I am trying to validate my access token (not JWT) with LoginRadius, I can do the login but after when I call my API I always get unauthorized or different errors according to my Authentication configuration, I am using like this. I believe the authority url is not correct but I couldn't find any other
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("login-radius", options => {
// Set the authority to your Auth0 domain
options.Authority = $"https://api.loginradius.com/identity/v2/auth/";
// Configure the Auth0 Client ID and Client Secret
options.ClientId = Configuration["ClientId"];
options.ClientSecret = Configuration["ClientSecret"];
// Set response type to code
options.ResponseType = OpenIdConnectResponseType.Code;
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/callback");
options.ClaimsIssuer = "loginradius";
// Saves tokens to the AuthenticationProperties
options.SaveTokens = true;
});
I believe you are trying to setup OIDC, and to configure it, please refer to the LoginRadius docs on OIDC, as it needs few things that need to be configured in the Admin Console and the correct authority URL: https://www.loginradius.com/docs/single-sign-on/tutorial/federated-sso/openid-connect/openid-connect-overview/#otheropenidfunctionality6
Please refer to the OIDC discovery endpoint, which provides a client with configuration details about the OpenID Connect metadata of the Loginradius App.
URL Format: https://cloud-api.loginradius.com/sso/oidc/v2/{sitename}/{oidcappname}/.well-known/openid-configuration
My account didn't have access to few features
I am trying to invoke an HTTP triggered Azure function built on with a GET request. I setup the linked service as per the recommended steps and the function itself works with a query string through POSTMAN or internet browser, but fails when I try to invoke through Data factory.
{
"errorCode": "3608",
"message": "Call to provided Azure function '' failed with status-'NotFound' and message - 'Invoking Azure function failed with HttpStatusCode - NotFound.'.",
"failureType": "UserError",
"target": "Azure Function1",
"details": []
}
I came across another stackoverflow post https://stackoverflow.com/a/54497119/4212430 where there was a mention of a JSON response for ADF.
I have since changed my python code to provide an HTTP response as a JSON object as below
def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
statename = req.params.get('statename')
if not statename:
try:
req_body = req.get_json()
except ValueError:
pass
else:
statename = req_body.get('statename')
if statename:
initiate_main(statename)
host.close()
function_message = {"Response":"Successfully trasnferred BOM files"}
return func.HttpResponse(
json.dumps(function_message),
mimetype="application/json",
status_code=200)
else:
function_message = {"Response":"Error in transferring files"}
return func.HttpResponse(
json.dumps(function_message),
mimetype="application/json",
status_code=400)
But that hasn't helped either.
It turns out that I was using the wrong URI with an api added at the end while I should have just been giving the plain function name
I'm testing the issue-creation-code(origin: forge-checkmodels-createissues-revit/web/Controllers/BIM360.cs).
I got an error message below.
My question is two.
What is errorCode: AUTH-010 which is not explained at developers_guide error_handling.
I checked settings "Permission Level was set to Full Control" that are on BIM 360 Project Admin Services' Issues menu, and I could not guess about suspicious "Token does not have the privilege for this request".
Would you suggest Github's sample code? Or advise me additional code check.
Thanks in advance.
{"Request":{"UserState":null,"AllowedDecompressionMethods":[0,2,1],"AlwaysMultipartFormData":false,"JsonSerializer":{"DateFormat":null,"RootElement":null,"Namespace":null,"ContentType":"application/json"},"XmlSerializer":{"RootElement":null,"Namespace":null,"DateFormat":null,"ContentType":"text/xml"},"ResponseWriter":null,"UseDefaultCredentials":false,"Parameters":[{"Name":"Authorization","Value":"Bearer eyJhbGciOiJIUzI1NiIsImtpZCI6Imp3dF9zeW1tZXRyaWNfa2V5In0.eyJ1c2VyaWQiOiJVMzlKSldYTlhGOUoiLCJleHAiOjE1ODM5MTc2ODYsInNjb3BlIjpbImRhdGE6cmVhZCJdLCJjbGllbnRfaWQiOiJidmlheEd0R3BFd1pGcWw1dkpsb2k4SUF4a1E0Ym9YRSIsImdyYW50X2lkIjoia0h3R1FWRXZXU3g4MUlvOVFuWU5UdkdjRU94NjBFaWkiLCJhdWQiOiJodHRwczovL2F1dG9kZXNrLmNvbS9hdWQvand0ZXhwNjAiLCJqdGkiOiJFTnFEcmZwaUo0eFdKQm9lNm1DZUV1RFVlZ2VuT2FIUnlPRUpNR3h1UExjakwzYW1nTjRBQ2RTOEdST3Q3NTlLIn0.1VYYXE2ZXcV6Qr2PiGJqMIZNY-Rr2D3EngBVYEcqiXc","Type":3,"ContentType":null},{"Name":"Content-Type","Value":"application/vnd.api+json","Type":3,"ContentType":null},{"Name":"container_id","Value":"45b8e606-f4e3-4233-a508-cbfb0098d28a","Type":2,"ContentType":null},{"Name":"text/json","Value":"{\"data\":{\"type\":\"issues\",\"attributes\":{\"title\":\"이슈생성 API 테스트-1\",\"description\":\"이슈생성 API 테스트-1(나는 내용입니다.)\",\"status\":\"open\",\"starting_version\":\"1\",\"target_urn\":\"1\",\"due_date\":\"2020-03-12T01:19:54.861Z\",\"assigned_to\":\"U39JJWXNXF9J\",\"owner\":\"U39JJWXNXF9J\"}}}","Type":4,"ContentType":null},{"Name":"Accept","Value":"application/json, application/xml, text/json, text/x-json, text/javascript, text/xml","Type":3,"ContentType":null}],"Files":[],"Method":1,"Resource":"/issues/v1/containers/{container_id}/quality-issues","RequestFormat":1,"RootElement":null,"OnBeforeDeserialization":{"Method":{"Name":"<.ctor>b__1_0","AssemblyName":"RestSharp, Version=106.3.1.0, Culture=neutral, PublicKeyToken=598062e77f915f75","ClassName":"RestSharp.RestRequest+<>c","Signature":"Void <.ctor>b__1_0(RestSharp.IRestResponse)","Signature2":"System.Void <.ctor>b__1_0(RestSharp.IRestResponse)","MemberType":8,"GenericArguments":null},"Target":{}},"DateFormat":null,"XmlNamespace":null,"Credentials":null,"Timeout":0,"ReadWriteTimeout":0,"Attempts":0},"ContentType":"application/json","ContentLength":192,"ContentEncoding":"","Content":"{ \"developerMessage\":\"
Token does not have the privilege for this request.
\", \"moreInfo\": \"https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/\", \
"errorCode\": \"AUTH-010\"
}","StatusCode":403,"IsSuccessful":false,"StatusDescription":"Forbidden","RawBytes":"eyAiZGV2ZWxvcGVyTWVzc2FnZSI6IlRva2VuIGRvZXMgbm90IGhhdmUgdGhlIHByaXZpbGVnZSBmb3IgdGhpcyByZXF1ZXN0LiIsICJtb3JlSW5mbyI6ICJodHRwczovL2ZvcmdlLmF1dG9kZXNrLmNvbS9lbi9kb2NzL29hdXRoL3YyL2RldmVsb3BlcnNfZ3VpZGUvZXJyb3JfaGFuZGxpbmcvIiwgImVycm9yQ29kZSI6ICJBVVRILTAxMCJ9","ResponseUri":"https://developer.api.autodesk.com/issues/v1/containers/45b8e606-f4e3-4233-a508-cbfb0098d28a/quality-issues","Server":"","Cookies":[],"Headers":[{"Name":"Access-Control-Allow-Credentials","Value":"true","Type":3,"ContentType":null},{"Name":"Access-Control-Allow-Headers","Value":"Content-Length,x-ads-ul-ctx-client-id,x-ads-ul-ctx-caller-span-id,Content-Range,Access-Control-Allow-Origin,Authorization,x-ads-test,x-ads-ul-ctx-oxygen-id,x-ads-acm-scopes,x-ads-ul-ctx-head-span-id,If-Match,x-ads-ul-ctx-source,Accept-Encoding,If-Modified-Since,x-ads-acm-namespace,Access-Control-Allow-Credentials,x-ads-acm-groups,Session-Id,Content-Encoding,x-ads-ul-ctx-scope,Range,Accept,x-ads-ul-ctx-workflow-id,x-requested-with,Expect,x-ads-acm-check-groups,If-None-Match,Content-Type,x-csrf-token","Type":3,"ContentType":null},{"Name":"Access-Control-Allow-Methods","Value":"POST,GET,OPTIONS,HEAD,PUT,DELETE,PATCH","Type":3,"ContentType":null},{"Name":"Access-Control-Allow-Origin","Value":"","Type":3,"ContentType":null},{"Name":"Strict-Transport-Security","Value":"max-age=31536000; includeSubDomains","Type":3,"ContentType":null},{"Name":"Connection","Value":"keep-alive","Type":3,"ContentType":null},{"Name":"Content-Length","Value":"192","Type":3,"ContentType":null},{"Name":"Content-Type","Value":"application/json","Type":3,"ContentType":null},{"Name":"Date","Value":"Wed, 11 Mar 2020 08:59:54 GMT","Type":3,"ContentType":null}],"ResponseStatus":1,"ErrorMessage":null,"ErrorException":null,"ProtocolVersion":{"_Major":1,"_Minor":1,"_Build":-1,"_Revision":-1}}
[HttpGet]
[Route("api/forge/bim360/token/{tokenId}/container/{containerId}/item/{itemId}/version/{versionId}/title/{titleId}/description/{descriptionText}")]
public async Task<IRestResponse> CreateDocumentIssueAsync(string tokenId, string containerId, string itemId, string versionId, string titleId, string descriptionText)
{
dynamic body = new JObject();
body.data = new JObject();
body.data.type = "issues";
body.data.attributes = new JObject();
body.data.attributes.title = titleId;
body.data.attributes.description = descriptionText;
body.data.attributes.status = "open";
body.data.attributes.starting_version = versionId;
body.data.attributes.target_urn = itemId;
//Added by me for test attributes
body.data.attributes.due_date = "2020-03-12T01:19:54.861Z";
body.data.attributes.assigned_to = "U39JJWXNXF9J";
body.data.attributes.owner = "U39JJWXNXF9J";
//body.data.attributes.ng_issue_subtype_id = "";
//body.data.attributes.ng_issue_type_id = "";
//body.data.attributes.root_cause_id = "";
//body.data.attributes.starting_version = "";
//body.data.attributes.location_description = "Kitchen";
//body.data.attributes.pushpin_attributes = new JObject();
//body.data.attributes.pushpin_attributes.object_id = dbId;
//body.data.attributes.pushpin_attributes.type = "TwoDVectorPushpin";
//body.data.attributes.pushpin_attributes.created_doc_version = version;
RestClient client = new RestClient(BASE_URL);
RestRequest request = new RestRequest("/issues/v1/containers/{container_id}/quality-issues", RestSharp.Method.POST);
request.AddHeader("Authorization", "Bearer " + tokenId);
request.AddHeader("Content-Type", "application/vnd.api+json");
request.AddParameter("container_id", containerId, ParameterType.UrlSegment);
request.AddParameter("text/json", Newtonsoft.Json.JsonConvert.SerializeObject(body), ParameterType.RequestBody);
var res = await client.ExecuteTaskAsync(request);
return res;
}
Please check that:
Have access to the BIM 360 account, which I believe you do
data:read and data:write scopes when creating the access token
Enabled BIM 360 API when creating the app
For anyone coding their app using Node, there are quite a few errors on the model derivative api example and the design automation api example that will yield the AUTH-010 even if the scopes are set correctly.
On the execute work item section of the Design Automation Node.js tutorial, we are given this line:
await new ForgeAPI.ObjectsApi().copyTo(bucketKey, inputFileNameOSS, outputFileNameOSS, req.oauth_client, req.oauth_token);
Earlier in the tutorial, the parameter req.oauth_client is defined the return value of the getCredentials() method on the AuthClientTwoLegged object. The result of calling copyTo for me was the mysterious AUTH-010 code, and I still had the correct scopes defined.
Solution
I had to substitute the req.oauth_client with the actual client_id of my application. This worked for both the Model Derivative API as well as the Design Automation Api.
Unfortunately the docs for the copyTo function incorrectly list the parameter as an oAuth2Client type, which is not the case; anyone getting the error is left guessing what the parameter is since since the docs don't bother to explain each parameter type.
Documentation is disappointing and quite a few errors and typos on both the github documentation and the npm documentation - be prepared to spend a lot of time cross-checking between the Postman tutorials, the utilities like oss-manager, and the error-ridden docs.
First timer when it comes to connecting to API. I'm trying to pull data from Toggl using my API token but I can't get credentials working. I tried to replicate the method by Chris Webb (https://blog.crossjoin.co.uk/2014/03/26/working-with-web-services-in-power-query/) but I can't get it working. Here's my M code:
let
Source = Web.Contents(
"https://toggl.com/reports/api/v2/details?workspace_id=xxxxx&client=xxxxxx6&billable=yes&user_agent=xxxxxxx",
[
Query=[ #"filter"="", #"orderBy"=""],
ApiKeyName="api-token"
])
in
Source
After that I'm inputting my API Token into Web API method in Access Web content windows but I get an error that credentials could not be authenticated. Here's Toggl API specification:
https://github.com/toggl/toggl_api_docs/blob/master/reports.md
Web.Contents function receives two parameters: url + options
Inside options, you define the headers and the api_key, and other queryable properties, such as:
let
baseUrl = "https://toggl.com/",
// the token part can vary depending on the requisites of the API
accessToken = "Bearer" & "insert api token here"
options = [
Headers = [Authorization = accessToken, #"Content-Type" =
"application/Json"], RelativePath ="reports/api/v2/details", Query =
[workspace_id=xxxxx, client=xxxxxx6 , billable=yes, user_agent=xxxxxxx]
]
Source = Web.Contents(baseUrl, options)
// since Web.Contents() doesn't parse the binaries it fetches, you must use another
// function to see if the data was retreived, based on the datatype of the data
parsedData = Json.Document(Source)
in
parsedData
The baseUrl is the smallest url that works and never changes;
The RelativePath is the next part of the url before the first "?".
The Query record is where you define all the attributes to query as a record.
This is usually the format, but check the documentation of the API you're querying to see if it is similar.
I'm new to google cloud kms product, is there a tutorial on how to authenticate ( from third party server ) kms with python? The goal is to access the public key, encrypt the data ( async ). Another server will have more permissions and will be able to decrypt. I don't want to use gcloud shell client.
I solved it using the json file. I will post the code if it help someone in the future.
def encrypt_rsa(plaintext, key_name):
# get the public key
credentials = service_account.Credentials.from_service_account_file(
'the_key_file_of_service_account.json')
scoped_credentials = credentials.with_scopes(
['https://www.googleapis.com/auth/cloud-platform'])
client = kms_v1.KeyManagementServiceClient(credentials=credentials)
response = client.get_public_key(key_name)
key_txt = response.pem.encode('ascii')
public_key = serialization.load_pem_public_key(key_txt, default_backend())
# encrypt plaintext
pad = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None)
plaintext = base64.urlsafe_b64encode(plaintext.encode("ascii"))
return public_key.encrypt(plaintext, pad)