I have 3 forge viewers that I use, I have no access to buckets from particularly in one viewer. Only difference of this viewer is retention policy: persistent.
When I want to delete or see details an object from a bucket first I get a 2-Legged Token
curl -v 'https://developer.api.autodesk.com/authentication/v1/authenticate'
-X 'POST'
-H 'Content-Type: application/x-www-form-urlencoded'
-d '
client_id=...&
client_secret=...&
grant_type=client_credentials&
scope=bucket:create%20bucket:read%20bucket:delete%20data:write%20data:read%20account:read%20viewables:read'
and then use this token in
curl -v "https://developer.api.autodesk.com/oss/v2/buckets/apptestbucket/objects?limit=1"
-X GET
-H "Authorization: Bearer ..."
-H "Content-Type: application/json"
but when this last call is made, I only recieve
* Connection #0 to host developer.api.autodesk.com left intact
{"reason":"No access"}
Can it be because of retention policy or do I miss something ? Thank you.
Rention policy will not affect your access/permission to a bucket and there're pretty much only two things that would which are whether your Forge app is granted access (owner or authorized via bucket permissions) and the scope of your token.
To view, update or delete a bucket object make sure your token is given the scopes below:
GET bucket(s)/details - bucket:read
GET object(s) - data:read
DELETE object - data:write
PUT object data:write
And to determine whether your current client credentials have access to a bucket use GET buckets to list all your buckets:
{
"items" : [ {
"bucketKey" : "00001fbf-8505-49ab-8a42-44c6a96adbd0",
"createdDate" : 1441329298362,
"policyKey" : "transient"
}, {
"bucketKey" : "0003114d",
"createdDate" : 1440119769765,
"policyKey" : "transient"
}, {
"bucketKey" : "0003fbc1-389a-4194-915a-38313797d753",
"createdDate" : 1453886285506,
"policyKey" : "transient"
}, {
...
Related
Hi i am developing a google oauth2 login and i dont't know how to get a user info using access token or id token using this urls
https://www.googleapis.com/oauth2/v3/userinfo passsing access token in Authorization header returns this json:
"sub": "100366573866312827626",
"picture": "https://lh3.googleusercontent.com/a/default-user=s96-c"
}
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={id_token} get this json
{
"iss": "https://accounts.google.com",
"azp": "375890336523-u4rpach5688ltoc0v4mof1r7j70gem95.apps.googleusercontent.com",
"aud": "375890336523-u4rpach5688ltoc0v4mof1r7j70gem95.apps.googleusercontent.com",
"sub": "100366573866312827626",
"at_hash": "htkn2tQqV4Ff4EmrtPDh9w",
"iat": "1636631006",
"exp": "1636634606",
"alg": "RS256",
"kid": "27c72619d0935a290c41c3f010167138685f7e53",
"typ": "JWT"
}
But in both json doesn't have any user information like username or email
thanks for your time and sorry for my english, is not my native languaje
Make sure when you authorized the user that you requested profile scope.
Using the Access token returned when your user authorized your application. You can get the users profile information you should make a call to the People.get method
curl \
'https://people.googleapis.com/v1/people/me?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
The user info endpoint will give you a little bit of info but not as much as using the userinfo endpoint.
Google does not always return the user claims in the id token, so i would not try to rely upon that.
I was following the steps from this tutorial to convert a file to svf format in order to be able to view it using the autodesk viewer.
https://forge.autodesk.com/en/docs/model-derivative/v2/tutorials/prep-file4viewer/
I was trying to convert a dwg file to svf. I got to task 3 step 1 with no problem, but in step 2, when I make the request, I get the following response :
{"urn":"dXJuOmFkc2sub2JqZWN0czpvcy5vYmplY3Q6YnVja2V0MTJzL3Zpc3VhbGl6YXRpb25fLV9hZXJpYWwuZHdn",
"derivatives":[{"hasThumbnail":"false","name":"visualization_-_aerial.dwg","progress":"complete",
"messages":[{"type":"error","code":"AutoCAD-InvalidFile",
"message":"Sorry, the drawing file is invalid and cannot be viewed.
\n- Please try to recover the file in AutoCAD, and upload it again to view."},
{"type":"error","message":"Unrecoverable exit code from extractor: -1073741831",
"code":"TranslationWorker-InternalFailure"}],
"outputType":"svf","status":"failed"}],
"hasThumbnail":"false","progress":"complete","type":"manifest","region":"US","version":"1.0",
"status":"failed"}
I tried to view the file using their online viewer and was able to view it perfectly so I know that there's nothing wrong with the file. What could be the possible reason for this error?
Edit :
After I obtained access token and created bucket, I used this request to upload file to the bucket (Step 2 of Task 2) :
curl -X PUT -v 'https://developer.api.autodesk.com/oss/v2/buckets/{bucketname}/objects/visualization_-_aerial.dwg' -H 'Authorization: Bearer {TOKEN}' -H 'Accept-Encoding: gzip, deflate' --data-binary '{PATH_TO_FILE}/visualization_-_aerial.dwg'
The response to this is 200OK.
Then I used the online tool given in the tutorial to convert urn to base 64 encoded urn.
Here's the job post request (Step 1 of task 3) I sent :
curl -X POST 'https://developer.api.autodesk.com/modelderivative/v2/designdata/job' -H 'Authorization: Bearer {TOKEN}' -H 'x-ads-force: true' -H 'Content-Type: application/json' -d '{ "input": { "urn": "{URN}", "compressedUrn": true, "rootFilename": "visualization_-_aerial.dwg" }, "output": { "destination": { "region": "us" }, "formats": [{ "type": "svf", "views": ["2d", "3d"], "advanced": {"generateMasterViews": true} } ] } }'
the response to this is "success"
and the get request to check the status of the translation :
curl -X GET 'https://developer.api.autodesk.com/modelderivative/v2/designdata/{URN}/manifest' -H 'Authorization: Bearer {TOKEN}'
the response to this is what I included above.
The file is actually uploaded to the bucket and I was able to view it at https://oss-manager.autodesk.io/# but even there, it shows translation failed.
Edit 2:
Here's an image of the response from https://oss-manager.autodesk.io/ get manifest request (used dev tools to get this)
enter image description here
Based on the comments added to the previous answer it seems like the issue is with the upload part. As you can see in the tutorial it's using
--data-binary '#PATH_TO_DOWNLOADED_ZIP_FILE'
The # symbol is important, without it you'll get a reply like this
{
"bucketKey" : "adam",
"objectId" : "urn:adsk.objects:os.object:adam/test.dwg",
"objectKey" : "test.dwg",
"sha1" : "cb54c0750e9201bbfa6da6adad6b496bec11a111",
"size" : 27,
"contentType" : "application/x-www-form-urlencoded",
"location" : "https://developer.api.autodesk.com/oss/v2/buckets/adam/objects/test.dwg"
* Connection #0 to host developer.api.autodesk.com left intact
}
Look at the size: 27 - that's definitely not right. And so when I try to translate the file I get the same error messages that you got.
However, if I add the # symbol then all is good:
curl -X PUT -v 'https://developer.api.autodesk.com/oss/v2/buckets/{bucketname}/objects/test.dwg' -H 'Authorization: Bearer {TOKEN}' -H 'Accept-Encoding: gzip, deflate' --data-binary '#/Users/nagyad/Downloads/test.dwg'
Note: I'm on a Mac, on Windows the path will look a bit different
Reply I got this time:
{
"bucketKey" : "adam",
"objectId" : "urn:adsk.objects:os.object:adam/test.dwg",
"objectKey" : "test.dwg",
"sha1" : "d17e9156c948caed3a98788836e6c1f3d5fddadc",
"size" : 55727,
"contentType" : "application/x-www-form-urlencoded",
"location" : "https://developer.api.autodesk.com/oss/v2/buckets/adam/objects/test.dwg"
* Connection #0 to host developer.api.autodesk.com left intact
}
And this time when I tried to translate the file, it succeeded.
Change the compressedUrn to false if you working with single file or if you working with zip file so, set to true also mention rootFilename file name(root file name) in response body.
I have a sample code here. It is json
{
"document":{
"type":"PLAIN_TEXT",
"content":"Joanne Rowling, who writes under the pen names J. K. Rowling and Robert Galbraith, is a British novelist and screenwriter who wrote the Harry Pott$
},
"encodingType":"UTF8"
}
I found a tutorial on google's documentation on Natural Language processing on reading from Google Cloud Storage.
curl -X POST \ -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \ --data "{
'document':{
'type':'PLAIN_TEXT',
'gcsContentUri':'gs://reubucket/textData'
}
}" "https://language.googleapis.com/v1/documents:analyzeEntitySentiment"
And the error that I got is
ERROR: (gcloud.auth) Invalid choice: '*************-_m6csS1Wzlj1pyC_J7vzC0'.
Usage: gcloud auth [optional flags] <group | command>
group may be application-default
command may be activate-service-account | configure-docker | list |
login | revoke
How do I call the command with my API key.
I need a way to change the "content" to entries into my CSV file.
Thank you.
Here is an example of the error that I am receiving please help:
mufaroshumba#reucybertextmining:~/myFolder$ gcloud auth activate-service-account --key-file="/home/mufaroshumba/myFolder/reucybertextmining-74fa66372251.json"
Activated service account credentials for: [starting-*******[CENSORED]#reucybertextmining.iam.gserviceaccount.com]
mufaroshumba#reucybertextmining:~/myFolder$ curl "https://language.googleapis.com/v1/documents:analyzeSentiment?key=${API_KEY}" \ -s -X POST -H "Content-Type: app
lication/json" --data-binary #request.json
{
"error": {
"code": 401,
"message": "Permission to access the GCS address is denied.",
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"field": "document.gcs_content_uri",
"description": "Permission to access the GCS address is denied."
}
]
}
]
}
}
curl: (6) Could not resolve host: -s
mufaroshumba#reucybertextmining:~/myFolder$
I then used this website trying to get
It looks like your auth is not setup correctly. If you just run this command:
gcloud auth application-default print-access-token
it should be giving you a token, but it seems like it's not. Please follow the steps here to make sure that this command is working first:
https://cloud.google.com/natural-language/docs/quickstart#quickstart-analyze-entities-cli
Then, as long as you have permission to access the gcs bucket, you should be able to get content out of it. Note that the API is expecting to see the actual content in the gcs file, and not a CSV.
I have a question regarding PEP proxy file.
My keystone service is running on 192.168.4.33:5000.
My horizon service is running on 192.168.4.33:443.
My WebHDFS service is running on 192.168.4.180:50070
and i intend to run PEP Proxy on 192.168.4.180:80
But what i don't get is what should i put in place of config.account_host?
Inside mysql database for keyrock manager there is "idm" user with "idm" password and every request i make via curl on Identity manager works.
But with this config:
config.account_host = 'https://192.168.4.33:443';
config.keystone_host = '192.168.4.33';
config.keystone_port = 5000;
config.app_host = '192.168.4.180';
config.app_port = '50070';
config.username = 'idm';
config.password = 'idm';
when i start pep-proxy with:
sudo node server.js
i get next error:
Starting PEP proxy in port 80. Keystone authentication ...
Error in keystone communication {"error": {"message": "The request you
have made requires authentication.", "code": 401, "title":
"Unauthorized"}}
First, I wouldn't type the port at your config.account_host, as it is not required there, but this doesn't interfere the operation.
My guessing is that you are using your own KeyRock FIWARE Identity Manager with the default provision of roles.
If you check the code, PEP Proxy sends a Domain Scoped request against KeyRock, as stands in the Keystone v3 API.
So the thing is, the idm user you are using to authenticate PEP, probably doesn't have any domain roles. The workaround to check it would be:
Try the Domain Scoped request:
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "idm",
"domain": { "id": "default" },
"password": "idm"
}
}
},
"scope": {
"domain": {
"id": "default"
}
}
}
}' \
http://192.168.4.33:5000/v3/auth/tokens ; echo
If you get a 401 code, you are not authorized to make Domain Scoped requests.
Check if the user has any role in this domain. For this you will need to get an Auth token using the Default Scope request:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "idm",
"domain": { "id": "default" },
"password": "idm"
}
}
}
}
}' http://192.168.4.33:5000/v3/auth/tokens ; echo
This will return a X-Subject-Token that you will need for the workaround.
With that token, we will send a request to the default domain using the user we selected before, idm, to check if we have assigned any roles there:
curl -i \
-H "X-Auth-Token:<retrieved_token>" \
-H "Content-type: application/json" \
http://192.168.4.33:5000/v3/domains/default/users/idm/roles
And probably, this request will give you a response like:
{"links": {"self": "http://192.168.4.33:5000/v3/domains/default/users/idm/roles", "previous": null, "next": null}, "roles": []}
In that case, you will need to create a role for that user. To create it, you will need to assing a role to the user idm in the default domain. For that, you will need to retrieve the role id of the role you want to assign. You can do this by sending the following request:
curl -i \
-H "X-Auth-Token:<retrieved_token>" \
-H "Content-type: application/json" \
http://192.168.4.33:5000/v3/roles
It will return a JSON with all the available roles and its ids.
Assign a role to the user idm in the default domain. There are 6 available: member, owner, trial, basic, community and admin. As idm is the main administrator, I would chose the admin id. So finally, with the admin id, we assign the role by doing:
curl -s -X PUT \
-H "X-Auth-Token:<retrieved_token>" \
-H "Content-type: application/json" \
http://192.168.4.33:5000/v3/domains/default/users/idm/roles/<role_id>
Now you can try again Step 1, and if everything works, you should be able to start the PEP proxy:
sudo node server.js
Let me know how it goes!
I am using box api integration to my app, I am facing an issue with fetching a single user data, I am an enterprise admin and I am getting all the users list when I use GET /users api. How can I take the single user out of this when I pass the login param of the User object. Any ideas ?
You can fetch a single user by using the filter_term query parameter to match all or part of the user's login (docs):
curl https://api.box.com/2.0/users?filter_term=prats
-H "Authorization: Bearer ACCESS_TOKEN"
Response:
{
"total_count": 1,
"entries": [
{
"type": "user",
"id": "123456",
"name": "prats",
"login": "prats#stackoverflow.com",
...
}
]
}
Be aware that filter_term matches the beginning of the login string. If you have multiple users with names that start the same way, e.g. prats and prats2, the above request will return both of them. To prevent this, specify the entire login, or simply append an # to the end of the filter_term value:
curl https://api.box.com/2.0/users?filter_term=prats#
-H "Authorization: Bearer ACCESS_TOKEN"