i use django rest framework and OAuth2 Toolkit in my django backend app. I registered users in django admin site. Whne i try to get access token with CURL for user i get error:
{"error":"invalid client"}.
my curl request is bellow:
curl -X POST -d "client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET&grant_type=password&username=myuser&password=mypass" http://localhost:8000/o/token/
Do you have the right secret and id and/or the right grant-type?
1) Go to <yoursite>/admin and login with your admin account
2) Go to <yoursite>/o/applications and choose your application
Now you can see your secret, id and grant type(should be 'password').
Also have a look at the client type(should be 'confidential')
Thank you fo your help I solve my problem. My right curl request is bellow:
curl -X POST -d "grant_type=password&username=USERNAME&password=PASSWORD" --user "CLIENT_ID:CLIENT_SECRET"
Related
I am using django-rest-auth to authenticate and register my user I can do everyhting.
Login is working Registration is working but I am unable to access get User details:
/rest-auth/user/ (GET, PUT, PATCH)
I am trying to access this endpoint I am using JWT I am getting correct token. But when I am using this command in curl:
curl -X GET http://localhost:8000/rest-auth/user/ -H 'Authorization: Bearer <jwt-toke>'
I am getting this error:
{"detail":"Authentication credentials were not provided."}
What do I need to do to access details of user
After a long investigation, I was able to find a solution and according to the documentation if you want to use JWT in django-rest-auth.
They shared one link which is not working actual link is:
https://jpadilla.github.io/django-rest-framework-jwt/
After installing django-rest-auth.
You need to install django-rest-framework-jwt using:
pip install djangorestframework-jwt
And it will work fine if you want to access this URL:
/rest-auth/user/ (GET, PUT, PATCH)
You need to pass JWT instead of Bearer example:
curl -X GET http://localhost:8000/rest-auth/user/ -H 'Authorization: JWT <jwt-toke>'
And it worked for me.
I am trying to add Google & Facebook social auth to my DRF api. I followed steps from readme, I read the docs but I don't know how to request my api from my react app - docs shows this example for facebook login:
curl -X POST -d "grant_type=convert_token&client_id=<client_id>&client_secret=<client_scret>&backend=facebook&token=<facebook_token>" http://localhost:8000/auth/convert-token`
And here my problem comes - I don't understand what is "client_secret" in curl request? Should it be the same as SOCIAL_AUTH_FACEBOOK_SECRET in settings (that is copied from facebook developers site)?
According to their documentation:
<client_id> and <client_secret> are the keys generated automatically that you can find in the model Application you created.
Using wso2am-2.1.0 we'd like to create an API using the REST services, such as
/api/am/publisher/v0.11/apis
To use the services to search, create and publish an API the access token needs scope apim:api_view apim:api_createapim:api_publish
Seeing the publisher-api.yaml seems the full admin role is required to access these services.
We woudn't like to use the main admin user used by the services risking compromise of a user account with all privileges and mainly the admin user.
Assigning a different user to the admin role doesn't seem to work, tokens created don't hold necessary requested scopes (subsequence calls to the publisher's servicess causes 401 Unauthenticated request). Im I missing something?
It should work. I just did it and here is the output.
bhathiya#bhathiya-x1:/data/products/am/resources$ curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json https://localhost:9443/client-registration/v0.11/register -k
{"clientId":"ryUqrib4UAiKtbEt8_HxadTcubYa","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"Q1sTqqd175da8fLaESY6z9h5nuca","isSaasApplication":true,"appOwner":"admin","jsonString":"{\"grant_types\":\"password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"admin_rest_api_publisher\"}"}
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 22:29:11
bhathiya#bhathiya-x1:/data/products/am/resources$ curl -k -d "grant_type=password&username=bhathiya&password=admins&scope=apim:api_view apim:api_create" -u ryUqrib4UAiKtbEt8_HxadTcubYa:Q1sTqqd175da8fLaESY6z9h5nuca https://localhost:8243/token
{"access_token":"1e3f7460-e186-3ded-b4d9-c093e1ceb9df","refresh_token":"be66fe42-2d34-3a34-8576-f7e24388be00","scope":"apim:api_create apim:api_view","token_type":"Bearer","expires_in":3600}
And you can also change roles in publisher-api.yaml.
Is there any admin service similar to RemoteUserStoreManagerService present in wso2 apim 1.10 to get information about what api is published by a particular user and what api he is subscribed?
I know we can get this information from database, but I want to use admin service.
Thanks,
Santosh
You can use Store Jaggery APIs in APIM 1.10.0 for this.
To get all APIs created by user john.
1) Login as admin user (or any other user who has both publisher and store access)
curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d 'action=login&username=admin&password=admin'
2) Search for APIs published by john.
curl -X POST -b cookies "http://localhost:9763/store/site/blocks/search/api-search/ajax/search.jag" -d "action=searchAPIs&query=provider:john&start=0&end=3"
To get all APIs subscribed by user john
1) Login as user john.
curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d 'action=login&username=john&password=pass'
2) Get all subscriptions
curl -b cookies http://localhost:9763/store/site/blocks/subscription/subscription-list/ajax/subscription-list.jag?action=getAllSubscriptions
I downloaded django app which has regular django api. App is really big and I decided to implement django graphene module and to make more flexible api.
I have a graphene view which allow sending requests and receiving responses. My problem is that I want to add authentication on graphene view, so every user needs to provide token or username and password to be able to fetch the records.
I found some solution here:
Adding LoginRequiredMixin in new view
My problem is I can't login into django app using curl to execute some grapql query.
What I tried so far:
curl -u admin:password123 -X GET http://localhost:8003/graphql?query=query%7B%20types%20%7B%20edges%20%7B%20node%20%7B%20name%20%7D%20%7D%20%7D%20%7D
using jwt_auth
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwidXNlcl9pZCI6MSwiZW1haWwiOiIiLCJleHAiOjE0OTg3NDA4OTR9.FvofAxyhvjTGNZBUUSRF1kmXfgTNja6U52NynLhBGeo" http://localhost:8003/graphql?query=query%7B%20types%20%7B%20edges%20%7B%20node%20%7B%20name%20%7D%20%7D%20%7D%20%7
default app way to login on existing api to my graphene view
curl -H "Authorization: Token 2867936fff9d738ee5fc8a807c86a96e59ab648d" http://localhost:8003/graphql?query=query%7B%20types%20%7B%20edges%20%7B%20node%20%7B%20name%20%7D%20%7D%20%7D%20%7D
You can use insomnia as an alternative to curl to send graphql queries to your api. It is easy to setup the headers and authenticate.
django-graphql-auth have a demo video with insomnia, showing how to register and authenticate an user with it.