We have a bucket in Google Cloud Platform to manage pictures.
I am trying to upload a picture to it using Curl.
Respective to the official documentation linked here, this is the Curl-command I used:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer A_STRING_SUPPOSED_TO_BE_A_KEY" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
This is the answer we get:
{
"error": {
"code": 401,
"message": "Invalid Credentials",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"locationType": "header",
"location": "Authorization"
}
]
}
}
It seems our key is invalid, we are not sure what to use as Authorization key. Where can we find the OAUTH2.0-key required to make use of the Google Cloud Platform Bucket, do we need to generate it somewhere?
Edit:
We have generated a key using the OAuth 2.0-Playground, and it worked! But the key expires every 3000 seconds...
If you are already authenticated to Google using the gcloud sdk, you can get the key like this:
-H "Authorization: Bearer $(gcloud auth print-identity-token)"
So, using your example above, this should work:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
Related
I am attempting to retrieve event messages from Google pub/sub.
I have tried the following request:
curl -XPOST -H 'Authorization: Bearer ya29AuthToken' -H "Content-type: application/json" -d '{'returnImmediately': false, maxMessages: 10}' 'https://pubsub.googleapis.com/v1/projects/projectID/subscriptions/projectName:pull?key={APIKEY}'
I receive the following response from the server
{
"error": {
"code": 403,
"message": "User not authorized to perform this action.",
"status": "PERMISSION_DENIED"
}
}
What am i doing wrong with this? The API Key is correct and the auth token has not expired.
I have been using Google's SDKs to perform API calls such as creating a service account, creating service account keys, get the storage buckets, etc.. Recently I'm unable to create a service account due to the below error.
Request:
curl --location --request POST 'https://iam.googleapis.com/v1/projects/myproject/serviceAccounts' \
--header 'Authorization: Bearer <<token>>' \
--header 'Accept-Encoding: gzip' \
--header 'User-Agent: my test Google-API-Java-Client'
c.g.a.c.g.j.GoogleJsonResponseException: 404 Not Found
{
"code" : 404,
"errors" : [ {
"domain" : "global",
"message" : "Not found; Gaia id not found for email xxxxx#myproject.iam.gserviceaccount.com",
"reason" : "notFound"
} ],
"message" : "Not found; Gaia id not found for email xxxxx#myproject.iam.gserviceaccount.com",
"status" : "NOT_FOUND"
}
Why would I require Gaia id while creating service account? Where can I find this id? Any help is appreciated!!
Did you ever remove the service account 'xxxxx#myproject.iam.gserviceaccount.com' which should be the default service account for IAM API, you can recover it within the 30days after the deletion. or just disable it and re-enable it , will recreate the default service account for you. Let me know if it resolved the issue.
It seems that your request needs to have a body
The request body contains data with the following structure:
{
"accountId": string,
"serviceAccount": {
object (ServiceAccount)
}
}
And it is missing in your command.
You can obtain more information in this documentation.
In your case it should be something like:
curl --request POST \
'https://iam.googleapis.com/v1/projects/my-little-project/serviceAccounts?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"accountId":"sa-test","serviceAccount":{"description":"sa-description-test","displayName":"sa-display-testonly"}}' \
--compressed
You can test this API directly in the following link
Also, I have found a similar error, in this stackoverflow case according to this answer this error could be generated if the APIs are not enabled.
Steps taken so far
Create a new key pair and use it for the gateway that is about to be created
Create a gateway, let's call it 'my_first_gateway'
Create a new device, let's call it 'gw_device_1'
Associate gw_device_1 with my_first_gateway
Works fine so far.
Now I want to use the HTTP bridge to send gw_device_1's state data to IoTCore via my gateway using my_first_gateway's private key, following this tutorial: https://cloud.google.com/iot/docs/how-tos/gateways/http-bridge#setting_device_state_through_the_gateway
Observation1: the URL in this tutorial seems malformatted, there is a missing double quote at the end of 'delegated_device_id':
curl -X POST -H 'authorization: Bearer GATEWAY_JWT' -H 'content-type: application/json' --data '{"binary_data": "DATA", "gateway_info": {"delegated_device_id: "device-id"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/{project-id}/locations/{cloud-region}/registries/{registry-id}/devices/{gateway-id}:setState'
When I am now replacing all placeholders and replace "DATA" with say "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0" I execute the following curl (the token is obviously not real):
curl -X POST -H 'authorization: Bearer GW_JWT_TOKEN' -H 'content-type: application/json' --data '{"binary_data": "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0=", "gateway_info": {"delegated_device_id": "gw_device_1"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/my_project_id/locations/europe-west1/registries/my_registry/devices/my_first_gateway:setState'
I receive this error:
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"binary_data\": Cannot find field.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Invalid JSON payload received. Unknown name \"binary_data\": Cannot find field."
}
]
}
]
}
}
The fun thing is: There is another 'endpoint' that is used to publish events to IoTCore. It has the same signature but instead of 'setState' it ends with 'publishEvent' (see: https://cloud.google.com/iot/docs/how-tos/gateways/http-bridge#publishing_the_devices_telemetry_events_through_the_gateway).
Executing the exact same request with this method works just fine:
curl -X POST -H 'authorization: Bearer GW_JWT_TOKEN' -H 'content-type: application/json' --data '{"binary_data": "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0=", "gateway_info": {"delegated_device_id": "gw_device_1"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/my_project_id/locations/europe-west1/registries/my_registry/devices/my_first_gateway:publishEvent'
Am I missing something?
Any help appreciated.
Actually, the curl that google provides is not correct.
The payload needs to be adapted a bit, the binary_data string needs to be wrapped in an object called 'state'
{ "state": { "binary_data": "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0=" }, "gateway_info": {"delegated_device_id": "gw_device_1"}}
The curl then works as expected.
i have used wso2 Idendity server version 5.7.
i have created token below curl.
curl -X POST \
https://localhost:9443/oauth2/token \
-H 'Accept: */*' \
-H 'Authorization: Basic dUJqVGZncU1vTHpUQWJwU2U3QXhyYzF3cGRvYTpQVjFLM2ZUM1o3Qm9jVFl3dF9wM214ZzYwQVlh' \
-d 'grant_type=password&username=admin&password=admin'
they will giving below response jwt formate.
{
"access_token": "eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbkBjYXJib24uc3VwZXIiLCJhdWQiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwibmJmIjoxNTU2NjEyMzAxLCJhenAiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwiZXhwIjoxNTU2NjE1OTAxLCJpYXQiOjE1NTY2MTIzMDEsImp0aSI6IjBiNDNiNDJhLTNmMGQtNDczZS05MjgwLWYzMDUyOTE5MDA0NSJ9.BxHpuoYJVpDPH4kauU7C6c9eSn-DDO3k40QQjDSBS3g7_dHDRCXvf1xBFe3dxggth-eomvo1kiIGQtC8_VzvL5umvM1VKkL_DqxDyWmM9CtFHj-MkDROS_81ZcWlME6__69vy68l9_cfM7XCUpkJ2JMAeFV2kS2jAvlIpSn3xcJWDMNNhcC60syrua_aATwNot6DQiy032c1uN2KOWEqLbhLMxDrue41jkhlQ7Kt4i-B7J385O7Rvju6bJ6SoTy-zU92ewXwrXctooLGbd_y-MQmXp0PTp2PqmBtgb5Ryrg9An3AbCavEjzYeJbSj2hIsKzU5dpH_KE670gEGW94jw",
"refresh_token": "253c5d9f-4efd-3b63-8451-66a0f83b2c72",
"token_type": "Bearer",
"expires_in": 3600
}
Problem :
1) when i have called any request using Bearer authorization token,giving below error but Basic YWRtaW46YWRtaW4= working fine.
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
2) Refresh token giving plain text how to convert jwt formate also.
Just in case if there is user permission issue, you will get
{"Errors":[{"code":"500","description":"User is not authorized to perform provisioning"}]}
Since your error message is
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
it is mainly due to invalid access token. You can check it by simply sending some random string as an access token. I would suggest you to check it from client side where you send correct access token or not.
While creating application in wso2 i need to send Bearer token. But for login wso2 /token api i need an application
apim:subscribei
Request
POST https://localhost:9443/api/am/store/v0.12/applications
Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
{
"throttlingTier": "Unlimited",
"description": "sample app description",
"name": "sampleapp",
"callbackUrl": "http://my.server.com/callback"
}
Ref:https://docs.wso2.com/display/AM220/apidocs/store/index.html#!/operations#ApplicationIndividual#applicationsApplicationIdKeysKeyTypeGet
Please read the Getting started link on the same page.
https://docs.wso2.com/display/AM220/apidocs/store/index.html#guide
Eg.
curl -k -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json https://localhost:9443/client-registration/v0.12/register
Sample request body:
{
"callbackUrl": "www.google.lk",
"clientName": "rest_api_store",
"owner": "admin",
"grantType": "password refresh_token",
"saasApp": true
}