I am recently doing projects on openstack. I start it. I want to access openstack account through RESTful API. I read the API guide in the official website. The link is here http://developer.openstack.org/api-guide/quick-start/api-quick-start.html#authenticate.
I do the same way to do the authentication.
Here is my command:
curl -s -X POST https://url:5000/v2.0/tokens -H "Content-Type: application/json" -d '{"auth": {"tenantName": "MyTenantName", "passwordCredentials": {"username": "'"myAccountNme"'", "password": "mypassword"}}}'
But everytime I just get 401 (Unauthorized) response said The request you have made requires authentication. The error message is here.
What's wrong with my request? My username and password is correct, I can use it to access my account from dashboard.
Since you are using https, I think you get the error message because you do not specify a certificate. Use the --cert or --cacert option of curl. Something like this:
curl --cacert <your_crt_file> -X POST https://url:5000/v2.0/tokens -H "Content-Type: application/json" -d '{"auth": {"tenantName": "MyTenantName", "passwordCredentials": {"username": "'"myAccountNme"'", "password": "mypassword"}}}'
Related
I am using wso2 API manager 3.1.0
I am using REST APIs for creating the subscriptions for the application. I am using the REST API
https://x.x.x.x:9443/apis/api/am/store/v1.0/subscriptions
I am using basic auth for the authentication of the API. My request body is as follows.
{
"applicationId": "6451faaa-65aa-48dc-8655-2ffb623fc441",
"apiId": "ed94f936-7e8a-4c62-92e6-92991aca4348",
"throttlingPolicy": "Unlimited"
}
When I send this request I am getting the 200 OK response but the content of the 200 OK is the management console login page. This is one issue I am facing. Another issue is a very basic one- I am trying to get the applications created in the system for that I am using below API
https://x.x.x.x:9443/api/am/store/v1.0/applications?limit=25&offset=0
again with basic authorization. for this request I am getting the 404 response. Same response I get if I change the authentication to Oauth token.
I tried these APIs with multiple tenant users credentials but for all I am getting the same response.
UPDATE:
I have obtained the access token like below:
1. curl --insecure -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json https://localhost:9443/client-registration/v0.16/register
I got the response
{"clientId":"MPPomfxrQ_ZReRlHz0x70pU6yLca","clientName":"rest_api_store","callBackURL":"www.google.lk","clientSecret":"dQrYXtwMG8fB4Qhu7NfC1uqLAkwa","isSaasApplication":true,"appOwner":"admin","jsonString":"{\"grant_types\":\"password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api_store\"}","jsonAppAttribute":"{}","tokenType":null}
2. curl -k -d "grant_type=password&username=admin&password=admin&scope=apim:subscribe" -H "Authorization: Basic TVBQb21meHJRX1pSZVJsSHoweDcwcFU2eUxjYTpkUXJZWHR3TUc4ZkI0UWh1N05mQzF1cUxBa3dh" https://10.57.8.36:9443/oauth2/token
and I got the response
{"access_token":"194d3a3c-8f37-3459-a909-f1f871f096dc","refresh_token":"be7bfcb5-970d-3a8b-8f0a-d69fb7ea53fb","scope":"apim:subscribe","token_type":"Bearer","expires_in":3600}
using the obtained token if I place the API request I get still 404
I'm testing WSO2 5.10 user creation via SCIM Rest API using the following curl command
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"Smith","givenName":"John"},"userName":"john","password":"password","emails":[{"primary":true,"value":"jsmith#test.com","type":"home"},{"value":"jsmith#test.com","type":"work"},{"value":"jsmith#test.com"}],"EnterpriseUser":{askPassword:"true"}}" --header "Content-Type:application/json" https://localhost:9443/scim2/Users
It creates a user as expected but doesn't send an email to set up a password.
However, when an admin tries to create a user through the management console for the same scenario, the user receives an email to set up a password. But not through this API request.
What am I doing wrong?
You need to set the askPassword attribute under the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User schema as true in the SCIM2 user create request. So try the request as below,
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"Smith","givenName":"John"},"userName":"john","password":"password","emails":[{"primary":true,"value":"jsmith#test.com","type":"home"},{"value":"jsmith#test.com","type":"work"},{"value":"jsmith#test.com"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{askPassword:"true"}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
Please refer the official documentation for more details.
I am using SCIM api for registering a user
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"Smith","givenName":"Paul"},"userName":"Paul","password":"password","emails":[{"primary":true,"value":"paul#somemail.com"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{askPassword:"true"}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
I got a
Create Password for New Account
email to my primary email address with a confirmation code.
How to validate this confirmation code with wso2is using SCIM 2?
In REST API there is an option to validate code.
I tried REST API
curl -k -v -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{ "code": "84325529-8aa7-4851-8751-5980a7f2d9f7","properties": []}' "https://localhost:9443/api/identity/user/v1.0/validate-code"
it returns in case of invalid code
{
"code": "18001",
"message": "Bad Request",
"description": "Invalid Code '84325529-8aa7-4851-8751-5980a7f2d9f7'"
}
in the case valid code it returns
{
"code": "18001",
"message": "Bad Request",
"description": "Invalid Code '%s.'"
}
no console error
Validate code worked with REST API work flow
There is no such SCIM APIs in WSO2 Identity Server to validate the confirmation codes. WSO2 Identity Server has a soap API (UserInformationRecoveryService-verifyConfirmationCode) and a REST API (/validate-code) that can fulfill your requirement.
You can find the SOAP API here.
I am editing my answer here since I talked with the developers and I realised there is a different API that you need to use for validating the confirmation code: documentation.
So you need to send the following request:
curl -k -v -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{ "code": "84325529-8aa7-4851-8751-5980a7f2d9f7","step": "UPDATE_PASSWORD","properties": []}' "https://localhost:9443/api/identity/recovery/v0.9/validate-code"
and the response should be
"HTTP/1.1 202 Accepted"
I tried it and it works.
Note: if you are using SCIM identity through a system like a self-managed GitLab, GitLab 15.3 (August 2022) offers a better integration:
User SCIM identity visible in UI
Previously, the SCIM identity for a user could only be accessed using the SCIM API.
Now, a user’s SCIM identity is visible to GitLab administrators in the Identities tab of the User list. With
this, troubleshooting of SCIM-related issues is simplified. Administrators can validate what identity, if any, is
being used for a specific account without requiring GitLab Support or an API query.
See Documentation and Issue.
I'm trying to send a request to https://{identity-server}:9443/oauth2/token. And the request is redirected to Location: https://{identity-server}:9443/carbon/admin/login.jsp. The version I'm using is IS 5.7.0 and deployed on Kubernetes as a clustered setup.
You are missing the authorization header in the request. That's why you are getting redirected to the login page.
Try to provide the authorization header like this
Authorization: Basic [Base64encode(Client-ID>:<ClientSecret>)]
Final request should be similar to this
curl -X POST \
https://localhost:9443/oauth2/token \
-H 'Authorization: Basic Zkd2ZlhiQ05VeUFmd2ltQW9HSWYycXZDakdFYTpFb1NOWDdHNFQ2NGZjcVFyZTVIX2NPR01CS2Nh' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=admin&password=admin&grant_type=password&scope=bearer'
i created a custom tensorflow model and deployed to google cloud AI platform
however, when i sent a post request to online prediction api (https://ml.googleapis.com/v1/projects/my-project/models/my-model/versions/my-version:predict). i got back 401 Request is missing required authentication credential. Expected OAuth 2 access token my understand that by deploying model is its API already available online, so is there away to make API public? if not how i can make api authentication through bearer token?
You can get the auth token using gcloud:
access_token=$(gcloud auth application-default print-access-token)
and then embed it into the header:
curl --silent \
-H "Authorization: Bearer $access_token" \
-H "Content-Type: application/json" \
-X POST \
etc.