My coding skills and familiarity with Google Cloud solutions are limited and I'm trying to consume a Machine Learning model from a chatbot build using the platform Chatfuel.
I've trained a Natural Language Machine learning model using Google NL and I wanted to use this code snippet provided in my model page:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
-H "Content-Type: application/json" \
https://automl.googleapis.com/v1/projects/123456/locations/us-central1/models/ABC123:predict \
-d #request.json
I've then tried to pass this information in Chatbot like this:
The problem is it looks like I need to pass a token (API key seems not possible for this API) and I don't see how from the Chatfuel interface I could obtain a token for each request and pass it in my post request.
Edit: I've seen this post and created a service account but I don't see how to pass the credentials to Chatfuel.
How can I pass Google API service account credential to Chatfuel?
You should make a service account with Google Cloud.
It should give you a JSON with an API key, which is used to generate a new token every hour or so. Using the Google API for whatever server side language you are using (or just using the native http requests), you use the service key (which in general is loaded into your server as a .json file) to fetch a new token every hour; OR you can use Google Apps Script, if they have Chatfuel available (which I'm not sure if they do) and get the token there, and send it to your own app every 30 minutes or so via a trigger.
But the main thing is: using your service API key, you make an HTTP request to a certain api URL (available on with instructions from another page from that link above) every hour or so to generate a new token.
From the docs, that URL appears to be:
POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/SA-4#PROJECT-ID.iam.gserviceaccount.com:generateAccessToken
just replace, "`
SA-4#PROJECT-ID.iam.gserviceaccount.com
`"
with your own service account name
That's about it, its how it works for all Google Cloud APIs
Related
I'm trying to implement CI/CD for a Chrome extension based on this document. I've add Chrome Web Sore Api and created a Client ID with Chrome app type because I couldn't find Other type that document is selecting.but I didn't get client secret after creating ClientID. I just get ClientID and Creation date.
based on the document I need Client_Secret to get refresh_token with this command:
curl "https://accounts.google.com/o/oauth2/token" -d
"client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&code=$CODE
&grant_type=authorization_code&redirect_uri=urn:ietf:wg:oauth:2.0:oob" | jq
'.refresh_token'
But as I said I don't have Client Secret. How Can Solve this?
I found that I should select Desktop app in Application type.
How can I obtain a Spotify access token for my own user, but from Postman ?
I want to use Postman to fetch the access token from Spotify (without a preceeding manual log in).
If that's complicated, I would accept to manually log in first,
before fetching the token from Postman.
Details:
To get an access token (to be used further in my own Postman requests),
I manually have to get one, while logged in on the Spotify Developer website.
Therefore, I would like to obtain it directy from Postman,
where I could immediately use it further in other requests/tests.
How could this be achieved ?
I did define an app on Spotify (so I have the client_id and client_secret).
I also have tried sending the cURL suggested in this Client Credentials Flow (one of the Authorization flows). Unsuccessfully:
curl -X "POST"
-H "Authorization: Basic ZjM4ZjAw...WY0MzE="
-d grant_type=client_credentials
https://accounts.spotify.com/api/token
Postman actually has all the various types of Spotify auth requests nicely packaged up in an exportable set of requests.
Came across it while researching the same issue and came across their blog post on using PKCE instead of implicit OAuth2 flows.
Now I'm using google cloud functions under our company network policy(on GCP). The policy is to prevent from the external IP.
If I need to execute the function, I should get help from google scheduler or run my code on my local PC which SDK and auth login were installed on.
However, I want other users to use it on the web I'll develop.
So, I found a way by signing in Google end-user singin(?) as this LINK
I was able to get the id_token.But when I sent
curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME -H "Authorization: bearer {ID_TOKEN_FROM_SIGNIN}" on CLI, the result was
Your client does not have permission to the requested URL {MY-FUNCTIONS_URL}
However, when I tried it with curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME -H "Authorization: bearer $(gcloud auth print-identity-token)", the success result arrived.
The difference between two codes was that I used id_token from Google end-user singing or SDK configured the service account key.
Of course, I set the OAuth by inputting the login url on Google IAM.I'm not able to call the functions.
Is there any idea to help me?
I would be very happy if you could help me.
My problem is after using AutoML Vision UI to train my machine
https://beta-dot-custom-vision.appspot.com/vision/project/select?error_code=MISSING_PERMISSIONS_VIEW_EXISTIENCE&project=hypnotic-surfer-211909
I would like to implement my custom model but do not know how to do that.
In detail, I would like to use the result of PREDICT tab, which is in AutoML Vision UI, as a function namely function A. After that, I have some code in C# which will call function A to use.
Following is what I tried:
In Google Cloud Platform Console, at (PROJECT_NAME)$ directory,
add request.json file (the content of this file was generated by AutoML Vision UI after training model)
run curl command
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
https://automl.googleapis.com/v1beta1/projects/MY_PROJECT_NAME/locations/us-central1/models/ICN1270506624001569882:predict -d #request.json
And here is the message that I got
your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the automl.googleapis.com. We recommend that most server application use service accounts instead. For more information about service accounts and how to use them in your appllication, see https://cloud.google.com/docs/authentication/.
status: PERMISSION_DENIED
Please kindly tell me what I should do.
Thanks & Best Regards,
I want to implement a custom code for token generation or you can think of removing OAuth2 from the WSO2 implementation and incorporating my specific APIs for token management. Is this possible? If yes, then please guide me how to achieve the same.
If you need to customize it fully, It means that you need to completely remove the OAuth2. There there is no worth of it. But; if you just need to customize some behaviors of the OAuth2, It can be done easily. There are several extension points for it. One main extension is that customization of OAuth2 grant types. You can find details from here and some sample for it. It may helps to do some major customization of the OAuth2 flow. Hope it would help for you.
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. If you wish to use a different (or a custom generated) authorization token than the application generated access token, you can use it as a token exchange mechanism in mediation logic of the API. In this tutorial, we explain how to pass a custom authorization token that is different to the authorization token generated for the application.
Add the following sequence content in to a file and save it as XML file.
Log in to the API Publisher, create a new REST API
Navigate to the Runtime Configurations tab, enable the Message Mediation in Request flow. Engage the In sequence that you created earlier and click Save .
If the API is not in PUBLISHED state, go to Lifecycle tab, click REDPLOY to re-publish the API.
Go Developer Portal, subscribe and obtain a token to invoke the published API.
Install any REST client in your machine. We use cURL here.
Go to the command line, and invoke the API using the following cURL command.
In this command, you pass the token that the backend expects, i.e., 1234, in the Custom header with the authorization token that the system generates in the Authorization header.
curl -H "Authorization: Bearer " -H "Custom: Bearer 1234"
NOTE
is the token that you got in step 20.
appears on the API's Overview page in the API Developer Portal. Copy the HTTP endpoint. If you select the HTTPs endpoint, be sure to run the cURL command with the -k option.
Note the response that you get in the command line. According to the sample backend used in this tutorial, you get the response as "Request Received."
FOR MORE EXPLANATION, PLEASE VISIT THIS LINK
[LINK] : https://medium.com/#PrakhashS/passing-access-token-to-oauth2-protected-backends-wso2-api-manager-7d0671a0afca