I already got access_token and want to access Google API with the following code:
$client = \Config\Services::curlrequest();
$userAPI = "https://www.googleapis.com/oauth2/v2/userinfo";
$response = $client->request("GET", $userAPI, [
"version" => 1.1,
"http_errors" => false,
"header" => [
"Authorization" => "Bearer " . $body->access_token],
"debug" => true
]
);
but I got 400 bad requests. The log on PHP spark didn't say anything about authorization.
GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Accept: */*
Content-Length: 300
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 300 out of 300 bytes
* old SSL session ID is stale, removing
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Content-Length: 1555
< Date: Sat, 06 Feb 2021 05:48:10 GMT
<
* Closing connection 0
Did I miss something?
edit:
Typo on "header", it must be "headers". It successfully sends authorization bearer but the status code still 400 bad request.
New log:
> GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Accept: */*
Content-Length: 300
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer ya29.a0AfH***********************
* upload completely sent off: 300 out of 300 bytes
* old SSL session ID is stale, removing
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< Content-Type: text/html; charset=UTF-8
< Referrer-Policy: no-referrer
< Content-Length: 1555
< Date: Sat, 06 Feb 2021 06:49:54 GMT
<
* Closing connection 0
Related
Am getting 401 Response code while running my Jmeter script. Here is the sample result, request headers, response body, response headers.
Sample Result:
Thread Name:Thread Group 1-1
Sample Start:2022-05-04 20:13:44 IST
Load time:226
Connect Time:0
Latency:226
Size in bytes:591
Sent bytes:876
Headers size in bytes:417
Body size in bytes:174
Sample Count:1
Error Count:1
Data type ("text"|"bin"|""):text
Response code:401
Response message:
Request Headers:
Connection: keep-alive
Authorization: Bearer 0rPuk9bYwyE=ZXlKaGJHY2lPaUpJVXpVeE1pSjkuZXlKemRXSWlPaUpPWVhabFpXNTJaV3h3ZFhKcFFHZHZZWFZrYVhSekxtTnZiU0lzSW1saGRDSTZNVFkxTVRZMk9EZzBNQ3dpWlhod0lqb3hOalV4TnpZNE9EUXdMQ0pxZEdraU9pSmxOREF4WlRZNU1pMWxPVFJtTFRRd01XWXRPR0psTlMwMU1tRXdaR1ptTkdSaFpUVWlMQ0pwYzNNaU9pSXpOamN3TURjMVppMWpZemhpTFRRd1lURXRZakEwT1MxbE4yVXhZMlkxWW1GaFpXVWlmUS5KQjdBOUdyS1I0bWE3N1VieXcySm5xZ3RuQjJJdHR6WVVJWTBZcU13Z1Ztb3AxeXpsNkpzRHF2NDlpVHAwTHhDN1JqNXRPT1dWSnFUeWs5bW5BZTkxUQ==
Referer: http://18.133.204.151/
Accept-Language: en-US,en;q=0.5
Origin: http://18.133.204.151
Content-Type: application/json
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: application/json
Content-Length: 2
Host: 18.133.204.151:8080
Response Body:
{"timestamp":"2022-05-04T14:43:44.476+0000","status":401,"error":"Unauthorized","message":"Error -> Unauthorized","path":"/webapp/api/audits/schedule/status/list"}
Response Headers:
HTTP/1.1 401
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Transfer-Encoding: chunked
Date: Wed, 04 May 2022 14:43:44 GMT
Can someone please help me in resolving the issue. I tried in many ways and nothing helping me in resolving this.
Thanks in advance.
As per 401 Unauthorized status code description:
401 Unauthorized
The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.
If this Bearer token is recorded you won't be able to replay the request successfully because the token needs to be correlated. Check out Using Regular Expressions to Extract Tokens and Session IDs to Variables article for example solution (you might need to amend it to your application specifics)
Lets suppose I have a Spring Boot application:
dependencies {
implementation("org.springframework.boot:spring-boot-starter-webflux:2.4.0")
}
with a simple RestController:
#RestController
class TestController {
#PostMapping("/test")
suspend fun test(#RequestBody request: Map<String, String>) {
throw RuntimeException("test")
}
}
When I use httpie client to make requests, then the result looks like:
➜ ~ http post :8080/test param=value --verbose
POST /test HTTP/1.1
Accept: application/json, */*;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 18
Content-Type: application/json
Host: localhost:8080
User-Agent: HTTPie/2.3.0
{
"param": "value"
}
HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Length: 309
Content-Type: text/html;charset=UTF-8
Expires: 0
Pragma: no-cache
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1 ; mode=block
<html><body><h1>Whitelabel Error Page</h1><p>This application has no configured error view, so you are seeing this as a fallback.</p><div id='created'>Wed Dec 09 22:24:52 MSK 2020</div><div>[906bb33e-5] There was an unexpected error (type=Internal Server Error, status=500).</div><div>test</div></body></html>
When I use cURL:
➜ ~ curl -XPOST localhost:8080/test -d '{"param": "value"}' -H "Content-type: application/json" -v
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> POST /test HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
> Content-type: application/json
> Content-Length: 18
>
* upload completely sent off: 18 out of 18 bytes
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json
< Content-Length: 170
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1 ; mode=block
< Referrer-Policy: no-referrer
<
* Connection #0 to host localhost left intact
{"timestamp":1607541989698,"path":"/test","status":500,"error":"Internal Server Error","message":"test","requestId":"7f249f68-9","exception":"java.lang.RuntimeException"}* Closing connection 0
The difference in header Accept. Httpie uses Accept: application/json, */*;q=0.5 header with relative quality factor 0.5 and, despite the fact that I requested JSON if possible (and it's possible), the application returns HTML representation.
Is it how Spring Boot should work and I do something wrong?
UPD: Everything works fine with Tomcat (spring-boot-starter-web). After some debugging I found that, when Tomcat used, errors are handled by org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController and for Netty it is org.springframework.boot.autoconfigure.web.reactive.error.DefaultErrorWebExceptionHandler. It looks like the source of misbehavior is here: when MediaType.ALL is removed from acceptedMediaTypes .
I recorded my project website workflow on Jmeter. But On rerunning the recorded samples, all the samples having POST request are failing. I am unable to figure out why the same samples which were passing during recording, are failing on re-run.
Below is request of one of the samples which is failing:
Recorded sample request which passed:
POST https://example.com/live/v1/dashboards/promo_pa/ds/promo_program_dimensions
POST data:
{"query":"promo_program_dimensions.filterby(program_master_id = 'GOGGLE').filterby(dimension_name = 'channel').groupby(dimension_value).aggregate(count(dimension_value) as count).orderby(dimension_value+)"}
[no cookies]
Request Headers:
Connection: keep-alive
Referer: https://example.com/live/v1/dashboards/promo_pa/
Accept-Language: en-US,en;q=0.5
DNT: 1
Accept: */*
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Content-Length: 216
Host: example.com
Sampler Result:
Thread Name:
Sample Start: 2018-02-22 17:32:44 IST
Load time: 93
Connect Time: 58
Latency: 93
Size in bytes: 647
Sent bytes:1095
Headers size in bytes: 645
Body size in bytes: 2
Sample Count: 1
Error Count: 0
Data type ("text"|"bin"|""): text
Response code: 200
Response message: OK
Response headers:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 22 Feb 2018 12:02:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, public, max-age=0
Set-Cookie: live=.eJxNj11vgjAYhf_K0muzMLJdSOIFC6yBQJmuiO1Nw0cdtB0zUEAw_nfRZcbLN2_Oc85zAoGNHA9B9mlDF1gn8JQBCwTm8VD8xH0h3J7CjymFfk92vszHZZklxzpdr1bgvABBBKHrMA-x-MvdzEFVZbzRI1gAtm94WwJLNx2fr6q4wymWr9RRiuJ8iJJtRRLyQsytouJdULwREUQKJfGAkvBWkrfNnulfyes7IhTxQCGqiLkeIqeQaAqn0EElxa5B8feEoK-IkFesDLFnUMd-C4e_zVXBa13p8TntdMn0eODAqjulHj4PY8lua6RwOV6TXcubm8is2XP273q-AI7Dam4.DXBC5A.CJMLbN0B4HC4U8703ZQS50K00lk; HttpOnly; Path=/live
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Request of the same sample which is failing on re-run:
POST https://example.com/live/v1/dashboards/promo_pa/ds/promo_program_dimensions
POST data:
{"query":"promo_program_dimensions.filterby(program_master_id = 'GOGGLE').filterby(dimension_name = 'channel').groupby(dimension_value).aggregate(count(dimension_value) as count).orderby(dimension_value+)"}
Cookie Data:
live=.eJxNj11vgjAYhf_K0muzuE4uJPHCBNZgaB0O1Pam4aOu5WsGCqMY__uYy4yXJ2_O857nAvw1cTyC-PsaucC-gKcE2MCHwzmroj7L3Z6htzFGm54eN0VqljI5DHUcrFbgOgP-FiHX4R7h0Ye7m4qlSkSjDZgBfmpEK4Gtm05MSWV3OK5YgR3XohXJcR4tyCgVzvdTSi0WUoshOt86HiRhcHuSts2J669C1HcEgdhgJ10wx3shI4a02uUYRiMNpSIwGFguCxyuzYR6ZaEs8SH4xp9_m1Umaq20eY47Lbk2ZwHsuivLh8vDWHrcz2O0NL_NrhXNTWTS7AX_d73-AAjCaeE.DXBNjA.Fy0Fs7zpVKg-f1qSbAljATOn64E
Request Headers:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 216
Host: example.com
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_161)
Sampler Result:
Thread Name: Liberty 1-1
Sample Start: 2018-02-22 18:24:46 IST
Load time: 26
Connect Time: 0
Latency: 26
Size in bytes: 709
Sent bytes:868
Headers size in bytes: 652
Body size in bytes: 57
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 400
Response message: BAD REQUEST
Response headers:
HTTP/1.1 400 BAD REQUEST
Server: nginx
Date: Thu, 22 Feb 2018 12:54:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 57
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate, public, max-age=0
Set-Cookie: live=.eJxNj1tvgjAAhf_K0mezGAcPkvjg0q7B0DKciO1Lw6WGcpuBwizG_z50mfHx5ORcvgvw1hS6FIvPNUbAuYCXBDjAW5xPWR0OWYEGjj_GGG8GdtiUqVnmSXRu4mC1AtcZ8HyMERQuFeEX2k7BSiWy1QbMgDi2ssuBo9teTkplj3JS85JAZLOaFqQILTrmihT7SaU23zGbYzb3obugu-A-knbtUejvUjaPCh9Wio7vFY22ikBm0SKrCeSlDwOL79I3OpajjwOLRTRnUWh4jSz28_dZZbLRSpvXuNe50OYkgdP0VfXkPJ1lh_08xktzS_adbO8gE-YgxT_r9Rcq0WoP.DXBPFg.4Rll1tgU0GdWHWyE73uLkKM8z9c; HttpOnly; Path=/live
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Response Data:
{"error": "Failed to authenticate user for data access."}
I have a login sample before this which passed successfully, So user has logged-in successfully before this sample.
I have used
HTTP Cache Manager, HTTP Cookie Manager and HTTP Header Manager. HTTP Cookie Manager will manage the session automatically. Still i am getting authentication error.
i have used the default settings for the sample i.e. "Redirect Automatically" and "Use KeepAlive". I am using JMeter 3.3
Appreciate any pointers.
In the "successful" request you have the following HTTP Headers:
X-Requested-With: XMLHttpRequest
Content-Type: application/json
In the "failing" one you have:
Content-Type: application/x-www-form-urlencoded
So my expectation is that you need to add HTTP Header Manager as a child of the "failing" request and configure it to send Content-Type header with the value of application/json
I'm integrating with applozic for a client, and I need to send messages with attachments to users. I'm following the steps here: https://docs.applozic.com/docs/1-1-user-chat-and-group-chat-api#section-send-message-with-attachment on how to do this.
I'm having trouble with step 2:
Step 2. Call Url With multipart :
Call API with your file object attached to files[] array:
the requests I send are rejected with a 405 error, for example....
Request:
POST /_ah/upload/AMmfu6ZQrGP3Szfk1GuQAb_2a3J7PPWhQoiRbTnEjLp2MIzpuoeHrYryXhlzI6NW9JikjpJbT-HEtHAIk3og-Gl5EesCzBASipgtq1Hvh-PN90sjvasjRBvtO5XIFWi08gGfqTYUNT0C/ALBNUaYAAAAAWocIx4JPtA2a7LU00w1_pRui2Q3NjLR5/
application-key: XXXX
authorization: Basic XXXXX
cache-control: no-cache
accept: */*
host: applozic.appspot.com
accept-encoding: gzip, deflate
content-type: multipart/form-data; boundary=--------------------------523557777486909202804628
content-length: 286288
--------------------------523557777486909202804628
Content-Disposition: form-data; name="file"; filename="attachment.pptx"
Content-Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
....file data....
Response:
HTTP/1.1 405
status: 405
x-guploader-uploadid: AEnB2UpLhLC9VKz0ysfP-WcNTgGCFc_67dVEp_-ANZsLTvWfEOFgyMWKKvpehGa3I6E9Q_s8S7LQAcYFlTt-J8LwVqRosha6lNros6eECUP5JdJ_RsZMW9g
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, DELETE
access-control-max-age: 3600
access-control-allow-headers: UserId-Enabled, Authorization, Application-Key, Source, Content-Type
allow: GET
x-cloud-trace-context: 728352eed99001ff946db65f68daf518;o=1
x-appengine-estimated-cpm-us-dollars: $0.000026
x-appengine-resource-usage: ms=93 cpu_ms=605
date: Fri, 16 Feb 2018 16:29:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Could someone tell me what i'm missing here? It's responding with allow: GET which doesn't make sense, am I failing auth somehow?
Is there any more documentation available on this feature?
Step 1. Get Url to Upload File
Call API:
https://applozic.appspot.com/rest/ws/aws/file/url?data=1478763491992
where data= currentTime in long
API Response String:
https://applozic.appspot.com/_ah/upload/AMmfu6YAZpXFUYvC7wqIcW7msh8-YF1d7Tsh1UOTSCzpx2vinrcLQRtVfWbFHHXLFunUqsSLe1dYsDbsJxIO28cNcGrECf7LfFaNSycct-Sybd9KAZWk0yk7HybzxbBp4YQEDmMLi4Uf/ALBNUaYAAAAAWovz3TcYX24yam5K3embIkgQ6Q1pGIRf/
Step 2. Call Url With multipart :
Call API with your file object attached to files[] array(Parameter:files[]):
https://applozic.appspot.com/_ah/upload/AMmfu6YAZpXFUYvC7wqIcW7msh8-YF1d7Tsh1UOTSCzpx2vinrcLQRtVfWbFHHXLFunUqsSLe1dYsDbsJxIO28cNcGrECf7LfFaNSycct-Sybd9KAZWk0yk7HybzxbBp4YQEDmMLi4Uf/ALBNUaYAAAAAWovz3TcYX24yam5K3embIkgQ6Q1pGIRf/
filetMeta json Response:
{"fileMeta":{"blobKey":"AMIfv96n1wlMLpa3R_1i4nbFc4L1RLG81W5RovnPqMhVspzzJv5WBbnYgI4uwZkNjvzszNqsWwEQU6mrYoYsaoa2Vhi45p3P7bvQhAO1ciEL1K1yZJ2HB-goYPULYumC7LA8h33p_Ry
JBewFK8FogMDPR4_4zjClIg","contentType":"image/png","createdAtTime":"1478763491698","name":"applozic.png","size":"8694","thumbnailUrl":"https://lh3.googleusercontent
.com/EfnmKkzLtwBgYQq9UWc26oVqSZUiGukhXQgq7ns9a3G53ZAveFOszamvsqD-tbOfuirqERBO0QR60xFgYiGr=s120"}}
Try this request :
Post request
Url:-
https://applozic.appspot.com/_ah/upload/AMmfu6ZB1z1BBDQMh_ztllvkde5mest9aFeqDHoSmCLzGH3vEtqQLKKOZG820ONgNCOc3BatKJL-59Tppm76zvyfw773R4lEa7m3gaM4cdKGbDU5oy8R_9zt_PT12j8xYSK2oh3rO3xa/ALBNUaYAAAAAWoq31zwU986GLyomPgxjoJb6qHuf4iIx/
Param:files[]
Similar to this question I am sending the following POST to the server:
content-type: application/x-www-form-urlencoded
authorization: Basic dGVzdGp3dGNsaWVudGlkOlhZN2ttem9OemwxMDA=
accept: */*
With the payload:
{"username"="test", "password": "pw", "email": "test#example.com"}
However, I'm still getting
{
"error": "invalid_request",
"error_description": "Missing grant type"
}
as response from the server. Any idea why this is not working?
Note that the request is working if I use curl:
$ curl testjwtclientid:XY7kmzoNzl100#localhost:8080/oauth/token -d grant_type=password -d username=john.doe -d password=pw -v
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
* Server auth using Basic with user 'testjwtclientid'
> POST /oauth/token HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dGVzdGp3dGNsaWVudGlkOlhZN2ttem9OemwxMDA=
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Length: 49
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 49 out of 49 bytes
< HTTP/1.1 200
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 02 Nov 2017 19:21:29 GMT
<
* Connection #0 to host localhost left intact
{"access_token":"<an-ugly-long-token>","token_type":"bearer","expires_in":43199,"scope":"read write","jti":"80e2b6af-d999-4fb6-a4cd-5e6ab9c3fcaa"}
Your payload should be something like grant_type=password&username=john.doe&password=pw, whereas you are passing it as JSON. You can check Spring security OAuth2 accept JSON for JSON payload