I am following this tutorial for Oracle Autonomous database by #ToddSharp : Microservices The Easy Way With ORDS And Micronaut
Under chapter "Testing your endpoint" I am curl the following:
curl -i -k \
--user [client_id]:[client_secret] \
--data "grant_type=client_credentials" \
https://[obfuscated]-demodb.adb.us-phoenix-1.oraclecloudapps.com/ords/usersvc/oauth/token
...with my own credentials.
When doing that I get the following response:
HTTP/1.1 401 Unauthorized
Date: Tue, 24 May 2022 20:19:28 GMT
Content-Type: application/problem+json
Content-Length: 193
Connection: keep-alive
{
"code": "Unauthorized",
"message": "Unauthorized",
"type": "tag:oracle.com,2020:error/Unauthorized",
"instance": "tag:oracle.com,2020:ecid/xxxxxxx"
}%
While I do understand the actual error, authorization, after a lot of testing I do not know how to fix it. I have tried for a couple of days now with limited success.
I believe the previous steps have been successful.
I would really appreciate some ideas and tips how to proceed.
UPDATE
I have tested a lot but still not sure I know what I am doing and is now curl to try to get some response:
curl -i -k \
--user xxxxxx..: yyyyyyy.. \
--data "grant_type=client_credentials" \
https://g9999999999-testdb.adb.eu-stockholm-1.oraclecloudapps.com/ords/usersvc/oauth/token
...and get the following response:
curl: (6) Could not resolve host: ntxNMkxxxxxx4iSRVDqE0w..
HTTP/1.1 404 Not Found
Date: Thu, 26 May 2022 22:07:07 GMT
Content-Type: application/problem+json
Content-Length: 182
Connection: keep-alive
{
"code": "NotFound",
"message": "Not Found",
"type": "tag:oracle.com,2020:error/NotFound",
"instance": "tag:oracle.com,2020:ecid/de999999999437c941e8cf6ffd8e8c"
}
Related
Environment details
OS: macOS Big Sur Version 11.6 (Apple M1 Chip)
Node.js version: v16.4.1
npm version: 7.23.0
#google-cloud/talent version: v4
Intruduction
I'm having a hard time to get the job search in Google Cloud Talent Solution to work.
I already can create/read/update, tenants/companies/jobs indicating that the credentials are ok.
But I don't find any jobs searching them.
Facts
Currently I have one job stored in Google Cloud Talent Solution.
This ist the job export, done with the Google Console:
{
"name":"projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5/jobs/135317048994472646",
"requisition_id":"f9bffe6e-3c8c-40d5-b3c3-672d30485745",
"title":"IT-Berater"
}
This is the JSON stringifyed request, passed to "searchJobs":
{
"parent":"projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5",
"searchMode":"JOB_SEARCH",
"requestMetadata":{"domain":"insurancepunk.com","sessionId":"8f47bbab-5c15-4bd9-9008-60f79030ab3b","userId":"vCobKcXPFdf6zlVibjnb"},
"jobQuery":{"query":"IT-Berater"}
}
As you can see the project id and the tenant id match the exported job.
This is my very simple code:
const talent = require('#google-cloud/talent').v4;
const client = new talent.JobServiceClient();
client.searchJobs(request)
.then(responses => {
const resources = responses[0];
for (const resource of resources) {
console.log(`Job summary: ${resource.jobSummary}`);
console.log(`Job title snippet: ${resource.jobTitleSnippet}`);
const job = resource.job;
console.log(`Job name: ${job.name}`);
console.log(`Job title: ${job.title}`);
}
})
.catch(err => {
console.error(err);
});
The code enters the then-path, but "responses" is empty.
Google OAuth Play Ground
When testing it in Google OAuth Play Ground, i get this results.
Googel OAuth Play Ground: https://developers.google.com/oauthplayground/
Google Talent Solution Scope: [https://www.googleapis.com/auth/jobs2
The Scope was found here:
https://cloud.google.com/talent-solution/job-search/docs/reference/rpc/google.cloud.talent.v4
Output from Google OAuth Play Ground:
Request:
POST /v4/projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5/jobs:search HTTP/1.1
Host: jobs.googleapis.com
Content-length: 277
Content-type: application/json
Authorization: Bearer ya29.a0ARrda...
{
"parent":"projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5",
"searchMode":"JOB_SEARCH",
"requestMetadata":{"domain":"insurancepunk.com","sessionId":"8f47bbab-5c15-4bd9-9008-60f79030ab3b","userId":"vCobKcXPFdf6zlVibjnb"},
"jobQuery":{"query":"IT-Berater"}
}
Response:
HTTP/1.1 200 OK
Content-length: 117
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Tue, 30 Nov 2021 09:44:40 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-type: application/json; charset=UTF-8
{
"metadata": {
"requestId": "0e7330e1-ee15-404e-85d2-b8174679583f:APAb7ITvUURH6nrwLrbLLBCB9Zg6NKPMfg=="
}
}
Listing companies works well!
Request:
GET /v4/projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5/companies HTTP/1.1
Host: jobs.googleapis.com
Content-length: 0
Authorization: Bearer ya2...
Response:
HTTP/1.1 200 OK
Content-length: 1124
X-xss-protection: 0
Content-location: https://jobs.googleapis.com/v4/projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5/companies
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Tue, 30 Nov 2021 10:08:49 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-type: application/json; charset=UTF-8
{
"companies": [
{
"displayName": "Pompadour GmbH",
"name": "projects/insurancepunk/tenants/75f8ac52-6e7c-4b00-9220-03771d25e9c5/companies/a6f34dd2-76f1-40e8-8175-1274f49f5977",
"headquartersAddress": "Am Burgweg 1, 97346 Iphofen",
"imageUri": "http://www.pompadour.info/bar",
"derivedInfo": {
"headquartersLocation": {
"locationType": "STREET_ADDRESS",
"postalAddress": {
"postalCode": "97346",
"regionCode": "DE",
"administrativeArea": "BY",
"addressLines": [
"Am Burgweg 1, 97346 Iphofen, Germany"
],
"locality": "Iphofen"
},
"radiusMiles": 6.892640659556388e-05,
"latLng": {
"latitude": 49.7102381,
"longitude": 10.254041
}
}
},
"externalId": "9a1ebd16-886c-40ac-ae0a-d5a4e288f867",
"websiteUri": "http://www.pompadour.info",
"hiringAgency": true
}
],
"metadata": {
"requestId": "5780a724-ca05-4f56-8a88-d74fdc04a24e:APAb7IS/J4Hs1KThU2G0nCZk5fOdBT3sJw=="
}
}
All hints are welcome.
Wow!
This don't quite smell like Artificial Intelligence...
My one and only job had the Title "IT-Berater".
Searching for "IT-Berater" returned an empty result set.
However, searching for "Berater" returned the job...
The results are equal no matter if I used the Node.js API ore the original Google HTTP-API...
I am using spring boot with jersey implementation in that we are logging every request and response. Now it is logging everything but I need to mask the password in the request. in the configuration file, we are using this
register(new LoggingFeature(java.util.logging.Logger.getLogger(LoggingFeature.DEFAULT_LOGGER_NAME),
Level.INFO, LoggingFeature.Verbosity.PAYLOAD_ANY, 10000));**
I cannot able to mask the specific field from the POST request. Please help
SAMPLE LOGS:
2 > POST http://localhost:9092/sampleapi/login
2 > accept: */*
2 > accept-encoding: gzip, deflate, br
2 > connection: keep-alive
2 > content-length: 69
2 > content-type: application/json
2 > host: localhost:9092
2 > postman-token: 24c72655-6f97-4e19-9503-6f013c859e5f
2 > user-agent: PostmanRuntime/7.26.8
{
"userId": "1111",
"password": "TEST#1",
"yob": "1997"
}
In this, I need to mask the password field alone
I am deploying a Next.js app using serverless component (serverless-next.js, not the plugin). After deploying, my API routes run smoothly, but some (not all) pages and all content in /public folder are not accessible.
On the web, requests to those resources end with a 503:
content-length: 1019
content-type: text/html
date: Tue, 27 Oct 2020 19:55:05 GMT
server: CloudFront
status: 503
via: 1.1 79ba346413d83ce62db11c8d0b05c22d.cloudfront.net (CloudFront)
x-amz-cf-id: RalFtcB6W4pm1_eTgzr0Y9LWCR-uwfqgW2alSgX_X72YVlUxlEkrKw==
x-amz-cf-pop: PRG50-C1
x-cache: LambdaExecutionError from cloudfront
I tracked down the error to Default Lambda#Edge for Next CloudFront distribution where I can see a record for every call in CloudWatch logs:
{
"errorType": "AccessDenied",
"errorMessage": "Access Denied",
"Code": "AccessDenied",
"RequestId": "75B8CCC0B1F960A7",
"HostId": "92cygvWjn3xLwT0PChJPc56ExzUFBDFTHyjLXQ/BWbT7pCVMb3I2ww15+Gzs2fSuXjHEPSfUIdg=",
"name": "AccessDenied",
"$fault": "client",
"$metadata": {
"httpStatusCode": 403,
"httpHeaders": {
"x-amz-request-id": "75B8CCC0B1F960A7",
"x-amz-id-2": "92cygvWjn3xLwT0PChJPc56ExzUFBDFTHyjLXQ/BWbT7pCVMb3I2ww15+Gzs2fSuXjHEPSfUIdg=",
"content-type": "application/xml",
"transfer-encoding": "chunked",
"date": "Tue, 27 Oct 2020 19:54:59 GMT",
"server": "AmazonS3"
},
"attempts": 1,
"totalRetryDelay": 0
},
"stack": [
"AccessDenied: Access Denied",
" at deserializeAws_restXmlGetObjectCommandError (/var/task/index.js:14166:41)",
" at processTicksAndRejections (internal/process/task_queues.js:97:5)"
]
}
I checked the origin S3 bucket and all resources are there. I tried to remove complete deployment and do a clean deploy to no avail. As I understand the problem lies in S3 permissions, I granted the policy under which the lambda is invoked full access to S3 but the problem persists.
Any help how to debug this further appreciated.
I am attempting to use the Google JSON API - taskqueue/v1beta2
https://developers.google.com/apis-explorer/#p/taskqueue/v1beta2/taskqueue.tasks.list
I am not able to successfully authenticate for this service using the API explorer. I can use other JSON APIs like the storage API under the same project & account. When I go the the APIs tab in the developer console there is nothing listed for "TaskQueue" or "TaskQueue JSON API".
Edit: The oauth flow seems to work correctly, with scopes:
https://www.googleapis.com/auth/taskqueue
https://www.googleapis.com/auth/taskqueue.consumer
No matter what I do I get a 403 Forbidden response. How can I authorize my account to use the TaskQueue API? Here is my response from the API explorer:
403 Forbidden
cache-control: private, max-age=0
content-encoding: gzip
content-length: 146
content-type: application/json; charset=UTF-8
date: Mon, 19 Jan 2015 17:20:50 GMT
expires: Mon, 19 Jan 2015 17:20:50 GMT
server: GSE
vary: Origin, X-Origin
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "you are not allowed to make this api call"
}
],
"code": 403,
"message": "you are not allowed to make this api call"
}
}
The REST API only works for pull queues, and you need to also specify the email address of the user you are authorizing as in your queue.yaml. From the docs:
queue:
- name: pull-queue
mode: pull
acl:
- user_email: bar#foo.com # can list, get, lease, delete, and update tasks
- writer_email: user#gmail.com # can insert tasks
- writer_email: bar#foo.com # can insert tasks, in addition to rights granted by being a user_email above
Defining pull queues
https://cloud.google.com/appengine/docs/python/config/queue#Python_Defining_pull_queues
I've spent the past couple of days trying to access Google's Directory API in Ruby but haven't been able to get it working. According to this document the Directory API can be authorized using 2lo:
If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane.
I currently have working code that can access the Provisioning API using 2lo. From the documentation it sounds that I can use this same code to access the Directory API by just adding an API access key parameter to the request and enabling a few permissions. However, it's not working and I have no idea why.
Here is the request code:
def self.get_user2(email)
#client = Google::APIClient.new(:authorization => :two_legged_oauth_1)
#client.authorization.client_credential_key = GOOGLE_APP_KEY
#client.authorization.client_credential_secret = GOOGLE_APP_SECRET
#directory = #client.discovered_api('admin', 'directory_v1')
result = #client.execute(
#directory.users.get,
'userKey' => email,
:key => GOOGLE_API_KEY
)
JSON.parse(result.body)
end
This gets me the response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
I've added the required scope to my manifest file,
<Scope id="usersAPI">
<Url>https://www.googleapis.com/auth/admin.directory.user.readonly</Url>
<Reason>See all users in your company.</Reason>
</Scope>
and also enabled the Admin SDK for my project in the API console.
Here is the log output after adding Faraday.default_connection.response :logger to my development.rb file:
get https://www.googleapis.com/admin/directory/v1/users/brian#crushing.mygbiz.com?key=AIzaSyAHYBWlC_qiihRtTKTZleZlAw2ts8Q1WO8
User-Agent: "google-api-ruby-client/0.6.4 Mac OS X/10.8.4"
Authorization: "OAuth oauth_consumer_key=\"76548528623.apps.googleusercontent.com\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1375899810\", oauth_nonce=\"de4d976eed6883a06b3f6084e3dd0db4\", oauth_version=\"1.0\", oauth_signature=\"3D7aqhBeaCYOYyaF8bWpaM9MA8U%3D\""
Cache-Control: "no-store"
Content-Type: "application/x-www-form-urlencoded"
401
www-authenticate: "AuthSub realm=\"https://www.google.com/accounts/AuthSubRequest\""
content-type: "application/json; charset=UTF-8"
date: "Wed, 07 Aug 2013 18:23:30 GMT"
expires: "Wed, 07 Aug 2013 18:23:30 GMT"
cache-control: "private, max-age=0"
x-content-type-options: "nosniff"
x-frame-options: "SAMEORIGIN"
x-xss-protection: "1; mode=block"
server: "GSE"
connection: "close"
After searching the internet for the past day I am out of ideas for why this isn't working. Ideas anyone?
It turns out I was missing the 'xoauth_requestor_id' field. Thanks to sqrrrl for answering my question on github