Everything works great with Postman and authorization_code grant. But I am trying to connect to FHIR with client_credentials flow, meaning no UI.
I am calling the url https://login.microsoftonline.com/xxxxxxxx-c9a9-4be5-a9f7-xxxxxxxxxxxx/oauth2/v2.0/token with the parameters:
grant_type: client_credentials
client_id: [my fhir application ID]
scope: https://[myCompany].azurehealthcareapis.com/.default
client_secret: [mySecret]
With that, I get back a token
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL2JvbmZoaXIuYXp1cmVoZWFsdGhjYXJlYXBpcy5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wZjIzNjI5Yy1jOWE5LTRiZTUtYTlmNy1iZGI1ODU1M2Q3YjUvIiwiaWF0IjoxNjIyMjMwNjExLCJuYmYiOjE2MjIyMzA2MTEsImV4cCI6MTYyMjIzNDUxMSwiYWlvIjoiRTJaZ1lERGJ3WFZqendaRGt4M25ZcmhXcnNoMEJBQT0iLCJhcHBpZCI6ImY3YTA0ZWZjLTE1YjItNDVlMi05NzU5LWI0ZGQ0ZTdjN2Q5ZiIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzBmMjM2MjljLWM5YTktNGJlNS1hOWY3LWJkYjU4NTUzZDdiNS8iLCJvaWQiOiJlYTFiMmI4MC1kYTdiLTQ2YmEtYjgyOS01YzdlNTllZmVmYzciLCJyaCI6IjAuQVhjQW5HSWpENm5KNVV1cDk3MjFoVlBYdGZ4T29QZXlGZUpGbDFtMDNVNThmWjkzQUFBLiIsInN1YiI6ImVhMWIyYjgwLWRhN2ItNDZiYS1iODI5LTVjN2U1OWVmZWZjNyIsInRpZCI6IjBmMjM2MjljLWM5YTktNGJlNS1hOWY3LWJkYjU4NTUzZDdiNSIsInV0aSI6InYwSnhfOEM0c1VtQ1ZGQUZoY3AtQWciLCJ2ZXIiOiIxLjAifQ.QMHS5OoWYflq30owYolvwzDkRJm4sG29G11Z_Qct_pPuj_ULm6hR4vC_jydqsq7eDFGxA1wb_Y8hJXVKTHBu1ij9_SKSlKhNZ6KmkqrvOhTaADFGw36albKNgII_xzA-gmeAOKQuKX9Q9wZmPfJETx5NJuJnG1qAnexvhQkhMv8AgiznnU9VbaIoAAvObHx9E5Pb5nesSmOhVwMxZRjBrTHqz9ryFUDYq3Pciuz6HvVF7ro9IijUg9d8r2da8HuXGXvZiJXkfiEW6OuR1RLv9QDol6WjAOKTB12q07iFFgDL0UTinWLY--3dn0raVyd7ZtT_yzLNRZ9iqX_XXXXX"
}
Now when I call the url https://[myCompany].azurehealthcareapis.com/Patient I get 401 response.
{
"resourceType": "OperationOutcome",
"id": "114e91311cbd11458e3d3284db6c9826",
"issue": [
{
"severity": "error",
"code": "login",
"diagnostics": "Authentication failed."
}
]
}
This is what I have for Api Permissions
On the Fhir service, select Access control (IAM) from the left menu (if you are using Azure RBAC).
From there, click on Role Assignments
Then search for your your App Registration
This allows your app to have permissions to the Fhir service outside of that of the logged in users.
Related
Can anyone please help with rest api of ejabberd's set preference
following is the request body
{
"user": "venkat",
"host": "localhost",
"resource": "tka1",
"type": "available",
"show": "away",
"status": "",
"priority": "0"
}
when I am trying to hit api i am getting response as "internal_error".
IN logs, I could see below statement
REST API Error:
set_presence([{<<"user">>,<<"venkat">>},
{<<"host">>,<<"localhost">>},
{<<"resource">>,<<"tka1">>},
{<<"type">>,<<"available">>},
{<<"show">>,<<"away">>},
{<<"status">>,<<>>},{<<"priority">>,<<"0">>}])
-> exit:{noproc,{p1_server,call,[none,
{set_presence,{presence,<<>>,available,<<>>,
{jid,<<"venkat">>,<<"localhost">>,<<"tka1">>,<<"venkat">>,<<"localhost">>,<<"tka1">>},
{jid,<<"venkat">>,<<"localhost">>,<<>>,<<"venkat">>,<<"localhost">>,<<>>},away,[],0,[],#{}}},1000]}}
[{p1_server,call,3,[{file,"src/p1_server.erl"},{line,210}]},{mod_http_api,handle2,4,[{file,"src/mod_http_api.erl"},{line,268}]},{mod_http_api,handle,4,[{file,"src/mod_http_api.erl"},{line,229}]},{mod_http_api,perform_call,4,[{file,"src/mod_http_api.erl"},{line,189}]},{mod_http_api,process,2,[{file,"src/mod_http_api.erl"},{line,142}]},{ejabberd_http,process,2,[{file,"src/ejabberd_http.erl"},{line,373}]},{ejabberd_http,process_request,1,[{file,"src/ejabberd_http.erl"},{line,496}]},{ejabberd_http,process_header,2,[{file,"src/ejabberd_http.erl"},{line,293}]}]
Using ejabberd 20.07 version
That API is used to set presence of an existing XMPP session.
In your experiment, is the account venkat#localhost logged in the server with resource "tka1"?
We have a hybrid Exchange deployment. Trying to create a subscription to get updates, creates, deletes on Calendar and Contacts.
In Graph Explorer I'm logged in as an Office 365 user that has full access to the On-Premise mailbox I'm trying to access (user#domain.com). I'm entering:
POST | v1.0 | https://graph.microsoft.com/v1.0/subscriptions
Request Body:
{
"changeType": "updated",
"notificationUrl": "https://our.URL/WebHooks/Graph/GraphMessagesHook.php",
"resource": "users/user#domain.com/contacts",
"expirationDateTime": "2018-10-23T04:00:00Z",
"clientState": "secret"
}
Response is:
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: NotFound; Reason: Not Found]",
"innerError": {
"request-id": "981c0892-e6d8-490b-838d-880d8268037f",
"date": "2018-10-20T20:32:07"
}
}
}
As a test, I created another user in Office 365 and did the same request body:
{
"changeType": "updated",
"notificationUrl": "https://our.URL/WebHooks/Graph/GraphMessagesHook.php",
"resource": "users/userOn365#domain.com/contacts",
"expirationDateTime": "2018-10-23T04:00:00Z",
"clientState": "secret"
}
This time instead of a 404 NotFound, I got a 403:
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: Forbidden]",
"innerError": {
"request-id": "1f378cf0-b1ec-4b87-ba03-8dee120b748b",
"date": "2018-10-21T20:42:46"
}
}
}
What am I missing?
The Microsoft Graph API for on premise mailboxes is only a subset of the cloud functionality.
Don’t think they implemented subscriptions for on-premise mailboxes. That would be pretty resource intensive on both sides.
To my knowledge they just proxy the request to your local Exchange (which is configured to accept the Azure tokens). For rest calls that is easy, for subscriptions the routing would be difficult.
I have my API in loopback 3.x. First I created an empty project and right after that I ran npm install loopback-connector-rest --save and lb datasource in the console to have a link to an external API called Userlike. It this URL https://www.userlike.com/api/external/message/chat_meta/.
Then I created a model with no parameters called Messages.
I had no problems executing as I used node . and there was no error, and in localhost:3000 I could visualize my API.
But I had a problem when I clicked GET in the page a 401 error because to access the API in Userlike I needed to send my token so I could get the data, so I modified the datasources.json file and I had this:
{
"userlikeRESTdatasource": {
"name": "userlikeRESTdatasource",
"baseURL": "https://www.userlike.com/api/external/message/chat_meta/",
"crud": false,
"connector": "rest",
"operations": [
{
"functions": {
"getMessages": []
},
"template": {
"method": "GET",
"url": "https://www.userlike.com/api/external/message/chat_meta/",
"headers": {
"accepts": "application/json",
"content-type": "application/json",
"authorization": "8c149a3d-4acf-362e-880c-30ec2f5ecaf"
},
"responsePath": "$.results.*"
}
}
]
}
}
The authorization field I put in the header didn't work as I still received
{
"error": {
"statusCode": 401,
"name": "Error",
"message": "Authorization Required",
"stack": "Error: Authorization Required\n
}
}
My idea was to do something like:
headers.append('Authorization', '8c149a3d-4acf-362e-880c-30ec2f5ecaf7');
headers.append('Access-Control-Allow-Origin', '*');
headers.append('Access-Control-Allow-Methods', 'POST, GET, OPTIONS');
headers.append('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Authorization, Accept');
But with loopback. So I could receive the data from the Userlike API and next I could modify or just use the data I wanted.
But I still can't figure out how can I modify my datasources.json or if I need to create something in another file to make it possible to send the token as the authorization to that URL I'm using.
Pass access token with HTTP header by using this
headers.append('X-Access-Token', '8c149a3d-4acf-362e-880c-30ec2f5ecaf7');
or also pass this token as a parameter.
?access_token=8c149a3d-4acf-362e-880c-30ec2f5ecaf7
This will help.
I have many vm's created inside my project, from which I want to query api's from gcloud terminal.
I am getting 401 - "Login Required" error while I am trying to query any API, even though I am authorized/logged-in to gcloud terminal.
C:\..\Google\Cloud SDK>gcloud config list
[core]
account = remis.haroon#*****.com
disable_usage_reporting = True
project = <proj-id>
[meta]
active_config = default
C:\..\Google\Cloud SDK>curl https://www.googleapis.com/compute/v1/projects/<proj-id>/aggregated/disks
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
You need to carry authorization token when using the REST API:
gcloud auth login
TOKEN=$(gcloud auth print-access-token)
curl -H "Authorization: Bearer $TOKEN" <url>
As the error mentions:
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
Since you are doing an HTTP API call to google apis, you need to put the OAuth access token in the header of your HTTP request.
GET compute/v1/projects/<proj-id>/aggregated/disks HTTP/1.1
Host: www.googleapis.com
Authorization: Bearer XXXXXXXXXXXXXXXXXXX
There are several ways to obtain the OAuth access token. One easy way is through google's oauthplayground.
Choose your required API scopes
Click on Authorize APIs button
Click on "Exchange authorization code for tokens"
You will have your access token to use it in the curl request header
I am just starting with BlueMix and in my space I have:
a Cloud Integration service: using a Basic Secure Connection, for which I have created an API endpoint; then in that Cloud Integration service I have added the corresponding API by importing a swagger 1.2 file, and published that customAPI to my organization;
a pretty simple node.js application;
From the Cloud Integration service> API view, I can get the URLs for the different resources (for instance http://endpoint_ip:endpoint_port/api/version/path_to_resource), so I can hardcode these URLs in my node.js application and it works.
But if I bind the Cloud Integration service and even the customAPI to my node.js application, I don't get any information in VCAP_SERVICES about the endpoint URL; but I have seen examples of VCAP_SERVICES where the API URL is available.
Below is my VCAP_SERVICES
{"CloudIntegration": [
{
"name": "Cloud Integration-b9",
"label": "CloudIntegration",
"plan": "cloudintegrationplan",
"credentials": {
"userid": "apiuser#CloudIntegration",
"password": "S!2w3e40",
"apis": [
{
"name": "Catalog Manager API",
"desc": "Catalog Manager API",
"resource": ""
}
]
}
}
]
}
What I am trying to achieve is to avoid hardcoding URLs in my application, since I can bind a BlueMix service to it, and perhaps get info from the environment.
Am I doing something wrong? Or is that not the way it is supposed to work?
Also I don't really get why there is nothing in the VCAP_SERVICES.CloudIntegration[0].credentials.apis[0].resource even though I have my customAPI specifies resources.
#Rick
Make sure you "publish" your API after configuring the Cloud Integration service. Then service credentials will reflect the changes:
"CloudIntegration": [
{
"name": "Cloud Integration-v5",
"label": "CloudIntegration",
"plan": "cloudintegrationplan",
"credentials": {
"userid": "apiuser#CloudIntegration",
"password": "S!2w3e40",
"apis": [
{
"name": "SwaggerPetStore",
"desc": "SwaggerPetStore",
"resource": "http",
"baseurl": "http://mypypatchank.mybluemix.net"
}
]
}
}
]
in the same way, if you use the API management service, you will have a corresponding VCAP_SERVICES entry
"Swagger Petstore v1 : Sandbox 551b2dcf0cf2521d98d061d4 prod": [
{
"name": "Swagger Petstore v1 : Sandbox prod-w0",
"label": "Swagger Petstore v1 : Sandbox 551b2dcf0cf2521d98d061d4 prod",
"plan": "plan1 : Sandbox prod",
"credentials": {
"clientID": "55cfe3fa-ff59-474c-a1b6-46d3cc9871",
"clientSecret": "uK3xM3eF4cA1qF7yW8mC2lP6wS6aG7sQ5cL2yJ4sC6iS1dE7",
"url": "https://api.eu.apim.ibmcloud.com/garciatemx1ibmcom/sb/api"
}
}
]
Since your goal is to "to avoid hardcoding URLs in my application, since I can bind a BlueMix service to it, and perhaps get info from the environment." I would like to suggest using a user provided service.
This will create a user provided service and start interactive input for you to enter the api url and a password. You can add more parameters if you need.
cf cups servicename -p "url, password"
Bind this service to your application and restage. You can access these parameters in your Node.js application easily with the cfenv module.
var cfenv = require("cfenv");
var appEnv = cfenv.getAppEnv();
var myService = appEnv.getService("servicename");
//use myService.credentials.url to access the url value.
//use myService.credentials.password to access the password value.
The user provided services VCAP_SERVICES looks like:
{
"user-provided": [
{
"name": "servicename",
"label": "user-provided",
"credentials": {
"url": "myURL",
"password": "myPassword"
}
}
]
}