admin call with "UPDATE_PASSWORD" as the required action. This causes Keycloak to send an email to the user that gives a magic link for the user to set a new password.
Note: {id} is the user id in keycloak (not the login)
As Keycloak Admin REST API suggests you can send a PUT requqest to keycloakEndpoint/auth/{realm}/users/{id}/execute-actions-email to execute actions against user. you need to obtain an admin access token as described here
TL;DR: The better way to do it via web app
keycloak.login({
action: "UPDATE_PASSWORD",
})
For more info: https://www.keycloak.org/docs/latest/securing_apps/#login-options
:-)
#!/bin/bash
#CHANGE ADMIN PASSWORD
apt update
apt install -y curl jq
KEYCLOAK_HOST=http://127.0.0.1:8080
ADMIN_USER_OLD_PASSWORD=
ADMIN_USER_NEW_PASSWORD=
TOKEN=$(curl -s -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d "username=admin&password=$ADMIN_USER_OLD_PASSWORD&client_id=admin-cli&grant_type=password" "$KEYCLOAK_HOST/auth/realms/master/protocol/openid-connect/token" | jq -r ".access_token" ;)
ADMIN_USER_ID=$(curl -s -X GET -H "Authorization: Bearer $TOKEN" -H "Content-type: application/json;charset=UTF-8" -H 'Accept: application/json' "$KEYCLOAK_HOST/auth/admin/realms/master/users" | jq -r '.[] | select(.username=="admin") | .id' )
curl -s -X PUT -H "Authorization: Bearer $TOKEN" -H "Content-type: application/json;charset=UTF-8" -H 'Accept: application/json' "$KEYCLOAK_HOST/auth/admin/realms/master/users/$ADMIN_USER_ID/reset-password" -d "{\"type\":\"password\",\"value\":\"$ADMIN_USER_NEW_PASSWORD\",\"temporary\":false}"
constructor(
private keycloakService: KeycloakService,
) { }
onPasswordChangeButtonClick(){
this.keycloakService.login({
action: "UPDATE_PASSWORD",
});
}
please try this approach to change the password
This worked for me:
https://github.com/keycloak/keycloak/pull/7393#issuecomment-1103532595
But you have to see if you can use a custom theme, if you want a different form than the default from keycloak.
No, OAuth and OpenID Connect protocols doesn't define such feature and Keycloak also doesn't have ability to do this on user's behalf. There is a server-to-Server Admin API that alows to change the user's password or reset it but you can't call it from GUI.
But the Keycloak provides some kind of "My Account Page" by url like http://localhost:8080/auth/realms/your-realm/account/ - replace your-realm part of URL and just redirect a user to it.
In documentation it called User Account Service
Also if you use auto discovery you can obtain the url by reading account-service from JSON by URL http://localhost:8080/auth/realms/your-realm

Github returns "Problems parsing JSON" when trying to create repo using curl

I'm attempting to create a repo on github using curl. No matter how I attempt to format my JSON it always returns "Problems parsing JSON". Is there something I'm missing? Here is my statement:
curl --data '{"name":"newRepoName"}' -XPOST -u username:password http://giturl
Strange since it works for me. Are you using the correct GitHub API endpoint (/user/repos)?
curl --data '{"name":"testrepo"}' -X POST -u username https://api.github.com/user/repos
Try including your token or password like this
curl --data '{"name":"testrepo"}' \
-X POST -u username:$TOKEN \
https://api.github.com/user/repos

Create new gist with Github API v3 using curl

After fighting for quite some time for posting a private gist to Github using their API V3 I almost gave up. Almost. May be some one have also faced similar problem or know what might be the reasoning of the following behavior:
Right now the curl command looks like following:
curl -H "Authorization: bearer MY_AUTHORIZATION_TOKE" -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"public":false,"files":{"test.txt":{"content":"String file contents"}}}' https://api.github.com/gists
I also tried
curl -H "Authorization: bearer MY_AUTHORIZATION_TOKE" -X POST -d '{"public":false,"files":{"test.txt":{"content":"String file contents"}}}' https://api.github.com/gists
I am able to create gist without authorization token using exactly same data:
curl -X POST -d '{"public":true,"files":{"test.txt":{"content":"String file contents"}}}' https://api.github.com/gists
But in that case it will be anonymous
Same results if I am truing to post it as public
In any case Github returns me
HTTP/1.1 404 Not Found
{
"message": "Not Found"
}
I am pretty sure I am authorized, as curl -H "Authorization: bearer MY_AUTHORIZATION_TOKE" https://api.github.com/user returns me my user details.
Application scope is as:
https://github.com/login/oauth/authorize?client_id=...&scope=gist
So, it should have both read and write permission.
Your OAuth2 token doesn't appear to have the required gist scope.
If you run the curl commands with the -v argument you can see the scope sent to request (X-OAuth-Scopes header) and the scope required for the request (X-Accepted-OAuth-Scopes header) to successfully be performed using the token sent.
If you don't see gist listed in the X-OAuth-Scopes header value then that is your problem.