We have a Rest API and for each API call we are logging user id, input, response etc for tracing purpose.
When we check the logs, for two requests sent by the same user, trace id and transaction id are same.
Why the transaction and trace id generated for each request is not unique??
Related
Use case
I have three microservice A & B. A is external service exposed to user and B is internal service, called from service A
User --> A --> B
User is initiating the request from browser and passing the Bearer token to A ( Already logged into using some method and retrieved the token)
A --> B call is secured using API account ( client credentials). So service B get the client Id of A
But we also need who initiated the request ( User)
Is there any out of box microservice pattern or technique supporting this use cases.
As a workaround I have used the request interceptor, before passing the request to B, A is adding additional headers.
I am trying to implement a server client to authenticate to the Etsy API OAuth2 to get and manage store details.
Authentication works, but I am having issues with the user info endpoint call.
In the Etsy API the only 'appropriate' end point is getUser.
Two issues:
The getUser expects the Etsy UserId /v3/application/users/{user_id}, all the examples I have seen have a static uri. Is it possible to dynamically provide this?
The Esty getUser expects a GET request and as far as I can tell the default user info call is a POST. Can be configured?
Questions:
Does this require a custom ClientRegistration class to adapt the user info endpoint request to work with the Etsy API endpoint?
If so, is there an example starting point for implementing this functionality?
Details:
API documentation, Authentication:
https://developers.etsy.com/documentation/reference#section/Authentication
Note: The {user_id} is prefixed to the access_token in the authentication response. The response in theory should be parsed and the {user_id} used in the uri for user info request.
API documentation, getUser:
https://developers.etsy.com/documentation/reference#operation/getUser
Properties:
spring.security.oauth2.client.registration.etsy.client-id=REDACTED
spring.security.oauth2.client.registration.etsy.client-secret=REDACTED
spring.security.oauth2.client.registration.etsy.client-authentication-method=none
spring.security.oauth2.client.registration.etsy.provider=etsy
spring.security.oauth2.client.registration.etsy.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.etsy.redirect-uri={baseUrl}/{action}/oauth2/code/{registrationId}
spring.security.oauth2.client.registration.etsy.scope=transactions_r
spring.security.oauth2.client.provider.etsy.user-info-authentication-method=form
spring.security.oauth2.client.provider.etsy.user-name-attribute=user_id
# Hard coded the user id, XXXXXXX, to prove the end point is reached, but the POST request fails (Etsy endpoint expects a GET)
spring.security.oauth2.client.provider.etsy.user-info-uri=https://openapi.etsy.com/v3/application/users/XXXXXXX
spring.security.oauth2.client.provider.etsy.token-uri=https://openapi.etsy.com/v3/public/oauth/token
spring.security.oauth2.client.provider.etsy.authorization-uri=https://www.etsy.com/oauth/connect
I'm integrating card payments into a web portal using SagePay UK's Server protocol.
I'd like to know when the transaction has been settled with the bank, so that update the status in the backend. I've looked in MySagePay on the test environment and all our transactions say "Settlement Info: This transaction has not been settled."
Is there a way I can access this settlement info through the Reporting and Admin API? Perhaps one of the fields on either getTransactionDetail or getBatchDetail contain this information - but I can't tell from reading the documentation.
You won't be able to test settlement on the test server - it is a dummy system, hence the settlement processes required to populate the batchid aren't run.
In the live situation, you have two options:
You can use getBatchList to determine which batches of transactions have been sent for settlement (and reported back as settled), then use getBatchDetail to determine which transactions were settled in that batch.
Or you can use getTransactionDetail to establish if there is a batchid for the specific transaction you wish to check.
The getTransactionDetail endpoint returns a lot of transaction data, including the status, on the basis of the transaction-code.
You can use this NuGet package to call, for example, the getTransactionDetail endpoint:
https://www.nuget.org/packages/Joe.Opayo.Admin.Api.Client/1.1.0
The client app allows code like this:
var client = new OpayoAdminApiClient();
var isTest = true;
var request = new OpayoApiRequest(ApiCommandType.GetTransactionDetail, "password", isTest, "user-name", "vendor-name");
var commandSpecificXml = "<vendortxcode>01Jan2010Transaction12345</vendortxcode>";
return await client.ProcessApiCommandAsync<TransactionDetail>(request, commandSpecificXml);
I am trying to create a chat app using spring websocket and stomp.
I am using Spring 4.1.1,Stomp.js, ActiveMQ 5.9
In this user can send message to each of his/her friends, who are also logged in, by logging into the app.
For sending message to particular user I take following steps:
1) User logs in
2) User subscribes to "/user/queue/messaging" destination.
This will be used to send private messages of users to each other.
3) when user wants to send a message he sends it to destination :
/user/{user_id}/queue/messaging where user_id is recipients user id.
I am trying to send this from client using STOMP.js send method.
4) Expected behaviour : now if recipient is logged in and his session id, for example, is DFT0GH then the message in step e should be delivered to Queue destination with name messaging-userDFT0GH. Instead of this it is delivered to the same user's queue destination who sent it.
Please find my example scenario :
1) User John logs in .
He subscribes to /user/queue/messaging
His user id is john
His session id is ABCD01
Queue is created with name on activemq broker as
messaging- userABCD01
2) User Alice logs in .
She subscribes to /user/queue/messaging
His user id is alice
Her session id is XYZ01
Queue is created with name on activemq broker as messaging- userXYZ01
3) user John sends a message through STOMP.js send method to Alice
using destination as "/user/alice/queue/messaging"
4) now instead of delivering the message to queue
messaging- UserXYZ01 it gets delivered to John's queue destination i.e
messaging- userABCD01. Why is it so?
When i debugged this , I found following line in method
private DestinationInfo parseUserDestination(Message message) of DefaultUserDestinationResolver class :
if (SimpMessageType.MESSAGE.equals(messageType)) {
........
sessionIds = (sessionId != null ?
Collections.singleton(sessionId) : this.userSessionRegistry.getSessionIds(user));
}
In this sessionId is logged in user's (Principal) session id which is not null as user is logged in and so his sessionIds is returned and message is delivered to his queue even if intended recipient user is different.
When i check usersessionregistry's sessionIds collection I find an entry [alice]:XYZ01.
Shouldn't above line return session id if the user instead of logged in user's session to identify destination queue.?
Sorry I am trying this for the first time. So Please let me know if I miss anything here and of there is
1) any way to satisfy my use case
2) or my use case itself is invalid.
Thanks in advance.
Just so this question stays out of the unanswered list - this is indeed a bug and you raised it as SPR-12444.
This will be fixed in Spring Framework 4.1.3.
As a side note, I'd like to point out that if you're deploying your application with multiple instances, session registries are not shared between instances by default - so this will cause issues when sending a message from a alice (with a session to server #1) to bob (session to server #2).
We have implemented a RESTful API using RestEasy. Now we are planning to build our own OAuth implementation and will integrate it with our Rest API.
I do not fully understand how OAuth handles authorization of every request to the API. My understanding is as follows:
User is authenticated by the OAuth server before any REST API calls are made.
Every REST API call will contain a token. The REST API server validates this token with the OAuth server. If the token is valid then the server will return a response.
This should have an impact on performance as we are validating the token for each and every API request with the second server. Is this understanding correct?
This will depend on how you will define your REST API. Basically OAUTH call has following components.
User: Who makes a request.
Provider: Who holds user information and provide apis to access them.
Consumer: Who asks the user to authorize the consumer to make request to the apis.
The basic workflow is as follows,
User tries to access restricted resource from Consumer.
Consumer asks user to share some information about him.(scope)
User selects his identity provider.
Consumer should be known to the Provider.(Usually consumer register itself as an application/website in provider's portal)
Consumer redirects to the provider with his consumer_key and scopes.
User authorize the application and grants access to some of his resource.
Provider creates a token and redirects back to consumer.
Consumer exchanges this token and its identity to get a access_token for user.
Consumer uses the access_token to make authorize request to provider and asks few information about user.
Provider sends those information to consumer.
Consumer verifies the information and user is logged into the system.
Now each token is generated against the scope and will be valid for some days. Token validation will be part of response from Provider.
In your system, you can store user data against token, so that we need not request Provider to send those information. But if you dont want to store user information certainly there will be additional calls.