I'm following Spotify's client credentials authorization flow, but all of my curl requests are returning {"error":"invalid_client"} each time. Here are the instructions from Spotify:
The request will include parameters in the request body:
grant_type - Set to “client_credentials”.
The header of this POST request must contain the following parameter:
Authorization - A Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic <base64 encoded client_id:client_secret>
They also include an example of a curl request:
$ curl -H "Authorization: Basic ZjM4ZjAw...WY0MzE=" -d grant_type=client_credentials https://accounts.spotify.com/api/token
Following their example, so far I've tried curl requests with:
client_id and client_secret plain
both base64 encoded seperately
only one or the other encoded
both encoded as one string with the colon
both encoded as one string without the colon
each of the above with a regenerated client secret
I'm using Ruby's Base64#encode64 method to encode. Still no luck. Any helpful hints?
Okay, I got it working - passing my client_id and client_secret, separated by a colon, to Base64.strict_encode64 (NOT Base64.encode64) and then passing that to the above curl request gets a 200 response with an access token. Apparently encode64 was not enough.
I ran into this error when I ran the curl command in my terminal.
-bash: unexpected EOF while looking for matching `"'
Solved by using single quotes instead of double quotes.
Related
I'm writing a bash script to interface with my ecobee (query info and change settings). I have the authorization all worked out (access token and refresh token) and am now trying to request info from the ecobee. This json parameter list is dynamically created. None of the curl examples in the Developers API Doc seem to work.
I've tried assigning the json to a variable (?json="$selection") and to a file (?json=#"$location"). My latest attempt (hard coding the json and escaping the braces) of the curl is as follows:
response=$(curl -s "https://api.ecobee.com/1/thermostat?json=\{"selection":\{"selectionType":"registered","selectionMatch":null,"includeRuntime":true,"includeSettings":true/}/}" -H "Content-Type: application/json;charset=UTF-8" -H "Authorization: Bearer $access_token")
and I received a null response declare -- response=""
If I have curl read from a file:
{"selection":{"selectionType":"registered","selectionMatch":null,"includeRuntime":true,"includeSettings":true}}
then I receive:
response='{
"status": {
"code": 4,
"message": "Serialization error. Malformed json. Check your request and parameters are valid."
}
}'
Which I assuming it' an escape issue?
Can anyone offer any insight? Again, I thought this would be the easy part. I'm using jq to build my request json. Other alternatives to curl that can better deal with json? I'm limited to bash (which is what I know)
Thanks
To integrate (arbitrary) data into a URL (or URI in general) you need to prepare it using percent-encoding first.
As you have mentioned to use jq to compose that data, you could add #uri to your jq filter to perform the encoding, and use the --raw-output (or -r) option to then output it properly.
For example, jq -r '#uri' applied to your JSON
{
"selection": {
"selectionType": "registered",
"selectionMatch": null,
"includeRuntime": true,
"includeSettings": true
}
}
would output
%7B%22selection%22%3A%7B%22selectionType%22%3A%22registered%22%2C%22selectionMatch%22%3Anull%2C%22includeRuntime%22%3Atrue%2C%22includeSettings%22%3Atrue%7D%7D
which you can use within the query string ?json=….
I have a .pem file containing my private key that I need to pass as an authorization header.
I've tried just using the command $(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem) but I'm getting the response: <h1>Bad Message 400</h1><pre>reason: Illegal character LF=\n</pre>0
Can I not pass the contents of my .pem straight into the header?
CLUSTER=standalone
TENANT=sandbox
NAMESPACE=integration_test
AUTHORIZATION=$(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem)
# Create tenant
curl -L -X PUT "http://localhost:$HOST_PULSAR_PORT/admin/v2/tenants/$TENANT" \
--header "Authorization: Bearer $AUTHORIZATION" \
--header 'Content-Type: application/json' \
--data-raw "{\"allowedClusters\": [\"$CLUSTER\"]}"
The private key needs to be carefully secured. You should never have to pass it in an HTTP header.
For Pulsar you should be using the private key to generate a JWT token to use in the HTTP header. You can use the following command:
bin/pulsar tokens create --private-key file:///path/to/my-private.key \
--subject test-user
The subject of the token should match the authorization role on the Pulsar tenant or namespace. For more details, see https://pulsar.apache.org/docs/en/security-token-admin/
Private keys are never meant to be sent as a header in a web request. Perhaps the public key.
When you try to send this:
Authorization: Bearer $AUTHORIZATION
I suspect you should send a signed JWT token instead?
Also, you try to send a pem file, as application/json, that does not match either. A pem file is typically a multi-line data structure and that needs to be encoded to be able to be sent in a header.
I have a script that uses the Azure DevOps API to retrieve every work item in a query. Then it retrieves the metadata for each work item. It requires a PAT. Until today the PAT has worked. I believe it is expired. I created a new PAT, but every attempt to retrieve the same information is unauthorized (401).
The cURL command in my script that worked until now:
ado_token={username#company.com:PAT, all Base-64 encoded as one string}
curl -X GET -H "Authorization: Basic $ado_token" -H 'Cache-Control: no-cache' "https://dev.azure.com/{company}/{project}/_apis/wit/wiql/{query ID}?api-version=5.1"
Here are the facts:
Going to the URL directly in the browser succeeds.
The new token is in the same project as the URL.
The new token has full access.
Microsoft documentation on ADO PATs provides this example:
curl -u username[:{personalaccesstoken}] https://dev.azure.com/{organization}/_apis/build-release/builds
However, when my username and PAT are entered with a URL I know to be correct, it is unauthorized.
Both in the format of the Microsoft example and the URL I would like to use in my script, these are all unauthorized in all iterations of Bearer and Basic. The URL used works in the browser:
{username}:{PAT}
{username}#{company}.com:{PAT}
Base-64 encoded {PAT}
Base-64 encoded {username}#{company}.com:{PAT}
Base-64 encoded pat:{PAT}
Base-64 encoded {username}:{PAT}
Base-64 encoded {username}#{company}.com:{PAT}
I have tried both in the command line and Postman but no added information was provided.
Am I missing something obvious? The most confusing aspect of this is that the previous PAT worked in this same code. Thank you for any help.
Try the command below:
curl -u :{PAT} 'https://dev.azure.com/{company}/{project}/_apis/wit/wiql/{query ID}?api-version=5.1'
In the -u parameter the Username field must be blank and the PAT is the original string.
Thus the command would be in the following format:
curl -u :lplnqn4l4glwqkslsfel7t2wjevfi5tayuiwm772qeawbwo3ztua 'https://dev.azure.com/acme/projetx/_apis/wit/wiql/6cbbddb4-f752-453b-9f98-f523470826fe?api-version=5.1'
Postman
using Authorization without username: Choose Basic Auth. and enter the PAT as password.
using Headers: Use key as Authorization and value as Basic {Base-64 encoded pat{:PAT}}. Note that {:PAT} needs to be base64 encoded
Curl
using basic authentication without username: curl -u :{PAT} https://dev.azure.com/{org}/_apis/projects
using headers: curl -H 'Authorization: Basic {Base-64 encoded pat{:PAT}}'
https://dev.azure.com/{org}/_apis/projects
I have a Soap web service to which I need to pass input as username and password to get the response. I am able to get the response from command line (Linux) if I hardcode the values with the below command.
curl --header "Content-Type: text/xml;charset=UTF-8" --header "SOAPAction:ACTION_YOU_WANT_TO_CALL" --data #FILE_NAME URL_OF_THE_SERVICE
(FILE_NAME is basically my web service with hardcoded values of username and password)
But I don't want to hardcode any values and wanted to pass them as a parameters. Is there any way I can get the response from web service from command line by passing parameters to the web service?
Write a wrapper script, which 'generates' the output file with the substituted variables.
I am trying to obtain an authorization code from a Spring OAuth 2.0 authorization server using simple CURL command.
curl -v --header "Authorization: Basic hasfhfashfakhsfakhf712641246" "http://0.0.0.0:0000/oauth-server/oauth2/authorize?response_type=code&client_id=dummyclient&client_secret=dummyclient&redirect_uri=http://oauth2server/oauth2callback/"
However, instead of getting back a redirect URL with the code, I am getting back a 302 redirect response to the login URL. Since I am already sending the username, password in the Authorization Header, is there a way to skip the login page redirect and get the Authorization Code directly?
you might need to tell curl to follow redirect with the -L flag
curl -L -v --header "Authorization: Basic hasfhfashfakhsfakhf712641246" "http://0.0.0.0:0000/oauth-server/oauth2/authorize?response_type=code&client_id=dummyclient&client_secret=dummyclient&redirect_uri=http://oauth2server/oauth2callback/"