I´m using dialogflow with http request on a project that works in twilio, with the recent need of migration to v2 API of dialogflow the client access token will not work. Reading the new authentication, I generated the json following the instructions in the google cloud docs, but can´t make it works. Because I need to do all the interaction through POST requests to the dialogflow agent, does anyone know how I can generate the authentication token well?
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Thanks
This is the function code that today works to make the http request. The problem is that all the services are in Twilio and i dont have access to the server, for that I cant define the environment variable.
Twilio Function code
Twilio Fuctions uses NodeJs and allow me to install many npm modules, with the following limitation: "Native Packages Not Supported - Functions does not provide a C/C++ compliler required to complie native addon modules. This means modules that depend on node-gyp can not be installed to Functions."
I don´t know if this limitations affect service acount working to me in this case.
Related
Well I am having problems with the self-hosted gateway in an APIM.
I have followe this tutorials:
For create an Azure API Management service: https://learn.microsoft.com/en-us/azure/api-management/get-started-create-service-instance
For provisioning a self-hosted gateway: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-provision-self-hosted-gateway
For deploy it: https://learn.microsoft.com/en-us/azure/api-management/how-to-deploy-self-hosted-gateway-kubernetes
All go well and the self-hosted gateway is running, the LoadBalancer service is good and has an external IP... Even I have this green check:
However, when I visit the Gateway URL: https://apim-example.azure-api.net I got: { "statusCode": 404, "message": "Resource not found" } on the browser.
I dont know why, because I have a Hello world! API example deployed and asingned to the gateway and, if, insteal of make a GET on https://apim-example.azure-api.net/example/kenny, I make the GET using the public Load Balancer IP Of the self-hosted gateway (https://XX.XX.XX.XX/example/kenny) the API response a 200 OK.
Have anyone idea of how to solve this? A lot of thanks!
Following all the given Microsoft documentations, I have created an APIM Instance, Self-hosted Gateway in it and added the Kubernetes deployment in the Gateway:
Then I created the basic Http Trigger in the Azure Function App and imported it in the Azure APIM Instance by adding the Self-Hosted Gateway in the Settings of that API:
Note: For testing purpose, I have unchecked the "Subscription required" option.
However, when I visit the Gateway URL: https://apim-example.azure-api.netI got: { "statusCode": 404, "message": "Resource not found" } on the browser.
As given in this MS Doc, if we access the base URL without APIs, Response Status Code 404 will be displayed.
If API Name is passed to the Self-hosted gateway API of the APIM Instance, then the result is as expected:
I've changed my approach and turned to what worked earlier. I configured an API gateway to call the Google Cloud Functions and it called them with the appropriate permissions when I passed in an api key. I think it's erroring when trying to call the workflow because I didn't specify a resource. Not sure exactly though... It looks like the API key is working, but the OAuth is failing. My OAuth is configured with a fresh connection since I've made the workflow. It's authenticated on my end, I clicked my account in google and everything. I'm 99.99% sure the OAuth is configured correctly. When I called the GCP function with the API Gateway, I didn't have to use OAuth.
Is OAuth a requirement for the Workflows API? Are there any work arounds?
How to specify the params for the Workflow in the API Gateway config?
Named Credential:
Label GoogleCloudFunction
Name GoogleCloudFunction
URL https://workflowexecutions.googleapis.com
Hide Section - AuthenticationAuthentication
Certificate
Identity Type Named Principal
Authentication Protocol OAuth 2.0
Authentication Provider GoogleCloudAuth
Scope https://www.googleapis.com/auth/cloud-platform
Authentication Status Authenticated
Log from API Gateway:
httpRequest: {
latency: "0.039s"
protocol: "http"
requestMethod: "POST"
requestSize: "1269"
requestUrl: "/create-site-tracker-site?key=HIDDEN"
responseSize: "743"
status: 401
}
insertId: "48330ec2-7114-4270-b465-68ae6308bdc34850908905639612439#a1"
jsonPayload: {
api_key: "HIDDEN"
api_key_state: "VERIFIED"
api_version: "1.0.0"
http_status_code: 401
location: "us-central1"
log_message: "1.create_site_tracker_site_0s5865srg8pbr_apigateway_quick_hangout_329722_cloud_goog.CreateSiteFunction is called"
response_code_detail: "via_upstream"
}
API Config
# openapi2-functions.yaml
swagger: '2.0'
info:
title: create-site-tracker-site with auth
description: Create Site in Site Tracker using JSForce
version: 1.0.0
schemes:
- https
produces:
- application/json
paths:
/create-site-tracker-site:
post:
summary: Create Site
operationId: createSiteFunction
x-google-backend:
address: https://workflowexecutions.googleapis.com/v1/projects/us-central1-quick-hangout-329722/locations/us-central1/workflows/create-site-and-project/executions
security:
- api_key: []
responses:
'200':
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
Your HTTP request appears to include no "Authorization" header. Without this it is unlikely that you're call will succeed unless your Cloud Functions permit unauthenticated calls.
It's difficult to understand what you're doing because e.g. "works when I test it manually" is imprecise and provides little information about what you did. I assume (!?) you're using gcloud functions call which authenticates for you.
Please add more detail to your question include the commands that you tried and those that succeed and fail and include error messages.
The majority of Google's services are exposed as REST APIs and so you can invoke almost everything using simple HTTP commands.
Current work around is calling the workflow from a google cloud function, and then calling the function via API Gateway and passing a key. Gross but it works
I am setting up automated deployment pipeline for my website ,as part of it i have to automate Api import using VSTS RM . I have achieved this using custom PS scripts in VSTS tasks. I have used swagger url to import
i.e
Import-AzureRmApiManagementApi –Context $apimContext –SpecificationFormat 'swagger' –SpecificationUrl 'http://mywebapp.com/swagger/docs/v1' –Path 'apis'
To Improve the security we have implemented to redirect the http request https which is secured by client certificate. Here comes the problem.
Now we are not able to use above command to import which is returning 403 forbidden error as API manager don't have option to bypass certificate validation. what can be done to solve this ?
Even i have tried to invoke-webrequest the url with specific cert and to import the API which worked fine in my local machine.
$swaggerurl="https://mywebapp.org/swagger/docs/1"
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("xyz.cer")
$test=Invoke-WebRequest -Uri "$swaggerurl" -Certificate $cert
$test.statuscode
Import-AzureRmApiManagementApi –Context $apimContext –SpecificationFormat 'swagger' –SpecificationUrl 'http://mywebapp.com/swagger/docs/v1' –Path 'apis'
But not in VSTS Inline power shell. It is not accepting certificate value and returning 403 forbidden error.
Please let me know how to resolve this ?
Issue :
1.Unable to import to API manager due to https client certificate validation on swagger url.
VSTS inline power shell not accepting certificate parameter details even though i use the right cert. Same case works in local machine. is there any limitation in VSTS inline power shell.
Thanks in advance.
Using Azure PowerShell step/task instead. (Include in Deploy category)
For this to work, API Management service needs to make the WebRequest on your behalf to the url, with a ClientCertificate in the Request.
We currently don't provide that option to call Import-AzureRmApiManagementApi with a Client Certificate.
Only available option is to make WebRequest using Powershell (Invoke-RestMethod), download the swagger to a local file and use the -SpecificationPath parameter in the cmdlet
This issue has been resolved by changing the private agent to run as admin account. Now Everything works as expected :)
Import of API using VSTS private agent
I have the gmail api activated and I am on an instance with "full API access to all Google Cloud services". When I run the following from the instance:
credentials = GoogleCredentials.get_application_default()
service = build('gmail', 'v1', credentials=credentials)
service.users().messages().list(userId='me').execute()
I get:
HttpError: <HttpError 403 when requesting https://www.googleapis.com/gmail/v1/users/me/messages/send?alt=json returned "Insufficient Permission">
I have tried several other gmail-api calls and this is always the response.
You will need to use OAuth 2.0 for Server to Server Applications method.
I want to use Oauth2 and Spring-security with rest web service. I am new for this, i am trying to create configuration with the help of some websites. Still, i clearly not understand how and what is the flow for oauth authenticate for rest service. i am using latest dependencies Click on the link for see my configurations. I am using database for store clients information and tokens. when i trying to access the token, using follwoing url with post request and post body:
http://localhost:8080/empirecl-api/oauth/token
grant_type=password&username=a#a.com&password=password&client_id=my-client-with-secret&client_secret=ak_secret
The basic authentication pop-up box will appear. I am using chrome rest postman client. I have user table in my database where i store, username and password, when i enter those username and password, the authentication fail, If i use i my client_id and client_secret as a username and password, the authentication is fail. When i cancel the pop of basic authentication following json is return:
{
"error": "unauthorized",
"error_description": "No client with requested id: a#a.com"
}
I am unable to figure out what will happen.
When i trying to access following url with get reqquest:
http://localhost:8080/empirecl-api/oauth/authorize?grant_type=password&username=a#a.com&password=password
The following error will return:
{
"error": {
"error": "invalid_client",
"error_description": "Bad client credentials"
}
}
When i check the error in console, of eclipse, the follwoing error is display:
AuthorizationEndpoint:436 - Handling ClientRegistrationException error: No client with requested id: null
How i resolve this problem and how to use Oauth with my rest api. I also want to secure my all rest url with Oauth.
There are a couple of things wrong here.
You are using the wrong endpoint - the request should be to the token endpoint, not the authorization endpoint.
It should be a POST request - you shouldn't be passing the parameters in the URL
You are confusing when the user has to authenticate and when the client does - the server was looking for Basic credentials from the client but you were entering the username.
See the oauth2 spec section on using the resource owner password grant.
The client needs to authenticate and, as porterhead points out, you can do this using Basic authentication. The spec does also allow passing of the client id and secret as post parameters, but prefers Basic authentication.
You should probably make sure you understand a bit more about how OAuth2 works, and perhaps expand your question to explain why you want to use it and why you've chosen this particular grant type.
You need to pass your client username and password as a Base64 encoded Authorization header.
Try using curl. Here is an example:
curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/empirecl-api/oauth/token?grant_type=password&username=a#a.com&password=password'
I have a working example described here