I am attempting to retrieve event messages from Google pub/sub.
I have tried the following request:
curl -XPOST -H 'Authorization: Bearer ya29AuthToken' -H "Content-type: application/json" -d '{'returnImmediately': false, maxMessages: 10}' 'https://pubsub.googleapis.com/v1/projects/projectID/subscriptions/projectName:pull?key={APIKEY}'
I receive the following response from the server
{
"error": {
"code": 403,
"message": "User not authorized to perform this action.",
"status": "PERMISSION_DENIED"
}
}
What am i doing wrong with this? The API Key is correct and the auth token has not expired.
Related
I am making the following request to generate an image url from a NEST Camera device (documentation i'm following)
curl -X POST 'https://smartdevicemanagement.googleapis.com/v1/enterprises/{PROJECTID}/devices/{DEVICEID}:executeCommand' -H 'Content-Type: application/json'
-H 'Authorization: Bearer {TOKEN}' --data-raw '{
"command" : "sdm.devices.commands.CameraEventImage.GenerateImage",
"params" : {"eventId" : "c4c58a0"}
}'
And I am met with the following error response:
{
"error": {
"code": 500,
"message": "Internal error encountered.",
"status": "INTERNAL"
}
}
Whether or not I give a valid eventId I get this error response. There is no issues with my AUTH.
I have checked the status of Google's API and they're not reporting any downtime, I am sure the issue is something I am doing wrong, but can't figure out what.
We have a bucket in Google Cloud Platform to manage pictures.
I am trying to upload a picture to it using Curl.
Respective to the official documentation linked here, this is the Curl-command I used:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer A_STRING_SUPPOSED_TO_BE_A_KEY" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
This is the answer we get:
{
"error": {
"code": 401,
"message": "Invalid Credentials",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"locationType": "header",
"location": "Authorization"
}
]
}
}
It seems our key is invalid, we are not sure what to use as Authorization key. Where can we find the OAUTH2.0-key required to make use of the Google Cloud Platform Bucket, do we need to generate it somewhere?
Edit:
We have generated a key using the OAuth 2.0-Playground, and it worked! But the key expires every 3000 seconds...
If you are already authenticated to Google using the gcloud sdk, you can get the key like this:
-H "Authorization: Bearer $(gcloud auth print-identity-token)"
So, using your example above, this should work:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
what is the procedure for getting the list of all the IP address of google compute instances through its API's and how to provide OAuth 2 access token externally
When I am trying to access via the API given by GCP
https://compute.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances
I am getting the following error
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
How do i authenticate ?
The easiest way to get an access token for a curl call to a Google Cloud API is to use the Cloud SDK (provided you have it installed and configured).
Once you've confirmed you're logged in with the correct user or service account (gcloud auth list) you can get an access token for a user account by running:
gcloud auth print-access-token
or for a service account you've configured as default:
gcloud auth application-default print-access-token
You'll need to pass that token as Authorization header to authenticate your call. You can integrate the gcloud command in your curl call like this:
curl https://compute.googleapis.com/compute/v1/projects/PROJECT/zones/ZONE/instances -H "Authorization: Bearer $(gcloud auth print-access-token)"
You can use jq to parse the response and print only an array of IP objects, for example:
curl https://compute.googleapis.com/compute/v1/projects/PROJECT/zones/ZONE/instances -H "Authorization: Bearer $(gcloud auth print-access-token)" | jq '[.items | .[] | {ip: .networkInterfaces[].accessConfi
gs[].natIP}]'
It'll print a response of the form:
[
{
"ip": "XX.XXX.XX.XXX"
},
{
"ip": "XXX.XXX.XX.XXX"
}
]
i have used wso2 Idendity server version 5.7.
i have created token below curl.
curl -X POST \
https://localhost:9443/oauth2/token \
-H 'Accept: */*' \
-H 'Authorization: Basic dUJqVGZncU1vTHpUQWJwU2U3QXhyYzF3cGRvYTpQVjFLM2ZUM1o3Qm9jVFl3dF9wM214ZzYwQVlh' \
-d 'grant_type=password&username=admin&password=admin'
they will giving below response jwt formate.
{
"access_token": "eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbkBjYXJib24uc3VwZXIiLCJhdWQiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwibmJmIjoxNTU2NjEyMzAxLCJhenAiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwiZXhwIjoxNTU2NjE1OTAxLCJpYXQiOjE1NTY2MTIzMDEsImp0aSI6IjBiNDNiNDJhLTNmMGQtNDczZS05MjgwLWYzMDUyOTE5MDA0NSJ9.BxHpuoYJVpDPH4kauU7C6c9eSn-DDO3k40QQjDSBS3g7_dHDRCXvf1xBFe3dxggth-eomvo1kiIGQtC8_VzvL5umvM1VKkL_DqxDyWmM9CtFHj-MkDROS_81ZcWlME6__69vy68l9_cfM7XCUpkJ2JMAeFV2kS2jAvlIpSn3xcJWDMNNhcC60syrua_aATwNot6DQiy032c1uN2KOWEqLbhLMxDrue41jkhlQ7Kt4i-B7J385O7Rvju6bJ6SoTy-zU92ewXwrXctooLGbd_y-MQmXp0PTp2PqmBtgb5Ryrg9An3AbCavEjzYeJbSj2hIsKzU5dpH_KE670gEGW94jw",
"refresh_token": "253c5d9f-4efd-3b63-8451-66a0f83b2c72",
"token_type": "Bearer",
"expires_in": 3600
}
Problem :
1) when i have called any request using Bearer authorization token,giving below error but Basic YWRtaW46YWRtaW4= working fine.
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
2) Refresh token giving plain text how to convert jwt formate also.
Just in case if there is user permission issue, you will get
{"Errors":[{"code":"500","description":"User is not authorized to perform provisioning"}]}
Since your error message is
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
it is mainly due to invalid access token. You can check it by simply sending some random string as an access token. I would suggest you to check it from client side where you send correct access token or not.
While creating application in wso2 i need to send Bearer token. But for login wso2 /token api i need an application
apim:subscribei
Request
POST https://localhost:9443/api/am/store/v0.12/applications
Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
{
"throttlingTier": "Unlimited",
"description": "sample app description",
"name": "sampleapp",
"callbackUrl": "http://my.server.com/callback"
}
Ref:https://docs.wso2.com/display/AM220/apidocs/store/index.html#!/operations#ApplicationIndividual#applicationsApplicationIdKeysKeyTypeGet
Please read the Getting started link on the same page.
https://docs.wso2.com/display/AM220/apidocs/store/index.html#guide
Eg.
curl -k -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json https://localhost:9443/client-registration/v0.12/register
Sample request body:
{
"callbackUrl": "www.google.lk",
"clientName": "rest_api_store",
"owner": "admin",
"grantType": "password refresh_token",
"saasApp": true
}