I am using django-rest-auth to authenticate and register my user I can do everyhting.
Login is working Registration is working but I am unable to access get User details:
/rest-auth/user/ (GET, PUT, PATCH)
I am trying to access this endpoint I am using JWT I am getting correct token. But when I am using this command in curl:
curl -X GET http://localhost:8000/rest-auth/user/ -H 'Authorization: Bearer <jwt-toke>'
I am getting this error:
{"detail":"Authentication credentials were not provided."}
What do I need to do to access details of user
After a long investigation, I was able to find a solution and according to the documentation if you want to use JWT in django-rest-auth.
They shared one link which is not working actual link is:
https://jpadilla.github.io/django-rest-framework-jwt/
After installing django-rest-auth.
You need to install django-rest-framework-jwt using:
pip install djangorestframework-jwt
And it will work fine if you want to access this URL:
/rest-auth/user/ (GET, PUT, PATCH)
You need to pass JWT instead of Bearer example:
curl -X GET http://localhost:8000/rest-auth/user/ -H 'Authorization: JWT <jwt-toke>'
And it worked for me.
Related
In this link
https://cloud.google.com/ai-platform/prediction/docs/reference/rest/v1/projects.models/list, there is a "try this API" section.
I have given my project details and clicked on execute, it is not returning the versions or models in my project. it is only giving 200 as the response. I have given ML Engine Admin and ML engine developer as the roles to the IAM. what additional configuration should we do?
It may not have anything to do with your question,
I use "Vertex AI", not "AI Platform".
I was able to get a list of models below.
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://us-central1-aiplatform.googleapis.com/v1/projects/my-project/locations/us-central1/models
https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.models/list
(I thought you wouldn't get it back with code 200 if it was a permission issue.)
The issue is not with the permissions, because if it was it wouldn't return 200 (HTTP is OK). Moreover, the roles that you have assigned havethe sufficient permissions to use that service, which is ml.models.list.
I have tested the Try this API section and it also gave me the 200 response without any model(s) on the response body. I went ahead and called the API directly and it succeeded on giving me the models and versions. You can use the following command:
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://ml.googleapis.com/v1/projects/<YOUR-PROJECT>/models
It seems to be something with the call that the Try this API section is doing, however the API seems to be working as expected.
Reading the Django REST framework documentation, I understand that token authentication can be created and for a user:
from rest_framework.authtoken.models import Token
token = Token.objects.create(user=...)
print(token.key)
And then checked on a view-by-view basis.
When accessing the API from the command line, the documentation shows that the Token is supplied in the header like so:
curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'
My question is, when going through the browsable API, how does Django already know my user token without having to supply it like in the curl command?
I have successfully configured the API Manager, ID and IS according to the documentation: https://docs.wso2.com/display/AM260/JWT+Grant#JWTGrant-UsingtheJWTgrant.
I invoke the WSO2 token endpoint to exchange an external JWT for a WSO2 access token:
curl -i -X POST -k -d 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6WyJ3c28yIl0sImVudmlyb25tZW50Ijp7InByb2ZpbGVzIjpbImRldiJdfSwiYXV0aCI6eyJyb2xlcyI6WyJVU0VSIiwiQURNSU4iXX0sInVzZXJfbmFtZSI6IjAwMDAwMDk5Iiwic2NvcGUiOlsib3BlcmF0ZSJdLCJpc3MiOiJQQVMiLCJleHAiOjE1NDUzNDgyODcsImdlbmVyYXRlZEJ5IjoiUEFTIiwianRpIjoiOWQ4ZWU3ZTgtNDBlZS00MTZjLTlkYjgtYjU2NDZhYTZhN2JmIiwiY2xpZW50X2lkIjoiZnJvbnQtcG9saXphcyJ9.Ccs1OxjteRsvHTump-ZTawEsqlTrIeO0LJUzt5Ita8udvMOa_tB1rHOtI8GAa2mDCPMD_Z_jtZ2SlXPs10GvsYlF4jS_wcCVAPtHsoigzuNtg5t7CVfeCI2Bzhak721LdYBcjB9s0Jn24G9eb2jqx8NF0RPlKgmhbxwdY0b8XeigLp-kGCsFKY_fDIjFUM0oifzCWOmtaCRMtMx3CKVZOWq9dBIokheCi2foL8YkBCz57yo4vb782AYWXdiHj38TPPe4IguARuoc9FSymyiL1gWHJmyMZFvAeAJkDnHHEnnezqPmcWQweC1ylLwUYGNVLM8YSfuBDtcGBWSO0F-WKw' -H 'Content-Type: application/x-www-form-urlencoded' https://localhost:9443/oauth2/token -d 'client_id=w_paekjnDDY8zcCfCRgj_81g2eYa'
This answers successfully with an access token, a refresh token etc etc.
I have created an application in the WSO2 APIM store. In the production/sandbox tabs, the only checked Grant Type item is JWT.
The point is, I use the previously gotten access token (which is itself an JWT token) to invoke an API subscribed with the above application:
curl -k -X GET "https://192.168.179.129:8243/myapp/api/v1/customers" -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImF1ZCI6IndfcGFla2puRERZOHpjQ2ZDUmdqXzgxZzJlWWEiLCJuYmYiOjE1NDUzNDgxOTgsImF6cCI6IndfcGFla2puRERZOHpjQ2ZDUmdqXzgxZzJlWWEiLCJzY29wZSI6ImRlZmF1bHQiLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMlwvdG9rZW4iLCJleHAiOjE1NDUzNDgyODcsImlhdCI6MTU0NTM0ODE5OCwianRpIjoiNjRlM2I5N2UtOTNlNC00YzQ2LThlNmQtMzlmZjQzOWQxM2Y0In0.UBLOsCCD3t4Wf8nXBnDkkGXxefYySelDzEcs1F_IrbshMJXohxcL92Av1nmcpdNdjin7GdC8Y305rrkBt9T1L_cMAHLYYcI5cI1J7wmAgEd1CEv9gI7IUYfAdbga2AeV4kIlNsgiV6PKnU34WnY7rEVqXD908eEHY5UvaNXc0Bz6C8d-p39-SqKUblGHPh9vdkpcCGcK0CgGKjtiU2lai_JkRALdgEgonT37R5eqmuxPxUouWNz9TCJgTuonKPA-9bYOsMvbzGlm--0m0j9gdxnv-3N1Kv_2JqSCR4pToDClhSKgFCE1L025LIICM-sLd_PDU5pwYge_iKseiIDZfA" -d 'client_id=w_paekjnDDY8zcCfCRgj_81g2eYa'
I get the following error (900908) - Resource forbidden:
<ams:fault xmlns:ams="http://wso2.org/apimanager/security"><ams:code>900908</ams:code><ams:message>Resource forbidden </ams:message>
<ams:description>Access failure for API: /myapp/api/v1, version: v1 status: (900908) - Resource forbidden </ams:description></ams:fault>%
I must be missing the final step which is how to allow those access tokens gotten in the JWT grant to be used to access an API subscribed by an application.
The error code 900908 means the API is not subscribed by the application. Please double check.
Technically Bee was right in his answer, but I would like to point specifically at what I was doing wrong in case it happens to others:
The problem was that the client_id/client_secret I was using when exchanging the JWT to get the access token were the ones from the Service Provider I had created. WRONG!
The ones was that need to be sent are those from the subscribed application. With that the resource forbidden error doesn't show up anymore.
i use django rest framework and OAuth2 Toolkit in my django backend app. I registered users in django admin site. Whne i try to get access token with CURL for user i get error:
{"error":"invalid client"}.
my curl request is bellow:
curl -X POST -d "client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET&grant_type=password&username=myuser&password=mypass" http://localhost:8000/o/token/
Do you have the right secret and id and/or the right grant-type?
1) Go to <yoursite>/admin and login with your admin account
2) Go to <yoursite>/o/applications and choose your application
Now you can see your secret, id and grant type(should be 'password').
Also have a look at the client type(should be 'confidential')
Thank you fo your help I solve my problem. My right curl request is bellow:
curl -X POST -d "grant_type=password&username=USERNAME&password=PASSWORD" --user "CLIENT_ID:CLIENT_SECRET"
Im using django-oauth2-provider to build a authorization server. When i try to get access_token by using this command:
curl -d "client_id=513204402d4b4f4d62e2&grant_type=authorization_code&response_type=code" http://127.0.0.1:8000/oauth2/access_token
i get an error: invalid_client
I have been created my client with client_type is Confidential
How can i fix it?
If your client is confidential, you must authenticate to issue an access token.
I suppose that it is a password client. You just have to add the client_secret=CLIENT_SECRET_HERE parameter in your POST request or set your client credentials in the authorization header.
Example:
curl -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&...
or
curl --user CLIENT_ID_HERE:CLIENT_SECRET_HERE -d "...
The authorization code grant type is a two step flow.
You get an authorization code just after the resource owner allowed your client.
You get an access token using the authorization code.
You are trying to send a POST request so I suppose that if you already have an authorization code.
You get an invalid_request because you do not set the code parameter in your curl command:
curl -X POST -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&grant_type=authorization_code&code=AUTHORIZATION_CODE_HERE&redirect_uri=REDIRECT_URI_HERE" http://127.0.0.1:8000/oauth2/access_token