how could I retrieve all user roles for specific user?
I thought one way could be using this:
curl -v -k --user admin:admin https://x:9443/wso2/scim/Users/x9-4fb9-be82-b1c97c073f02
from https://docs.wso2.com/display/IS530/SCIM+APIs
which should return all atributes, but there is not roles inside... when I tried
this for example worked and returned all emails of user.
curl -v -k --user admin:admin https://x:9443/wso2/scim/Users/x9-4fb9-be82-b1c97c073f02?attributes=emails
but when I do this, comma separated retriving of roles, that doesnt work. Maybe it is not considered as attribute?
curl -v -k --user admin:admin https://x:9443/wso2/scim/Users/x9-4fb9-be82-b1c97c073f02?attributes=emails,roles
I just want to achieve that I will have all user information with request, whether it is for all users or one user with all attributes
I have read this https://wso2.org/jira/browse/IDENTITY-4430 issue, but seems like with attributes in url we can fix that
I have tried the same requests you gave, but it gives the role names under "group". part of the response is as follows:-
"groups":[{"display":<your group(role) name associated with the particular user>,"value":<group_id>}]
Did you assign roles(groups) to the specific user before try the above requests?
And here along with the request you are specifying the user id so the response will give only the particular user information, not all user's information.
Related
Using wso2am-2.1.0 we'd like to create an API using the REST services, such as
/api/am/publisher/v0.11/apis
To use the services to search, create and publish an API the access token needs scope apim:api_view apim:api_createapim:api_publish
Seeing the publisher-api.yaml seems the full admin role is required to access these services.
We woudn't like to use the main admin user used by the services risking compromise of a user account with all privileges and mainly the admin user.
Assigning a different user to the admin role doesn't seem to work, tokens created don't hold necessary requested scopes (subsequence calls to the publisher's servicess causes 401 Unauthenticated request). Im I missing something?
It should work. I just did it and here is the output.
bhathiya#bhathiya-x1:/data/products/am/resources$ curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json https://localhost:9443/client-registration/v0.11/register -k
{"clientId":"ryUqrib4UAiKtbEt8_HxadTcubYa","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"Q1sTqqd175da8fLaESY6z9h5nuca","isSaasApplication":true,"appOwner":"admin","jsonString":"{\"grant_types\":\"password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"admin_rest_api_publisher\"}"}
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 22:29:11
bhathiya#bhathiya-x1:/data/products/am/resources$ curl -k -d "grant_type=password&username=bhathiya&password=admins&scope=apim:api_view apim:api_create" -u ryUqrib4UAiKtbEt8_HxadTcubYa:Q1sTqqd175da8fLaESY6z9h5nuca https://localhost:8243/token
{"access_token":"1e3f7460-e186-3ded-b4d9-c093e1ceb9df","refresh_token":"be66fe42-2d34-3a34-8576-f7e24388be00","scope":"apim:api_create apim:api_view","token_type":"Bearer","expires_in":3600}
And you can also change roles in publisher-api.yaml.
How to update user with PATCH, why it require userName (with PUT is the same)?
curl -v -k --admin:admin -X PATCH -d '{"name":{"familyName":"Doe"}' \
--header "Content-Type:application/json" \
https://localhost:9443/wso2/scim/Users/bd61878b-a37c-4c71-ab76-c553d559539f
Required attribute userName is missing in the SCIM Object
I have secondary user store with immutable userName. When I try to enter userName also in param the same not changed. It reports me:
User name is immutable in carbon user store.
I am using wso2 is 5.1. Is there any way to update user using SCIM API?
Please try as mentioned in here.
Is there a way, when creating a WSO2 user via the SCIM REST API, to specify that you want to ask the password from the user instead of setting the password explicitly?
For example, I'm able to succesfully create users via the REST API like so:
curl -v -k --user admin:admin --data "{"schemas":[],"name": {"familyName":"vader","givenName":"darth"},"userName":"dvader#empire.com","password":"myPassword","emails":[{"primary":true,"value":"darthvader#empire.com","type":"home"},{"value":"darthvader#tatooine.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
But instead of explicitly setting the password, I'd like to create a user in this way, but allow the user to set their password.
When adding a user using the WSO2 Management Console, you can select the "Ask password from user" box, so it seems to be possible. I just need to know how to do it via the REST API.
Thanks.
"Ask password from user" option comes with the identity management features of the identity server. at the moment (Up to WSO2IS 5.0.0) it is not possible to do this for a user provisioned through SCIM. You will have to give a common password and later users can change it.
WSO2 Identity Server 5.0.0 supports ask password feature with SCIM as well. You can use the following request to create a user. Here we do not need to give the password for the user. We need to give the email address of the user because the account confirmation email will be sent to that email address.
curl -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"edirisinghe","givenName":"dushan"},"userName":"edirisinghe", "emails":"thariyarox#gmail.com"}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
You can get to know more about this feature by referring [1].
[1] http://tharindue.blogspot.com/2015/07/create-users-with-ask-password-feature.html
Thank you,
Tharindu Edirisinghe
Is there any SCIM endpoints to add users with the groups? I already gone through the article, But i couldn't able to add user with group. Also i need to edit that user and update the group, Is there any SCIM endpoints for these two tasks ?
I tried with the following cURL command
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","password":"hasinitg","groups":[{"value":"a0612e1e-d8c7-47dd-b9ee-4218291945c8","display":"groupname"}]}" --header "Content-Type:application/json" https://example.com:9443/wso2/scim/Users
At the current implementation it is not supported to add an user to an existing group, and this requirement is captured for the Identity Server road map.
Currently you can update the group with the newly added user, but the operation is PUT operation. Therefore it will replace the existing group with new data. Therefore you need to provide all the users at each PUT request with the new user.
Patch operation is suitable for your requirement there you don't need to send entire user list in order to assign single user to a group. Patch operation will be supported with upcoming WSO2 IS releases very soon so keep in touch.
I have an app and I want to post to the users feed.
All the users have allowed publish_stream permission but I have no idea how to post to their feeds which I should be able to do even if the user is offline.
I want to use curl and the graph like this:
curl -F 'access_token=...' \
-F 'message=Hello, Arjun. I like this new API.' \
https://graph.facebook.com/arjun/feed
Do I simply use the access code I got when the users initially allowed me access, or do I have to get a new access code each time I want to post to their feed, if so, how do I do that?
Any help, much appreciated.
After the user authorized your application you get an access-token from facebook. You can use this token to post to the users-wall until he changes his password or removes your application from his application list.
I think you need to include your api-key in the request. Otherwise please provide the error message your getting!