I using below command to get access token
curl -X POST https://api.pinterest.com/v5/oauth/token
--header 'Authorization: Basic {base64 encoded string made of client_id:client_secret}'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=authorization_code'
--data-urlencode 'code={YOUR_CODE}'
--data-urlencode 'redirect_uri=http://localhost/'
I am getting
{"code":2,"message":"Authentication failed."}
client_id and secret are correct. Any pointers will be helpful.
Regards,
Rita
Related
Hello,
I'm currently using grafana to visualize data from InfluxDB, and would like to use a hyperlink in form of a HTTP request from a dashboard to insert data into the database.
Is something like this possible?
This is possible.
In InfluxDB v1.X, you could do:
curl -i -XPOST 'http://localhost:8086/write?db=mydb' --data-binary 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'
In InfluxDB v2.X, you could do:
curl --request POST \
"http://localhost:8086/api/v2/write?
org=YOUR_ORG&bucket=YOUR_BUCKET&precision=ns" \
--header "Authorization: Token YOUR_API_TOKEN" \
--header "Content-Type: text/plain; charset=utf-8" \
--header "Accept: application/json" \
--data-binary '
airSensors,sensor_id=TLM0201 temperature=73.97038159354763,humidity=35.23103248356096,co=0.48445310567793615 1630424257000000000
airSensors,sensor_id=TLM0202 temperature=75.30007505999716,humidity=35.651929918691714,co=0.5141876544505826 1630424257000000000
'
See more details here and there.
I have to implement biometric authorization which is based on our current Keycloak(SSO) system.
So I tried to create a long-lived refresh token which is activated even when I logout.
Here is curl:
curl --location --request POST
'http://localhost:8089/auth/realms/EXTERNAL/protocol/openid-connect/token?prompt=consent&scope=offline_access'
--header 'Content-Type: application/x-www-form-urlencoded'
--header 'prompt: consent'
--header 'scope: offline_access'
--data-urlencode 'client_id=client-credential'
--data-urlencode 'refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4NGRkZDM1OC1kMDFjLTRjODQtYmE2OC00ODA1MzVlNmM5OWIifQ.eyJleHAiOjE2NTY5MDY5NDQsImlhdCI6MTY1Njg5OTc0NCwianRpIjoiMTkzM2IxNzktOWQxMC00ODI5LTlkY2EtZGRiNGM5ZGM1YzY0IiwiaXNzIjoiaHR0cHM6Ly9kZXYtaWQuc2FmaW4udm4vYXV0aC9yZWFsbXMvRVhURVJOQUwiLCJhdWQiOiJodHRwczovL2Rldi1pZC5zYWZpbi52bi9hdXRoL3JlYWxtcy9FWFRFUk5BTCIsInN1YiI6ImZkMTY3NWVjLWY5YjgtNDRjMS04Yjk5LWJlOTU2M2Y2NTgyMiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJjbGllbnQtY3JlZGVudGlhbCIsInNlc3Npb25fc3RhdGUiOiI2NDExYzQ2ZC1hMGVmLTRiMDEtOTU0Yi00ZTU4ZTE5Mjc2ZDAiLCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJzaWQiOiI2NDExYzQ2ZC1hMGVmLTRiMDEtOTU0Yi00ZTU4ZTE5Mjc2ZDAifQ.c3ZdvnrG_Y3nuHKIWUGqo-beN-S5MNE-Ywufqym2D54'
--data-urlencode 'grant_type=refresh_token'
--data-urlencode 'scope=offline_access'
--data-urlencode 'client_secret=58f28165-1553-4543-9c66-c2e8c65fexxx'
But I received: "Session not active"
How can I fix that problem?
I am novice and first timer to bash. Trying to run bash under command line to invoke an API, by passing token and payload received from two different APIs and are set as parameters. Below is my command. I am trying to add this bash script to a task in AzureBatch service job.
It has 3 curl requests,
First one (Line#1 in the code snippet below)- gets payload by
calling an API. ---- This is working fine, I am able to verify the
payload using the echo statement following the first curl command.
Second one(Line#3 in the code snippet below) - gets token by
calling the token provider ----- This is working fine as well,
verified using the echo statement.
Third one (Line#5 in the code snippet below),This is the problematic command. I am trying to pass the token and payload received from the above two commands and the curl is not able to resolve them.
both token and payload or not resolving to their values..
My Bash COmmand
/bin/bash -c
"payload=$(curl --location --request GET 'http://url/OutreachData')
&& echo -e \"The value of payload is: "'$payload'"\"
&& token=$(curl --location --request POST 'https://login.microsoftonline.com/<<tenantId>>/oauth2/v2.0/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'client_id=<<clientId>>' --data-urlencode 'scope=api://<<applicationId>>/.default' --data-urlencode 'client_secret=<<clientSecret>>' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'Audience=api://<<applicationId>>'|jq -j '.access_token')
&& echo -e \"value of token is "'$token'"\n\"
&& result=$(curl --location --request POST 'https://url/api/<<Resource>>' --header 'accept: */*' --header 'Content-Type: application/json' --header 'Authorization: Bearer '"'$token'" --data-raw "'$payload'")
&& echo -e \"Result is "'$result'"\""
This is how the third Curl is resolving to, payload and token are not getting replaced as we can see in the authorization header and data-raw elements
++ curl --location --request POST https://url/api/ --header 'accept: /' --header 'Content-Type: application/json' --header 'Authorization: Bearer ' --data-raw ''''''''
There should be no need to explicitly run this with bash -c unless you are in a very constrained environment where you simply cannot run Bash by any other means.
The immediate problem is that code like
bash -c "echo "'$token'" && true"
ends up with $token being single-quoted in the shell which you run bash -c from. But the blazingly obvious fix is to not have this complex quoting in the first place.
payload=$(curl --location --request GET 'http://url/OutreachData')
echo "The value of payload is: '$payload'"
token=$(curl --location --request POST \
'https://login.microsoftonline.com/<<tenantId>>/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<<clientId>>' \
--data-urlencode 'scope=api://<<applicationId>>/.default' \
--data-urlencode 'client_secret=<<clientSecret>>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'Audience=api://<<applicationId>>' |
jq -j '.access_token')
echo "value of token is "'$token'"
result=$(curl --location --request POST \
'https://url/api/<<Resource>>' --header 'accept: */*' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer '"$token" \
--data-raw "$payload")
echo "Result is "'$result'"
If your current shell is not Bash and you need these commands to be run in Bash, a simpler workaround is to put the script in a here document, which drastically simplifies the quoting needs (or if this is in an interactive session, just run bash and run these commands at the interactive Bash prompt, then exit when you no longer want to be in Bash).
I am trying to impersonate a user (tony123) using a superadmin(superadmin). The steps I am following are as follows.
Get access token for superadmin as below.
curl --location --request POST 'http://localhost:8180/auth/realms/tenant/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=superadmin' \
--data-urlencode 'password=<superadmin-password>' \
--data-urlencode 'client_id=<source-client-id>' \
--data-urlencode 'client_secret=<source-client-secret>'
With the above token, I am getting the impersonated user's (tony123) token as follows.
curl --location --request POST 'http://localhost:8180/auth/realms/tenant/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<source-client-id>' \
--data-urlencode 'client_secret=<source-client-secret>' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'subject_token=<access token got in step one>' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token' \
--data-urlencode 'requested_subject=<user id of tony123>'
I am able to get the correct impersonate token by following the above two steps. This impersonate token only contains preferred_username and email attributes of tony123 in the token. I would like to further customise the impersonate token by adding some phone_number from the user attributes map. I am unable to do so.
I tried adding a mapper for phone_number in the source-client in Keycloak admin. This was an unsuccessful attempt. How to achieve this?
First you create your custom attributes then in client mappers, add Token Mapper with User Attribute type.
Take a look at this page.
The API authentication is denied as the value of $login_token variable that I pass in the curl command is enclosed with double quotes during the execution.
Code
set -x
login_token="eUsadjb#dsi-0nknhsnc"
API_Response=$(curl -X POST --header 'Accept: application/json' --header 'Authorization: Bearer '$login_token 'https://example.com')
set +x
Curl Response in Debug Mode
++ curl -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: application/json' --header 'Authorization: Bearer "eUsadjb#dsi-0nknhsnc"'
+API_Response='Authorization has been denied for this request. Please use a valid access token.'
As you can notice that the login_token value is embedded with double quotes when passed as a variable and this causes the failure. The value of login_token variable should be passed without quotes as it is. Suppose, if I pass the value of login_token directly in the curl command, then the authentication is successful.
Direct Value - Authentication Success
API_Response=$(curl -X POST --header 'Accept: application/json' --header 'Authorization: Bearer eUsadjb#dsi-0nknhsnc' 'https://example.com')
How can I pass the value of login_token variable without quotes in curl command?
FYI, I tried the following method as well, but it doesn't work
login_token="eUsadjb#dsi-0nknhsnc"
API_Response=$(curl -X POST --header "Accept: application/json" --header "Authorization: Bearer $login_token" "https://example.com")