cannot fetch the CSRF Token from a SpringBooot application (rest API) - spring-boot

Been searching a lot but nothing seems to be working for me,
I'm trying without success to obtain the CSRF Token from a springboot application.
Postman is the chosen APP to try the API Rest.
I am performing a HTTP:POST method invoking a REST API from the application but i am getting this error message:
{
"timestamp": 1956618364439256,
"status": 403,
"error": "Forbidden",
"message": "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.",
"path": "/api/rest/taxes"
}
This is my URl:
http://serverser45.swbc.local:9080/api/rest/orders/taxes
Do note that only the HTTP: POST is allowed to be used
I cannot perfom a HTTP: GET method and obtain the CSRF Token within a cookie or something like that. Nothing seems to be working for me.
How can i do that?

Related

How to respond with code 401 or 404 instead of 500 in go-swagger for invalid bearer token

I have created a REST API server using go-swagger and added bearer token security to a few endpoints. As per docs, the token verification method should have a signature like func(string) (interface{}, error).
The token verification method returns an error if the passed bearer token is not valid. This results in 500 responses to the requestor with JSON response body:
{
"code": 500,
"message": "Token is expired"
}
However, as standers how can I make this response with code 401.
Note: A similar discussion like this for Java can be found at https://stackoverflow.com/a/60738107/16087692 , Is there any way to achieve this Go?
I've no experience with go-swagger but just stumbled upon this question.
The answer is in the examples:
https://github.com/go-swagger/go-swagger/tree/master/examples/authentication
The example shows that the function returns an:
errors.New(401, "incorrect api key auth")
This is an error from the package: "github.com/go-openapi/errors" where you can pass in a http status code.

Google calendar api get error like "domain": "global", "reason": "notFound", "message": "Not Found"

I tried get list of event from calendar example from here.
No matter which property I
use, I always get the 404 "not found" error. Anyone can shed some light on this? Many thanks.
Request.
POST https://www.googleapis.com/calendar/v3/calendars/oneclapp.2021#gmail.com/events?
key=AIzaSyCGRPF0wSSBLndqdUftlbsDH9emHD_S-qg
Accept: "application/json"
Authorization: Bearer ya29.a0ARrdaM9PPHndl040qaXFmoSFGT9yRPWZs_yrTnYLAHQ0GF-UBvGc67S2L1m0O5OFIilq8oVGRuvw29NFwomtmUTBeHoABcIlaVD_p--4NVlBWCcXLBgfDjsF_5tvt4XRShd1itpe_9CULan9x6BV4TOyP__TkQ
Response
Response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "not Found",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
First off events.list is not HTTP Post its a HTTP GET
GET https://www.googleapis.com/calendar/v3/calendars/calendarId/events
Second assuming that you just miss wrote post and you are actually doing a http get.
Not found means just that the currently authenticated user does not have access to the calendar that you are trying to request events for. in this case oneclapp.2021#gmail.com
I recommend using primary to test that you can get the currently authenticated users primary calendar.
GET https://www.googleapis.com/calendar/v3/calendars/primary/events
It looks like you have not configured the OAuth 2.0 Client IDs correctly. We need to configure the OAuth client ID correctly and its type should be 'Web Application'. I was also getting the same error messages, but once I configured the OAuth ID, then it started working.
OAuth id type: Web Application
Permission scopes : https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.events.readonly, https://www.googleapis.com/auth/calendar.events
Authorized redirect URIs: http://localhost
Here is the screenshot of the Google Calendar API project settings.

Microservice returning 405 after going through Zuul gateway

I have the following setup: an authentication service (which uses JWT), a Zuul API gateway and a QR code service. Whenever I test the follow flow locally:
With username and password as body:
localhost:8762/api/auth-service/auth/
I get the Bearer token and use it to access the QR code service:
I use the text in the body and it's a POST request which returns the QR image.
localhost:8762/api/qr-service/qr-codes/
However, when I try this in my staging environment in Portainer I get the following:
{
"timestamp": "2020-12-07T13:16:59.188+00:00",
"status": 405,
"error": "Method Not Allowed",
"message": "",
"path": "/qr-codes/"
}
Somehow, by the time it gets to the QR service, it has changed to a GET request since the output logs show this:
Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported]
Anyone know how to resolve this?
I forgot to add https:// to the staging environment request.

YoutubeAPI returns 401 Invalid Credentials error when try to upload video to youtube using Youtube Data API(V3)

I am trying to upload video to Youtube using Angular File Uploader,OAuth and Youtube Data API(v3) in Codeigniter project. But It always fails with 401 Invalid Credentials response. I tried creating a youtube channel as suggested by other answer but it didn't work for me.
This is my POST url structure
https://www.googleapis.com/upload/youtube/v3/videos?client_id={clientID}&access_token={accessToken}&part=snippet&mine=true
Please can someone explain me the procedure for do this successfully I am new to this.
Invalid Credentials means that The access token you're using is either expired or invalid. You should check the full error for more information. It normally looks something like this.
401: Invalid Credentials Invalid authorization header.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization",
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Videos: list is a public request this means that technically you only need an API key.
https://www.googleapis.com/upload/youtube/v3/videos?key=yourkey
You can use an access_token which was gained from Oauth2 authencation.
https://www.googleapis.com/upload/youtube/v3/videos?access_token=yourtoken
There is no need to add client_id this may be what is causing your problem.

Google Analytics dailyUploads not working with using google-api-ruby-client

I am using the google-api-ruby-client v0.7.1, ruby 2.1.
When I upload Custom Data Sources through Google Analytics API v3 with Google Analytics API v3 > analytics.management.dailyUploads.upload :
Request
POST https: //www.googleapis.com/analytics/v3/management/accounts/**********************/webproperties/**********************/customDataSources/**********************/dailyUploads/2014-04-06/uploads?appendNumber=1&type=cost&key={YOUR_API_KEY}
Authorization: Bearer **************************
X-JavaScript-User-Agent: Google APIs Explorer
Response
400 Bad Request
{
"error": {
"errors": [{"domain": "global",
"reason": "badRequest",
"message": "Upload request url should start with https://www.googleapis.com/upload/analytics/..."}],
"code": 400,
"message": "Upload request url should start with https://www.googleapis.com/upload/analytics/..."
}
}
That response I get when call this method of api from gem google-api-ruby-client too.
But the documentation states:
HTTP request
POST https: //www.googleapis.com/upload/analytics/v3/management/accounts...
But in Google APIs Explorer and gem request is https: //www.googleapis.com/analytics/v3... , not https://www.googleapis.com/upload/analytics/v3... .
Anyone encountered this problem and how to fix it?
You need to change
user and code value
In authorize method.
You'll get,
user_ID from client_secret.json
and
run the URL, you get in the console under 'Open the following URL in the browser' for code value

Resources