I am following https://django-oauth-toolkit.readthedocs.org/en/0.7.0/rest-framework/getting_started.html for setting up Django OAuth Toolkit with rest framework.
As on step 4: https://django-oauth-toolkit.readthedocs.org/en/0.7.0/rest-framework/getting_started.html#step-4-get-your-token-and-use-your-api
It says to get token, we need to do a curl like:
curl -X POST -d "grant_type=password&username=<user_name>&password=<password>" http://<client_id>:<client_secret>#localhost:8000/o/token/
My Actual curl request for this process looks something like this(for already generated client_id and client_secret)
curl -X POST -d "grant_type=password&username=test&password=test" http://mbqvonqO7sI1lrh87uDd.C1U..NbKTb#0=eCM8Fl::2O=!0ZjE5UCha0UW?Oie-XCVUn;3XtmjT2SbFpzDJeM#Bn3.vPS!KLoDqVz7L-3.FfjP9v6yYyu2ghxObnIdIWppu=J#RPxPOfU#Q7KPt7da.?Bg0o5kCt5tY:wamsF#127.0.0.1:8000/o/token/
which didn't return any response and gives an error "bash: !0: event not found"
Any wrong in call made?
Issue is with the "client id" and "client secret" generated during register application(http://django-oauth-toolkit.readthedocs.org/en/0.7.0/rest-framework/getting_started.html#step-3-register-an-application)
"client id" and "client secret" contains special characters which can't be used with curl request in the mentioned way in documentation.
We can use it with the way suggested by Almalki as:
curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/o/token/
You can set client_id and client_secret as POST parameters:
curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/o/token/
I had the same problem as the OP and this was the only solution that worked for me:
curl -X POST -d 'grant_type=password&username=<username>&password=<password>' --user '<client_id>:<client_secret>' 'http://localhost:8000/o/token/'
I found this solution at Django OAuth Toolkit's Github issue #167. There is a great explanation there.
Related
We have multiple Kubernetes clusters across our company. To get the kubectl config content we use Dex to login and copy/paste the content to our local confi for kubectl.
I want to make this automated and so run a bunch of command to get the content using curl.
I couldn't work out how by checking the requests responses. Please help me if anyone knows how.
I found how to do it. So we need to make two calls. First one retrieves the login page in which we can grab the request id:
the_id=$(curl -s -v -L "https://login.${cluster}" | grep -Po 'action="(.*)"')
The above searches in the response for attribute action= where it tells you where to submit the request
Then use the_id in the next call:
konfig=$(curl --insecure POST -H 'Content-Type: application/x-www-form-urlencoded' -d "login=$username&password=$password" -v -L "${cluster}${the_id}" | grep -Pzo '(?s)id=".*?</')
This command will return a HTML page in which you can find the config. Obviously for you it can be different response but fetching the request id from the first call is the key that I missed to begin with.
I tried setup ALLINONE in my local, followed the documentation https://apim.docs.wso2.com/en/latest/learn/api-security/api-authentication/secure-apis-using-mutual-ssl/
it worked, but what will be the curl command for request because the document talks about testing only through postman
You can use the following curl commands when you want to use the header-based approach.
curl -X GET -H "X-WSO2-CLIENT-CERTIFICATE: (Base64 encoded public cert)" "https://localhost:8243/mock/v1" -v
curl -X GET -H "X-WSO2-CLIENT-CERTIFICATE: (Base64 encoded public cert)" "http://localhost:8280/mock/v1" -v
In order to work this, you need to add the following configuration to the deployment.toml in wso2am-3.2.0/repository/conf location.
[apimgt.mutual_ssl]
enable_client_validation = false
You can use the following curl commands if you are using the cert and key.
curl -k --cert int.ext.wso2.com.crt --key int.ext.wso2.com.key -X GET "https://localhost:8243/mock/v1" -v
I have followed the instructions from https://github.com/spring-cloud-services-samples/cook and managed to install and run Config Server in PCF environment (SERVICE: Config Server, PLAN: standard).
I'm now trying to hit /encrypt endpoint of the p-config-server service, in order to encrypt new value. I'm following the instructions at http://docs.run.pivotal.io/spring-cloud-services/config-server/configuring-with-git.html#encryption-and-encrypted-values:
TOKEN=$(curl -k ACCESS_TOKEN_URI -u CLIENT_ID:CLIENT_SECRET -d
grant_type=client_credentials | jq -r .access_token); curl -k -H
"Authorization: bearer $TOKEN" -H "Accept: application/json"
URI/encrypt -d 'VALUE'
...but I always get:
{
"error": "access_denied",
"error_description": "Access is denied"
}
On the other side, if I try to get standard endpoint, to get config for an app, I'm able to retrieve JSON containing app properties. E.g.
TOKEN=$(curl -k ACCESS_TOKEN_URI -u CLIENT_ID:CLIENT_SECRET -d
grant_type=client_credentials | jq -r .access_token); curl -k -H
"Authorization: bearer $TOKEN" -H "Accept: application/json"
URI/my-app/default
... gives result like:
{"name":"my-app","profiles":["default"],"label":null,"version":"bb6e64592ced731ebba272430291a595e0f14a77","state":null,"propertySources":[{"name":"https://github.com/some-user/config/my-app.yml","source":{"my-property.name":"Test123"}}]}
Any idea why I can not access /encrypt endpoint?
Thank you.
Btw, I'm executing the command in CentOS Linux release 7.4.1708, with installed jq (command-line JSON processor).
I've got the answer from CloundFoundry IT support. In my CF environment, "encrypt" endpoint should have a trailing slash (/). So it should be ...URI/encrypt/ -d 'VALUE'. Maybe it helps someone.
One more hint I've got: There is a CF CLI plugin for the Spring-Cloud-Services which you could use for convenience.
https://github.com/pivotal-cf/spring-cloud-services-cli-plugin
cf install-plugin -r CF-Community "Spring Cloud Services"
cf help config-server-encrypt-value
Hi Actually you need to hit cf env command first and take note of configuration values from that which for sample looks like below:
{
"VCAP_SERVICES": {
"p-config-server": [
{
"credentials": {
"access_token_uri": "https://p-spring-cloud-services.uaa.cf.wise.com/oauth/token",
"client_id": "p-config-server-876cd13b-1564-4a9a-9d44-c7c8a6257b73",
"client_secret": "rU7dMUw6bQjR",
"uri": "https://config-86b38ce0-eed8-4c01-adb4-1a651a6178e2.apps.wise.com"
},
[...]
and then use those values in your curl bash script. for example
TOKEN=$(curl -k https://config-86b38ce0-eed8-4c01-adb4-1a651a6178e2.apps.wise.com -u p-config-server-876cd13b-1564-4a9a-9d44-c7c8a6257b73:rU7dMUw6bQjR -d
grant_type=client_credentials | jq -r .access_token); curl -k -H
"Authorization: bearer $TOKEN" -H "Accept: application/json"
URI/ENDPOINT | jq
Basically following values are required:
ACCESS_TOKEN_URI with the value of credentials.access_token_uri
CLIENT_ID with the value of credentials.client_id
CLIENT_SECRET with the value of credentials.client_secret
URI with the value of credentials.uri
Replace ENDPOINT with the relevant endpoint:
application/profile to retrieve configuration from a Config Server service instance
eureka/apps to retrieve the registry from a Service Registry service instance
Then I think you will no more get access denied response.
We are trying to use sonarqube webapi and as part of prototyping I was testing the authentication apis using cURL .
The session is not getting deactivated after calling logout , and when I call a service again with a logged out cookie, it is getting authorized successfully.
Following are the steps I followed
Login
curl -v -c cookies.txt POST -d "login=admin&password=admin" http://sonar:9919/api/authentication/login
Do a user token search (which needs authorization) with the cookie
curl -b cookies.txt http://sonar:9919/api/user_tokens/search
This is successfull and returns
{"login":"admin","userTokens":[{"name":"arunvg","createdAt":"2017-10-11T15:03:18+0400"}]}
Logout
curl -v -b cookies.txt POST http://sonar:9919/api/authentication/logout
Repeat Step 2, was expecting an error message like
{"errors":[{"msg":"Authentication is required"}]}
but the call got successful and with same result in Step 2
Am I missing something here ? Any hints ?
I am building a web service for a web application, and I would like a simple tool to test this as I am developing. I have tried some firefox plug-ins (Poster, 'REST Client'), and even though these work fine I have been unable to upload files with them.
Also, I would rather have a command-line tool that I can use to easily write a set of integration tests for this web service and that I can send to consumers of this web service as an example.
I know that curl can work for this but would like a few examples, especially around authentication (using HTTP Basic) and file uploads.
Answering my own question.
curl -X GET --basic --user username:password \
https://www.example.com/mobile/resource
curl -X DELETE --basic --user username:password \
https://www.example.com/mobile/resource
curl -X PUT --basic --user username:password -d 'param1_name=param1_value' \
-d 'param2_name=param2_value' https://www.example.com/mobile/resource
POSTing a file and additional parameter
curl -X POST -F 'param_name=#/filepath/filename' \
-F 'extra_param_name=extra_param_value' --basic --user username:password \
https://www.example.com/mobile/resource
In addition to existing answers it is often desired to format the REST output (typically JSON and XML lacks indentation). Try this:
$ curl https://api.twitter.com/1/help/configuration.xml | xmllint --format -
$ curl https://api.twitter.com/1/help/configuration.json | python -mjson.tool
Tested on Ubuntu 11.0.4/11.10.
Another issue is the desired content type. Twitter uses .xml/.json extension, but more idiomatic REST would require Accept header:
$ curl -H "Accept: application/json"
From the documentation on http://curl.haxx.se/docs/httpscripting.html :
HTTP Authentication
curl --user name:password http://www.example.com
Put a file to a HTTP server with curl:
curl --upload-file uploadfile http://www.example.com/receive.cgi
Send post data with curl:
curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/when.cgi