How can I pass username and
Password in invoke http processor. ( I am invoking this nifi-api/token to generate token ) it’s required username and password to authorise .
I am passing username and password in request username and request password. But still it’s not working
When you want to generate a token for the NiFi API for it to be used in subsequent API calls of NiFi you need to pass the credentials as x-www-form-urlencoded.
This can be achieved like this using a cURL command
curl --location --request POST 'https://server_URL/nifi-api/access/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username=<USER_NAME>' \
--data-urlencode 'password=<PASSWORD>'
If you are familiar with Postman then you can use the Body tab and select x-www-form-urlencoded and define the credentials as Key and Value pair. This would generate you the token for the NiFi.
Related
I am building an Github OAuth app and attempting to see if I can validate the access_token returned by github upon login. The access_token is returned by github by making a POST call to the end point https://github.com/login/oauth/access_token and passing in CLIEND_ID and CLIENT_SECRET provided by github. Using this access_token, we can then access users information. My main question is, is there an end point to validate this token? I wanted this because I am running a node server which accesses files on github. As of now, the node end point is open and anyone can just call the functions in it. In each function, I would like to check if the user has a valid token or not before returning data to them and as such, have some form of security to my node API.
This is how I get the access_token in node
const params = "?client_id="+CLIENT_ID+"&client_secret="+ CLIENT_SECRET +"&code="+req.query.code;
await fetch("https://github.com/login/oauth/access_token"+params,{
method: "POST",
headers:{
"Accept": "application/json"
}
}).then((response) => {
return response.json();
}).then((data)=> {
res.json(data);
});
I have tried the following cURL end points, and it does return data
curl -H 'Authorization: token myGitHubAccessToken' https://api.github.com/user/repos
reference: https://onecompiler.com/questions/3uxsn58yz/how-to-test-a-github-access-token-is-valid
The above command does return data and my client ID, so it is somewhat useful. However, the access_token, which github returns a new one every time the user logs in, it itself seems to never expire. So I can copy a previously returned token to get the same data dump in the above command. I had read whats the lifetime of Github OAuth API access token that the token never expires, but then that itself is an issues. Is there some other method I should use to get around this issue? I dont want my API's to be open. If I could validate the access_token provided by github in every one of the node functions and also have it expire upon logging out, the issue will be resolved.
Also tried some options mentioned here: https://developer.github.com/changes/2/
of which, https://docs.github.com/en/rest/apps/oauth-applications?apiVersion=2022-11-28#check-a-token
made the most sense to me. But the cURL command given on that page:
curl \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
does not seem to work. It returns Bad Data.
Please advise! Thank you!!
Found the answer:
To check access token:
curl -H 'Authorization: token access_token' https://api.github.com/user/repos
The above command returns repos. For me, this is enough because I just want some reply from github using the token thats not a 404
To delete the token:
curl \
-X DELETE \
-H "Accept: application/vnd.github.v3+json" \
-u CLIENT_ID:CLIENT_SECRET \
https://api.github.com/applications/CLIENT_ID/token \
-d '{"access_token":"ACCESS_TOKEN"}'
Reference: Remove/revoke GitHub OAuth 'access_token'
Apologies for the bad editing. Cant get it to look just right.
In postman there is an option to send binary datatype in a api.
I am sending that in a api where but i am unable to detect that binary file in laravel request method.
curl --location --request POST 'http://192.168.*.*/api/v1/contact_us/save' \
--header 'Authorization: Bearer some_key' \
--header 'Content-Type: image/jpeg' \
--data-binary '#/Users/username/Desktop/filename.jpeg'
Above is my curl code generated in postman.
Although i am successfully getting this file when i request in multipart/form-data
I did see a question related to it but it is not the exact case
related question
If the HTTP request payload is purely a file (ie. not from a HTML form) then you can access it in Laravel using:
$request->getContent()
I have a .pem file containing my private key that I need to pass as an authorization header.
I've tried just using the command $(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem) but I'm getting the response: <h1>Bad Message 400</h1><pre>reason: Illegal character LF=\n</pre>0
Can I not pass the contents of my .pem straight into the header?
CLUSTER=standalone
TENANT=sandbox
NAMESPACE=integration_test
AUTHORIZATION=$(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem)
# Create tenant
curl -L -X PUT "http://localhost:$HOST_PULSAR_PORT/admin/v2/tenants/$TENANT" \
--header "Authorization: Bearer $AUTHORIZATION" \
--header 'Content-Type: application/json' \
--data-raw "{\"allowedClusters\": [\"$CLUSTER\"]}"
The private key needs to be carefully secured. You should never have to pass it in an HTTP header.
For Pulsar you should be using the private key to generate a JWT token to use in the HTTP header. You can use the following command:
bin/pulsar tokens create --private-key file:///path/to/my-private.key \
--subject test-user
The subject of the token should match the authorization role on the Pulsar tenant or namespace. For more details, see https://pulsar.apache.org/docs/en/security-token-admin/
Private keys are never meant to be sent as a header in a web request. Perhaps the public key.
When you try to send this:
Authorization: Bearer $AUTHORIZATION
I suspect you should send a signed JWT token instead?
Also, you try to send a pem file, as application/json, that does not match either. A pem file is typically a multi-line data structure and that needs to be encoded to be able to be sent in a header.
I have a laravel application with a form, where upon a GET request (example.my.lan/form) of the formular the user receives a *_session cookie and a XSRF-TOKEN cookie. Now I'm trying to call the controller (example.my.lan/form/confirmation) via POST on the command line with cURL:
curl -vvv -k -X POST -d "param1=value1¶m2=value2" \
-H "Content-Type: application/x-www-form-urlencoded" \
--cookie "my_form_session=a...z" \
--cookie "XSRF-TOKEN=a...z" https://example.my.lan/form/confirmation
curl -vvv -k -X POST -d "param1=value1¶m2=value2" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "my_form_session=a...z" \
-H "XSRF-TOKEN=a...z" https://example.my.lan/form/confirmation
curl -vvv -k -X POST -d "param1=value1¶m2=value2" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "my_form_session: a...z" \
-H "XSRF-TOKEN: a...z" https://example.my.lan/form/confirmation
From my browser everything works as expected. But if I call the controller on the CLI using cURL, the laravel app is always responding with a 419 (The page has expired). I know this is some cookie related issue, but still can't figure ou how to solve it - maybe someone has an idea?
So roughly speaking here's what needs to happen:
You need to perform an initial request to get a valid session cookie (which is essentially an encrypted session id) and along with that you also need to somehow obtain a valid CSRF token.
To get the token you have two options.
Visit a page which has a form which includes it via #csrf
Grab the cookie called XSRF-TOKEN which contains the encrypted csrf token
When you send the request you need to be sure you send the correct session cookie e.g. --cookie "my_form_session=a...z".
If you got the token from the #csrf field then you either send the header X-CSRF-TOKEN or as an additional form field _token=csrftoken
If you got the token from the XSRF-TOKEN cookie, which contains an encrypted CSRF token, this needs to go in the X-XSRF-TOKEN field.
By convention, all non-standard HTTP headers should be prefixed with X- (indicating an extension to the protocol) which is why those headers start with X-
In OKTA Admin screen, I expired the password associated with my username.
Tried the primary authentication (/authn) as described in http://developer.okta.com/docs/api/resources/authn.html. Got the proper status back as PASSWORD_EXPIRED and also a state token.
Invoked the change password API (ie /authn/credentials/change_password) with the above state token and old/new passwords. Instead of getting the success message, I am getting the error message "E0000011: Invalid token provided".
My developer API token and state tokens are correct. Not sure why I am getting this error. Can you please help?
Thanks
Nara
After you expire the password in the the UI, the user of the expired password is no longer in an ACTIVE state. Specifically, they're set to a PASSWORD_EXPIRED state which does not allow password resets. This is a security feature as the intent of explicitly setting a user in the state is to limit constrain their access to the system.
Note that the user event model is documented in the Okta Developer Guide at http://developer.okta.com/docs/api/resources/users.html#user-status
Before you can change a user password, you need to re-activate the user.
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: SSWS {{apikey}}" \
-H "Cache-Control: no-cache" \
-d '' https://{{url}}/api/v1/users/00u36pr8k9DMRAQBVMWZ/lifecycle/activate?sendEmail=false