I was reading the WSO2 APIM documentation for their Store API. However I can't figure out how to get authenticated with this API.
From what I understand from this page, I need to get a special token via the /token API. But the example shows that they provide some sort of Authentication to get this token and I can't figure out which one it is.
So I guess my problem is:
- How to get an access token for the WSO API Manager's new Store API?
Here is how to get access(Reference).
1.Register your oauth application using dynamic client registration API
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json http://localhost:9763/client-registration/v0.9/register
Sample payload:
{
"callbackUrl": "www.google.lk",
"clientName": "rest_api_store",
"tokenScope": "Production",
"owner": "admin",
"grantType": "password refresh_token",
"saasApp": true
}
Here it uses basic auth.You need to provide base 64 encoded username:password(eg: admin:admin) in the Authrization header.
Sample response.
{
"callBackURL": "www.google.lk",
"jsonString":
"{
"username":"admin",
"redirect_uris":"www.google.lk",
"tokenScope":[Ljava.lang.String;#3a73796a,
"client_name":"admin_rest_api_store",
"grant_types":"authorization_code password refresh_token iwa:ntlm
urn:ietf:params:oauth:grant-type:saml2-bearer client_credentialsimplicit"
}",
"clientName": null,
"clientId": "HfEl1jJPdg5tbtrxhAwybN05QGoa",
"clientSecret": "l6c0aoLcWR3fwezHhc7XoGOht5Aa"
}
2.Use the token API to get the oauth access token
curl -k -d "grant_type=password&username=admin&password=admin&scope=apim:subscribe" -H "Authorization: Basic SGZFbDFqSlBkZzV0YnRyeGhBd3liTjA1UUdvYTpsNmMwYW9MY1dSM2Z3ZXpIaGM3WG9HT2h0NUFh" https://127.0.0.1:8243/toke
Here basic auth parameter is base 64 encoded clientId:ClientSecret
Now you have an access token to call store APIs
Related
I have URL for get user details (GET method) while running the URL its showing the response below.
{
"message": "Invalid Basic Auth credentials"
}
URL details below
http://localhost:4567/v1/candidates
they mentioned following for authorization
-H "Authorization: Basic *********************************"
How can I use this in Postman collection?
Go to postman Authorization Tab and select Basic Auth as type and type the required credentials (username and password)
Add the Basic xxxxxxxxx to the Authorization header in your call:
Previously I was using django-rest-auth package and I was getting the auth token when user log in in response response.data.key and this auth token or key was working fine with the api calls as authentication auth
Previously for django-rest-auth:
"/rest-auth/login/"
was getting the response.data.key as auth token and that was working
I have stored in the cookie for later use
.get("/rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.key + "",
},
})
It was working to get info on user and also was working when used in other api calls by setting it in
Authorization: "Token " + response.data.key + ""
But now, I'm using dj-rest-auth package instead of django-rest-auth and shifted my urls to
/dj-rest-auth/login
and I'm not getting any key or auth token that I can use for authorization in header.
.get("/dj-rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.? + "",
},
})
It's not working because now I'm getting access_token , refresh_token and user info. I tried to use access_token and refresh_token for authorization in header but it's not working because I'm not getting key or auth token in response when user log in
Note: django-rest-auth is no more maintained and dj-rest-auth is forked from the previous one and have more functions (this is the reason why I'm switching)
How to get auth token or key by using dj-rest-auth package so that I can use it in the header of API calls for authorization?
Check that you don't have an REST_USE_JWT = True in your settings. That setting will enable JWT authentication scheme instead of a (default) token-based.
In django-rest-auth you get the key from a GET request, but according to dj-rest-auth's documentation, you get the token key as a response when you make a post request to /dj-rest-auth/login/.
When you make a POST request to /dj-rest-auth/login/, you can access the key at response.data. But now you need to store it so you can use it in your get requests.
I recommend checking out this question's answers to learn more about storing tokens. How you choose to do this will depend on how to the frontend of your application is built, as the javascript needs access to the token key.
I know I'm late to answer this, but hopefully I can help someone other folks who find this.
Since my application is C++, there is no Parse API available, so I have to do all the stuff using cURL. My application authenticates user, and should not let multiple logins, by looking at this documentation I don't see a workaround to check if the user is already logged without compromising it with too many requests, a solution that doesn't require constant database access would be the best, like this answer which gives a good idea how to do that, but is it possible to get such result using cURL only?
For your case, I recommend you to write a cloud code function that will be responsible for receiving the username and password, log in parse server, delete the other existing sessions for the same user (so other devices will be logged out), and return the session token. Then you can call this cloud code function from your C++ application using a single curl command. The codes should be something like below:
Cloud code function:
Parse.Cloud.define('logIn', async req => {
const username = req.params.username;
const password = req.params.password;
const user = await Parse.User.logIn(username, password);
const sessionToken = user.getSessionToken();
const oldSessionsQuery = new Parse.Query(Parse.Session);
oldSessionsQuery.equalTo('user', user);
oldSessionsQuery.notEqualTo('sessionToken', sessionToken);
const oldSessions = await oldSessionsQuery.find({ useMasterKey: true });
await Parse.Object.destroyAll(oldSessions, { useMasterKey: true });
return sessionToken;
});
Curl command:
curl -X POST \
-H "X-Parse-Application-Id: YOUR_APP_ID" \
-H "X-Parse-REST-API-Key: YOUR_REST_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "username": "the user name goes here", "password": "the password goes here" }' \
https://your.server.url/functions/logIn
I have a BE Java Service, which is RESTFul, which is ported on WSO2 API Manager. It is published and available in Store. I have registered a new Application (by Name ' Java App ') and upon subscribing to that API, it provided me with Client Key and Client Secret along with Token. Using the Token I am able to successfully access the API (from SOAP UI). My requirement is to access the API from a standalone Java Application. Can someone direct me or provide appropriate code that can access the published API.
Regards, Sreedhar.
You can use Apache HTTP client to invoke the API by sending Authorization as a HTTP Header.
String url = "API_URL";
HttpClient client = HttpClientBuilder.create().build();
HttpGet request = new HttpGet(url);
// add Authorization Header header
request.addHeader("Authorization", "Bearer :" + accessToken);
HttpResponse response = client.execute(request);
System.out.println("Response Code : "
+ response.getStatusLine().getStatusCode());
BufferedReader rd = new BufferedReader(
new InputStreamReader(response.getEntity().getContent()));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = rd.readLine()) != null) {
result.append(line);
}
For Generating Token with username, password and Client Key / Secret, You can use following cURL sample to build the HTTP request. More information can be found in token api
curl -k -d "grant_type=password&username=<username>&password=<password>" -H "Authorization: Basic SVpzSWk2SERiQjVlOFZLZFpBblVpX2ZaM2Y4YTpHbTBiSjZvV1Y4ZkM1T1FMTGxDNmpzbEFDVzhh" -H "Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
You have to base 64 encode Client Key / Secret and send it with Authorization header as Basic.
I am using Django Rest Framework Token authentication and if i do curl http://localhost:8000/api/v1/users/?format=json -H 'Authorization: Token 0a813fdcd3f8846d6fa376f2592bbc678b0b8e85' everything works fine.
But when i try to achieve that with Postman chrome client it nothing happens. What am i doing wrong??
You are setting the header to Authorization: Token when it really should just be Authorization. The header is actually just Authorization, but the value is Token [token_string], where [token_string] is the authorization token that you have obtained.
For the new version of postman it is necessary to choose Auth 2 type authentication in the left panel, then in the right panel, specify the DRf key which is "Token" and in the value the token itself.
In addition to the above answer, make sure to enable "Follow Authorization header" under setting (See below screenshot)
After Specifying Authorization and Token value try to add the token in an environment so that every time you don't have to copy the token value.
After get access token from http://127.0.0.1:8000/accounts/login/
such this :
{
"email": "user#example.com",
"tokens": {
"refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY2NjI2NTAxMSwiaWF0IjoxNjY2MTc4NjExLCJqdGkiOiJjZWM3MzJmNDZkMGE0MTNjOTE3ODM5ZGYxNzRiNzMxZCIsInVzZXJfaWQiOjcwfQ.5Rd25s6msp72IHyU1BxE4ym24YIEbhyFsBdUztGXz0I",
"access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjY2MjY1MDExLCJpYXQiOjE2NjYxNzg2MTEsImp0aSI6IjgyOWFmZGE5MWY2ODRhNDZhMDllZGMzMmI0NmY0Mzg5IiwidXNlcl9pZCI6NzB9.TYhi0INai293ljc5zBk59Hwet-m9a1Mc1CtA56BEE_8"
},
"id": 70
}
copy content of "access" key in response, then in post man in Headers add new item by key : Authorization and value such this:
Bearer eyJ0eXAi....
that eyJ0eXAi.... is value of access key.
then send the request.