Google Cloud Workflow - Fetch Bearer Token Step - google-cloud-platform

In my use case I want to create a step in Google Cloud Workflow where I can pass my username and password and return the resultant bearer token in a variable. Was wondering how the yaml config for such a workflow would look like ?
My endpoint expects a request in the following manner :
POST 'https://cloud.business.io/v2/login'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'username=business#xyz.io'
--data-urlencode 'password=APassword123'

Found it with a little trial and error !
call: http.post
args:
url: https://cloud.business.io/v2/login
headers:
'Content-Type': 'application/x-www-form-urlencoded'
body :
'username': 'business#xyz.io'
'password': 'APassword123'
result: BearerToken

Related

Can you help me with Google Workflow?

I'm getting the error:
"in step "readGcpadmin": {"message":"HTTP body unsupported with: 'GET'","tags":["ValueError"]}"
and I don't know how to solve it, here is the code with the hidden data below:
- readGcpadmin:
call: http.get
args:
url: https://admin.googleapis.com/admin/directory/v1/users
#method: get
headers:
Authorization: "Bearer [My token]"
Content-type: "application/json"
#body:
#domain: [my domain.page]
#query:
auth:
type: OAuth2
#scope: https://www.googleapis.com/auth/cloud-platform
#timeout: 20
result: teste
- returnResult:
return: ${teste.body}
When I try the terminal it works:
curl \
'https://admin.googleapis.com/admin/directory/v1/users?domain=MyDomain&key=MyKey' \
--header 'Authorization: Bearer MyToken' \
--header 'Accept: application/json' \
--compressed
this is a similar working example, notice the query section which you miss:
readItem:
call: http.get
args:
url: ${"https://storage.googleapis.com/storage/v1/b/"+bucket+"/o"}
auth:
type: OAuth2
query:
prefix: ${prefix}
fields: items/name,items/bucket
result: documentValue
next: documentFound
The problem was really with the position of the "auth" field, it was enough to put it in the "Header" directly "auth: OAuth2". In addition, I removed the "Content-type" field. Thank you guys!

Why did my POST to AWS API Gateway failed?

I use POSTMAN to test my Cloudformation created APIs
POST https://6pppnxxxh.execute-api.eu-central-1.amazonaws.com/Prod/users
I got
{
"message": "Missing Authentication Token"
}
My prod stage
I doublechecked PROD Invoke URL.
How to solve this problem?
I tried with curl
curl --header "Content-Type: application/json" --request POST --data '{ "emailaddress" : "acj#rambler.ru,"first name" : "Aca","last name" : "Ljubascikic", "password" : "bbbac_96"}' https://6pppnxxxh.execute-api.eu-central-1.amazonaws.com/Prod/users
The same issue
{"message":"Missing Authentication Token"}
How to test from CLI?
According to your screenshot /Prod/users is a PUT method and you are using POST in your command. I would confirm that first.
Hope this helps.

Token Introspect API not working after changing the regex restriction for username in WSO2 IS 5.9.0?

I am using WSO2 Identity server and using email as username from following documentation-
https://is.docs.wso2.com/en/5.9.0/learn/using-email-address-as-the-username/
Then while performing a sign-up ie create users using SCIM2 APIs with email more than 30 characters i was getting the following error-
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"scimType": "invalidValue",
"detail": "31301 - Username test1233.admin#motioneducation.com is not valid. User name must be a non null string with following format, ^[\\S]{3,30}$",
"status": "400"
}
Then to fix this i added this regex expression in deployment.toml file in user store-
[user_store]
username_java_script_regex = '^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$'
username_java_regex='^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'
This change fixed my sign-up problem but the token generated by performing login using wso2 /oauth2/token API is giving 401 unauthorized in /oauth2/introspect API?
Please Help........?
Since you have enabled email as username, then you need to use the email username in the authorization header also. A sample curl command is given below.
curl --location --request POST
'https://{host_name}:{port}/oauth2/introspect'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic {base64encode(emailusername:password)}'
--data-urlencode 'token={access_token}'
Sample request
curl --location --request POST
'https://localhost:9443/oauth2/introspect'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic YWRtaW5Ad3NvMi5jb206YWRtaW4='
--data-urlencode 'token=47f65812-c5fb-3f90-b5c0-3bbc3603578f'
401 unauthorized error comes only if you are sending invalid credentials. So please check whether you are sending valid emailusername and valid password in authorization header

AWS - Cognito Authentication - Curl Call - Generate Token Without CLI - No Client Secret

I have created a API Gateway and I have applied Cognito Authentication there. Here to have the API Call work I am using AWS CLI to get Token , Here is my CLI Code
aws cognito-idp admin-initiate-auth --user-pool-id us-west-2_leb660O8L --client-id 1uk3tddpmp6olkpgo32q5sd665 --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=myusername,PASSWORD=mypassword
Now I want to use CURL Call instead of this CLI Call. I have found the code but all needs client secret here. I do not have client secret as my user pool is of Enable Signin for server-based authentication.
Please guide me how I can use that.
I have gone through
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html
[What will be the EndPoint for Calling IntiateAuth Or AdminIntiateAuth]
&
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
To Summarise this :
I want to get Id_Token Using Curl or Postman without Client Secret.
Thanks in advance
You can authenticate a user with the following request.
This is the endpoint of the InitiateAuth request.
Hope that this is useful for you
Method: POST
Endpoint: https://cognito-idp.{REGION}.amazonaws.com/
Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth
Body:
{
"AuthParameters" : {
"USERNAME" : "YOUR_USERNAME",
"PASSWORD" : "YOUR_PASSWORD"
},
"AuthFlow" : "USER_PASSWORD_AUTH", // Don't have to change this if you are using password auth
"ClientId" : "APP_CLIENT_ID"
}
And the response as the following
{
"AuthenticationResult": {
"AccessToken": "YOUR_ACCESS_TOKEN",
"ExpiresIn": 3600,
"IdToken": "YOUR_ID_TOKEN",
"RefreshToken": "YOUR_REFRESH_TOKEN",
"TokenType": "Bearer"
},
"ChallengeParameters": {}
}
Just sharing direct curl here may helpful to anyone
curl -X POST --data #user-data.json \
-H 'X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth' \
-H 'Content-Type: application/x-amz-json-1.1' \
https://cognito-idp.<just-replace-region>.amazonaws.com/
file json user-data.json
{"AuthParameters" : {"USERNAME" : "sadfsf", "PASSWORD" : "password"}, "AuthFlow" : "USER_PASSWORD_AUTH", "ClientId" : "csdfhripnv7sq027kktf75"}
make sure your app client does not contain app-secret or create new app without secret. also inside app enable USER_PASSWORD_AUTH

Difference in request body in aws api gateway test and curl

I'm trying to add a POST HTTP method to my AWS API Gateway. I'm using SAM framework with Python.
I find that there is a difference in the "body" of the response when it is generated from my desktop (curl or postman) and the AWS API Gateway 'TEST'
Right now, the "POST" command only prints the 'event' object received by the lambda_handler. (I'm using an object to store the event as you can see below)
def add(self):
response = {
"statusCode": 200,
"body": json.dumps(self._event)
}
return response
When I'm using the 'TEST' option of the API Gateway console, with the input:
{"username":"xyz","password":"xyz"}
I receive the following output:
{
"body": "{\"username\":\"xyz\",\"password\":\"xyz\"}",
<the rest of the response>
}
However, when I'm sending the curl (or postman) request:
curl --header "Content-Type: application/json" --request POST --data '{"username":"xyz","password":"xyz"}' <aws api gateway link>
I get the following response:
{
"body": "eyJ1c2VybmFtZSI6Inh5eiIsInBhc3N3b3JkIjoieHl6In0="
<the rest of the response>
}
Why do you think there is a difference between the two tests?
Curl and Postman seem to be automatically Base64 encoding your Authentication credentials.
The responses are the same. The latter response is a Base64-encoded token of the first response.