We Keep Coding

Proper way of Authorizing Google Pub/Sub REST API POST Request

I am attempting to retrieve event messages from Google pub/sub.
I have tried the following request:
curl -XPOST -H 'Authorization: Bearer ya29AuthToken' -H "Content-type: application/json" -d '{'returnImmediately': false, maxMessages: 10}' 'https://pubsub.googleapis.com/v1/projects/projectID/subscriptions/projectName:pull?key={APIKEY}'
I receive the following response from the server
{
"error": {
"code": 403,
"message": "User not authorized to perform this action.",
"status": "PERMISSION_DENIED"
}
}
What am i doing wrong with this? The API Key is correct and the auth token has not expired.

Invalid Credentials using Google Cloud Platform Buckets

We have a bucket in Google Cloud Platform to manage pictures.
I am trying to upload a picture to it using Curl.
Respective to the official documentation linked here, this is the Curl-command I used:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer A_STRING_SUPPOSED_TO_BE_A_KEY" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
This is the answer we get:
{
"error": {
"code": 401,
"message": "Invalid Credentials",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"locationType": "header",
"location": "Authorization"
}
]
}
}
It seems our key is invalid, we are not sure what to use as Authorization key. Where can we find the OAUTH2.0-key required to make use of the Google Cloud Platform Bucket, do we need to generate it somewhere?
Edit:
We have generated a key using the OAuth 2.0-Playground, and it worked! But the key expires every 3000 seconds...

If you are already authenticated to Google using the gcloud sdk, you can get the key like this:
-H "Authorization: Bearer $(gcloud auth print-identity-token)"
So, using your example above, this should work:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"

POST, PUT and PATCH resources not working in WSO2 Api Gateway

I am quite new to the WSO2 tools. I recently started using the WSO2 API Manager(ver. 3.1.0).
I created an API gateway by importing the httpbin swagger specs: https://github.com/Azure/api-management-samples/blob/master/apis/httpbin.swagger.json. I published the API, subscribed to it, generated the API keys and started testing.
I imported the spec in Postman, configured the API key for authorization, changed the server to the local gateway http://localhost:8280/Api_Base/1.0
All the resources defined with GET method were accessible, but the POST, PUT and PATCH resources
were not reachable via the gateway. I received the following error response "<faultstring>unknown" for these resources. I tried with cURL as well but got the same results. When I tried POST for httpbin directly it was working just fine:
curl --location --request POST 'http://httpbin.org/post'
{
"args": {},
"data": "",
"files": {},
"form": {},
"headers": {
"Accept": "*/*",
"Host": "httpbin.org",
"User-Agent": "curl/7.58.0",
"X-Amzn-Trace-Id": "Root=1-5e8e0d39-ddf21f1055008f60707cf150"
},
"json": null,
"origin": "95.103.xxx.xxx",
"url": "http://httpbin.org/post"
}
and via my API gateway(with API key as well):
curl --location --request POST 'http://localhost:8280/HTTP_Bin_Mock/1.0/post'
<faultstring>unknown</faultstring>
What could have gone wrong?

please try below CURL command
curl --location --request POST 'http://localhost:8280/HTTP_Bin_Mock/1.0/post' --data '{}' --header 'Content-Type: Application/JSON'

Token Introspect API not working after changing the regex restriction for username in WSO2 IS 5.9.0?

I am using WSO2 Identity server and using email as username from following documentation-
https://is.docs.wso2.com/en/5.9.0/learn/using-email-address-as-the-username/
Then while performing a sign-up ie create users using SCIM2 APIs with email more than 30 characters i was getting the following error-
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"scimType": "invalidValue",
"detail": "31301 - Username test1233.admin#motioneducation.com is not valid. User name must be a non null string with following format, ^[\\S]{3,30}$",
"status": "400"
}
Then to fix this i added this regex expression in deployment.toml file in user store-
[user_store]
username_java_script_regex = '^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$'
username_java_regex='^[a-zA-Z0-9.-]+#[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'
This change fixed my sign-up problem but the token generated by performing login using wso2 /oauth2/token API is giving 401 unauthorized in /oauth2/introspect API?
Please Help........?

Since you have enabled email as username, then you need to use the email username in the authorization header also. A sample curl command is given below.
curl --location --request POST
'https://{host_name}:{port}/oauth2/introspect'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic {base64encode(emailusername:password)}'
--data-urlencode 'token={access_token}'
Sample request
curl --location --request POST
'https://localhost:9443/oauth2/introspect'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'Authorization: Basic YWRtaW5Ad3NvMi5jb206YWRtaW4='
--data-urlencode 'token=47f65812-c5fb-3f90-b5c0-3bbc3603578f'
401 unauthorized error comes only if you are sending invalid credentials. So please check whether you are sending valid emailusername and valid password in authorization header

wso2 Idendity server bearer token

i have used wso2 Idendity server version 5.7.
i have created token below curl.
curl -X POST \
https://localhost:9443/oauth2/token \
-H 'Accept: */*' \
-H 'Authorization: Basic dUJqVGZncU1vTHpUQWJwU2U3QXhyYzF3cGRvYTpQVjFLM2ZUM1o3Qm9jVFl3dF9wM214ZzYwQVlh' \
-d 'grant_type=password&username=admin&password=admin'
they will giving below response jwt formate.
{
"access_token": "eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbkBjYXJib24uc3VwZXIiLCJhdWQiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwibmJmIjoxNTU2NjEyMzAxLCJhenAiOiJ1QmpUZmdxTW9MelRBYnBTZTdBeHJjMXdwZG9hIiwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwiZXhwIjoxNTU2NjE1OTAxLCJpYXQiOjE1NTY2MTIzMDEsImp0aSI6IjBiNDNiNDJhLTNmMGQtNDczZS05MjgwLWYzMDUyOTE5MDA0NSJ9.BxHpuoYJVpDPH4kauU7C6c9eSn-DDO3k40QQjDSBS3g7_dHDRCXvf1xBFe3dxggth-eomvo1kiIGQtC8_VzvL5umvM1VKkL_DqxDyWmM9CtFHj-MkDROS_81ZcWlME6__69vy68l9_cfM7XCUpkJ2JMAeFV2kS2jAvlIpSn3xcJWDMNNhcC60syrua_aATwNot6DQiy032c1uN2KOWEqLbhLMxDrue41jkhlQ7Kt4i-B7J385O7Rvju6bJ6SoTy-zU92ewXwrXctooLGbd_y-MQmXp0PTp2PqmBtgb5Ryrg9An3AbCavEjzYeJbSj2hIsKzU5dpH_KE670gEGW94jw",
"refresh_token": "253c5d9f-4efd-3b63-8451-66a0f83b2c72",
"token_type": "Bearer",
"expires_in": 3600
}
Problem :
1) when i have called any request using Bearer authorization token,giving below error but Basic YWRtaW46YWRtaW4= working fine.
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
2) Refresh token giving plain text how to convert jwt formate also.

Just in case if there is user permission issue, you will get
{"Errors":[{"code":"500","description":"User is not authorized to perform provisioning"}]}
Since your error message is
{
"Errors": [
{
"code": "401",
"description": "Authentication failed for this resource."
}
]
}
it is mainly due to invalid access token. You can check it by simply sending some random string as an access token. I would suggest you to check it from client side where you send correct access token or not.