WSO2AM REST API: refresh application subscribtion accessToken - wso2

I have application that communicate with WSO2AM 2.1.0 using their Restful API.
Right now I'm working on the application subscription part, I need to create a feature that able to refresh accessToken, it's the keys[0].token.accessToken from json below.
GET https://localhost:9443/api/am/store/v0.11/applications/896658a0-b4ee-4535-bbfa-806c894a4015
Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
HTTP/1.1 200 OK
Content-Type: application/json
{
"groupId": "",
"callbackUrl": null,
"subscriber": "admin",
"throttlingTier": "Unlimited",
"applicationId": "896658a0-b4ee-4535-bbfa-806c894a4015",
"description": null,
"status": "APPROVED",
"name": "DefaultApplication",
"keys": [ {
"consumerKey": "AVoREWiB16kY_GTIzscl40GYYZQa",
"consumerSecret": "KXQxmS8W3xDvvJH4AfR6xrhKIeIa",
"keyState": "COMPLETED",
"keyType": "PRODUCTION",
"supportedGrantTypes": null,
"token": {
"validityTime": 3600,
"accessToken": "3887da6d111f0429c6dff47a46e87209",
"tokenScopes": [
"am_application_scope",
"default"
]
}
}]
}
I ended up reading this documentation https://docs.wso2.com/display/AM210/Token+API and I think that is not the documentation I'm searching for. The token API there is used to refresh the access token to the WSO2, not for refreshing the application subscribtion token.
Is there any way to do this?

Store API uses client-credential grant type to generate an access token. That is why you don't get the refresh token in the response. You can do the following.
Used the API - https://docs.wso2.com/display/AM210/apidocs/store/
Create an application in APIM Store. (/applications)
Get consumerKey and consumer secret of the application by generating the keys. (/applications/generate-keys)
Use the password grant type and generate a token. https://docs.wso2.com/display/AM210/Password+Grant

Related

How to use/call amazon connect API StartChatContact & StartContactChat to initiate the chat channel?

I am trying to follow StartContactChat & CreateParticipantConnection to initiate the chat from third party applications e.g. Postman.
i want to route the chat to agent on talk to agent message from API, the chat should be routed to the agent in amazon connect.
StartChatContact's Request Syntax is given like this:
PUT /contact/chat HTTP/1.1
Content-type: application/json
{
"Attributes": {
"string" : "string"
},
"ChatDurationInMinutes": number,
"ClientToken": "string",
"ContactFlowId": "string",
"InitialMessage": {
"Content": "string",
"ContentType": "string"
},
"InstanceId": "string",
"ParticipantDetails": {
"DisplayName": "string"
}
}
I have done with it using URL: PUT https://connect.us-east-1.amazonaws.com/contact/chat and got the ParticipantToken and now trying to create the participant connect using CreateParticipantConnection - https://connect.us-east-1.amazonaws.com/participant/connection but keep facing the error:
{
"message": "Unable to determine service/operation name to be authorized"
}
i have added the participant token generated by StartContactChat in Authorization --> AWS Signature --> Session Token as well as in Header but still the still getting the AccessDeniedExcetion.
The CreateParticipantConnection API does not belong to the same service as the StartChatContact API. As a result, https://connect.us-east-1.amazonaws.com/participant/connection is the wrong endpoint for the latter API. Instead, it should be https://participant.connect.us-east-1.amazonaws.com/participant/connection

Refresh Power BI Data Flow using API through Azure Data Factory

I am trying to refresh a PBI Data Flow using an ADF web activity by authenticating using the data factory's Managed Identity.
Here is my input to the activity:
{
"url": "https://api.powerbi.com/v1.0/myorg/groups/1dec5b21-ba60-409b-80cb-de61272ee504/dataflows/0e256da2-8823-498c-b779-3e7a7568137f/refreshes",
"connectVia": {
"referenceName": "My-AzureVM-IR",
"type": "IntegrationRuntimeReference"
},
"method": "POST",
"headers": {
"Content-Type": "application/json",
"User-Agent": "AzureDataFactoryV2",
"Host": "api.powerbi.com",
"Accept": "*/*",
"Connection": "keep-alive"
},
"body": "{\"notifyOption\":\"MailOnFailure\"}",
"disableCertValidation": true,
"authentication": {
"type": "MSI",
"resource": "https://analysis.windows.net/powerbi/api"
}
}
It generates the following error when doing a debug run:
Failure type: User configuration issue
Details: {"error":{"code":"InvalidRequest","message":"Unexpected dataflow error: "}}
I have tried this exact URL in Postman using Bearer Token Authentication and it works. Our AAD Admin group said they added our ADF's Managed Identity to the permission list for the PBI API, so I am not sure what is going on here.
Just an FYI, I was able to get the ADF Managed Identity working with data flow refreshes using the HTTP request in my original post.
The key was after having the Tenant Admins add the Managed Identity to a security group with API access, I then also had to add the Managed Identity to the PBI Workspace access list as a Member.
Then my API call worked from ADF using the MSI. No Bearer login token needed.

How to authenticate through Google Cloud IAP with client from gapi (google-api-javascript-client) library?

Given a client-side app (written in Angular, but it's not much important) where I use google-api-javascript-client library to authenticate users. In a way described here - https://developers.google.com/sheets/api/quickstart/js:
gapi.load('client:auth2', () => {
gapi.client.init({
clientId: CLIENT_ID,
scope: SCOPES,
discoveryDocs: DISCOVERY_DOCS
}).then(() => {
gapi.auth2.getAuthInstance().isSignedIn.listen(this.onSigninStatusChanged.bind(this));
const isSignedIn = gapi.auth2.getAuthInstance().isSignedIn.get();
if (!isSignedIn) {
gapi.auth2.getAuthInstance().signIn({prompt: 'select_account'});
}
});
});
Now I want to access a backend in AppEngine behind Identity-Aware Proxy (IAP).
I tried naively to pass a token from GoogleUser via http request's authorization header, but it doesn't seem to work (getting 401):
let token = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().id_token;
this.http.get<Config>('https://myservice-dot-myproject.ew.r.appspot.com/api/get',
{
headers: { 'Authorization': 'Bearer ' + token}
});
I guess I need somehow to use OAuth Client ID from IAP.
I found a sample on how to do it with nodejs auth client.
But can't find a way to do it with the client-side google-api-javascript-client lib.
UPDATE:
I found a nice online resource to verify token that I got from GoogleUser.getAuthResponse().id_token - https://oauth2.googleapis.com/tokeninfo?id_token=token (source), it display the following:
{
"iss": "accounts.google.com",
"azp": "my OAuth Client ID that I used in gapi (CLIENT_ID)",
"aud": "OAuth Client ID that I used in gapi (CLIENT_ID)",
"sub": "user id (number)",
"hd": "Google user GSuite domain",
"email": "Google user email",
"email_verified": "true",
"at_hash": "some hash",
"name": "Google user name",
"picture": "an url",
"given_name": "Google user firstname",
"family_name": "Google user lastname
"locale": "en",
"iat": "1615972232",
"exp": "1615975832",
"jti": "87129b6c0f684b0bc7beac9df5e522e6272c13f1",
"alg": "RS256",
"kid": "6a8ba5652a7044121d4fedac8f14d14c54e4895b",
"typ": "JWT"
}

How to call Dialogflow Rest API with OAuth access token

I have created project in google console
Enable the Dialogflow API
Created OAuth v2 credential
Using this credentials i called access token api to generate token
https://accounts.google.com/o/oauth2/v2/auth?
scope=https://www.googleapis.com/auth/dialogflow&
access_type=offline&
include_granted_scopes=true&
response_type=code&
state=state_parameter_passthrough_value&
redirect_uri=http://localhost&
client_id= **i placed client id here**
I received access token and passed it to Dialog flow API
https://dialogflow.googleapis.com/v2/projects/**PROJECT-ID**/agent/sessions/123456:detectIntent
Header
Content-Type : application/json; charset=utf-8
Authorization : Bearer **ACCESS_TOKEN**
Body
{
"query_input": {
"text": {
"text": "I know french",
"language_code": "en-US"
}
}
}
Still i am getting this error
"error":{"code": 401, "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",…}
i am not able to identify where i went wrong
Please help thanks in advance
The code that i was passing in api was the OAuth Code(Thanks John Hanley)
API to generate Access token from OAuth Code
Post : https://oauth2.googleapis.com/token
Content-Type: application/x-www-form-urlencoded
{
"code":"OAuth Code",
"client_id":"Client ID",
"client_secret":"Client Secret",
"redirect_uri":"http://localhost",
"grant_type":"authorization_code"
}
In response you receive this
Response
{
"access_token": "Token",
"expires_in": 3599,
"refresh_token": "Refresh Token",
"scope": "https://www.googleapis.com/auth/dialogflow",
"token_type": "Bearer"
}
Pass this access token in header of google API

Can't access Facebook campaigns

I'm unable to get a list of my campaigns using Facebook Graph API
Response for /me/adaccounts
{
"data": [
{
"account_id": "123456789000001234",
"id": "act_123456789000001234"
}
],
"paging": {
"cursors": {
"before": "AAAAaaaBBBBcccc",
"after": "AAAAaaaBBBBdddd"
}
}
}
/123456789000001234/campaigns returns
{
"error": {
"message": "Unsupported get request. Object with ID '123456789000001234' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100,
"fbtrace_id": "EilRrOk1CEb"
}
}
Note that id's have been changed to dummy-values.
The token is for a system user and the ad account have been assigned to the user (role: admin). Token contains following scopes: read_page_mailboxes, rsvp_event, ads_management, ads_read, read_insights, manage_pages, publish_pages, pages_show_list, pages_manage_cta, pages_manage_instant_articles, business_management, publish_actions
What am I doing wrong?
Had to use id: act_123456789000001234 instead of account_id: 123456789000001234 so the request becomes /act_123456789000001234/campaigns. Also had to create a Facebook App, add Marketing API and assign to that an Ad Account, then create a token via the app instead of creating a token from the Business Manager.