Using the API documentation, we are trying to use this for authenticating:
Primary Authentication with Public Application:
http://developer.okta.com/docs/api/resources/authn.html#primary-authentication-with-public-application:
Authenticates a user with username/password credentials via a public application
Request Example
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"username": "dade.murphy#example.com",
"password": "correcthorsebatterystaple",
"relayState": "/myapp/some/deep/link/i/want/to/return/to",
"options": {
"multiOptionalFactorEnroll": false,
"warnBeforePasswordExpired": false
}
}'
Trying this in VB.Net, we get:
Dim request As WebRequest = WebRequest.Create("https://dev-XXX.oktapreview.com/api/v1/authn")
request.Credentials = New NetworkCredential(.UserName, .Password)
request.ContentType = "application/json"
request.Method = "POST"
Dim response As WebResponse = request.GetResponse()
When we get to the response, it gives an error of "The remote server returned an error: (400) Bad Request." and no more helpful info.
Obviously what we want to do is to do a WebRequest with the properly formatted parameters and return a WebResponse that we can interrogate for the Success Response:
{
"expiresAt": "2015-11-03T10:15:57.000Z",
"status": "SUCCESS",
"relayState": "/myapp/some/deep/link/i/want/to/return/to",
"sessionToken": "00Fpzf4en68pCXTsMjcX8JPMctzN2Wiw4LDOBL_9pe",
"_embedded": {
"user": {
"id": "00ub0oNGTSWTBKOLGLNR",
"passwordChanged": "2015-09-08T20:14:45.000Z",
"profile": {
"login": "dade.murphy#example.com",
"firstName": "Dade",
"lastName": "Murphy",
"locale": "en_US",
"timeZone": "America/Los_Angeles"
}
}
}
}
Thanks in advance!
You are setting credentials on the request instead of sending the JSON payload.
Check out this example:
http://dotnetpad.com/7ri4979f
Based off this question and answer.
Related
I am getting an invalid argument with the following API Call (following https://developers.google.com/nest/device-access/api/doorbell-battery#webrtc):
curl -X POST 'https://smartdevicemanagement.googleapis.com/v1/enterprises/projectID/devices/deviceID:executeCommand' -H 'Content-Type: application/json'
-H 'Authorization: AUTHTOKEN' --data-raw '{
"command" : "sdm.devices.commands.CameraLiveStream.GenerateWebRtcStream",
"params" : {
"offerSdp" : "a=recvonly"
}
}'
Response from server:
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT"
}
}
What is the invalid argument?
My impression is that is not a valid offer, and you need to use a web rtc client to create it. See webrtc.org for examples.
"offerSdp" : "a=recvonly" isn't a valid offer, but also you will get that INVALID_ARGUMENT error if you don't end your offer string with a \r\n character.
e.g. does getting the name look like this?
args := fmt.Sprintf("{\"tokenOwner\":\"%s\"}", "bob.near")
argsBase64 := base64.StdEncoding.EncodeToString([]byte(args))
param := map[string]string{
"request_type": "call_function",
"finality": "final",
"account_id": "ref-finance.near",
"method_name": "name",
"args_base64": argsBase64,
}
This is part of the metadata of each token. You can read the metadata standard at nomicon.io.
In particular you can query the metadata of an NEP-141 Fungible Token using the function ft_metadata as following:
❯ export NEAR_ENV=mainnet
❯ near view 76a6baa20598b6d203d3eae6cc87e326bcb60e43.factory.bridge.near ft_metadata "{}"
View call: 76a6baa20598b6d203d3eae6cc87e326bcb60e43.factory.bridge.near.ft_metadata({})
{
spec: 'ft-1.0.0',
name: 'Law Diamond Token',
symbol: 'nLDT',
icon: 'https://near.org/wp-content/themes/near-19/assets/img/brand-icon.png',
reference: '',
reference_hash: '',
decimals: 18
}
Update: Make this call directly from the RPC.
You can query the RPC directly as follows:
curl --location --request POST 'https://archival-rpc.mainnet.near.org/' \
--header 'Content-Type: application/json' \
--data-raw '{
"jsonrpc": "2.0",
"id": "dontcare",
"method": "query",
"params": {
"request_type": "call_function",
"finality": "final",
"account_id": "76a6baa20598b6d203d3eae6cc87e326bcb60e43.factory.bridge.near",
"method_name": "ft_metadata",
"args_base64": "e30="
}
}'
args_base64 field are the arguments serialised as base64. In this case it is an empty json:
base64("{}") = "e30="
The result is given as a sequence of bytes. In the case of ft_metadata it should be first decoded as a string and then decoded as json.
I have been experimenting with Content Negotiation as backend versioning for my SpringBoot/Kotlin application. I have the following:
#GetMapping("/user", produces = [MediaType.APPLICATION_JSON_VALUE])
fun getUsers() {
//some code here
}
I have found this project combining accept" header and a "Accept-Version" custom header. I wonder whether this is the correct way of implementing a content negotiation approach and if not how can I fix it?
#GetMapping("/user", produces = [MediaType.APPLICATION_JSON_VALUE], headers = ["Accept-Version=$CUSTOM_ACCEPT_HEADER"])
fun getUsers() {
//some code here
}
object VersioningUtility {
const val CUSTOM_ACCEPT_HEADER = "vnd.sample.com-v1+json"
//here more constants as each controller can be versioned independently
}
Thank you
Yes, you can implement API versioning using content negotiation by having a custom header and header value as you have specified. However, since that is not a standard header, there are other scenarios which you might have to handle by yourself, such as:
default representation when the header is not present
exception scenarios when invalid media type values are passed as part of the header.
In case you are working with only json responses, the JSON API standard for content negotiation is to send the Accept header with the value application/vnd.api+json. Since Accept is a standard request header, using that is preferred. In case you need to handle other types of responses, you can still go ahead with the custom header.
You can implement content negotiation as below:
#RestController
class UserController {
#GetMapping("/users", headers = ["Accept=${VersioningUtility.VERSION_1_HEADER}"])
fun getUser(): ResponseEntity<Any> {
return ResponseEntity(listOf(User("Abraham Lincoln")), HttpStatus.OK)
}
#GetMapping("/users", headers = ["Accept=${VersioningUtility.VERSION_2_HEADER}"])
fun getNewUser(): ResponseEntity<Any> {
return ResponseEntity(listOf(NewUser(Name("Abraham", "Lincoln"))), HttpStatus.OK)
}
}
data class User(val name: String)
data class NewUser(val name: Name)
data class Name(val firstName: String, val lastName: String)
object VersioningUtility {
const val VERSION_1_HEADER = "application/vnd.v1+json"
const val VERSION_2_HEADER = "application/vnd.v2+json"
}
The above with enable you to have 2 versions of the GET /users endpoint with the Accept header.
When the curl request is made with v1 of the header value, the response would be according to the version v1
curl -L -X GET 'http://localhost:8080/users' \
-H 'Accept: application/vnd.v1+json'
[
{
"name": "Abraham Lincoln"
}
]
When the curl request is made with v2 of the header value, the response would be according to the version v2
curl -L -X GET 'http://localhost:8080/users' \
-H 'Accept: application/vnd.v2+json'
[
{
"name": {
"firstName": "Abraham",
"lastName": "Lincoln"
}
}
]
When an invalid header value is sent, it would respond with a 406 Not Acceptable
curl -L -X GET 'http://localhost:8080/users' \
-H 'Accept: application/vnd.abc+json'
{
"timestamp": "2020-04-01T18:33:16.393+0000",
"status": 406,
"error": "Not Acceptable",
"message": "Could not find acceptable representation",
"path": "/users"
}
When no Accept header is sent, it would respond with the default version, ie v1 here
curl -L -X GET 'http://localhost:8080/users'
[
{
"name": "Abraham Lincoln"
}
]
Even GitHub has implemented versioning with content negotiation in a similar way and you can have a look at that in their documentation.
I looked over the API documentation and I didn't see anything about how to get logos, but plaid clearly has them as they appear in the link app. Is there any way that I can also get access to those logo as part of the API or through another mechanism using an "Item" id?
While not documented at the time of this writing, it apparently can be done by adding an options parameter to a institution request with the value of {"include_display_data": true}. With the node API using the getInstitutionById method and Vangaurd it looks like this.
client.getInstitutionById('ins_108768', {include_display_data: true} (err, result) => {
// Handle err
const logo = result.institution.logo;
});
The value of logo will either be null or a base64 encoded string containing the binary data of the logo.
The current version of a plaid ruby gem(6.1.0) doesn't retrieve a logo but you can extend a plaid library and use include_display_data parameter to get a logo.
module Plaid
class Institutions < BaseProduct
def get_by_id_with_logo(institution_id)
post_with_public_key 'institutions/get_by_id',
SingleInstitutionResponse,
institution_id: institution_id,
options: { include_display_data: true }
end
end
end
Usage:
ins = client.institutions.get_by_id_with_logo(YOUR_INSTITUTION_ID)
puts ins.institution[:logo]
To get a list of all institutions from Plaid API one needs to hit /institutions/get with a POST request. To get logos and other institution attributes such as home page URL and brand color one needs to add options attribute in the body of the request with a key=>value pair of "include_optional_metadata" => true. The count parameter indicates the number of institutions you want returned (perPage) while offset is the number of institutions to skip.
curl -X POST \
https://sandbox.plaid.com/sandbox/institutions/get \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "clientIdFromPlaidDashboard",
"secret": "secretFromPlaidDashboard",
"count": 500,
"offset": 0,
"options" => [
"include_optional_metadata" => true
]
}'
Expected response from Plaid doc:
http code 200
{
"institutions": [
{
"country_codes": ["US"],
"credentials": [{
"label": "User ID",
"name": "username",
"type": "text"
}, {
"label": "Password",
"name": "password",
"type": "password"
}],
"has_mfa": true,
"institution_id": "ins_109508",
"mfa": [
"code",
"list",
"questions",
"selections"
],
"name": "First Platypus Bank",
// the following are included when
// options.include_optional_metadata is true
"primary_color": "#1f1f1f",
"url": "https://plaid.com",
"logo": null,
]
}
],
"request_id": "m8MDnv9okwxFNBV",
"total": 1
}
I'm using cURL request to google safe browsing API to check for any of my requested site is malicious or not. When i'm issuing the following command
$curl -H "Content-Type: application/json" -X POST -d ' { "client": { "clientId": "Test", "clientVersion": "1.0.0" }, "threatInfo": { "threatTypes": ["MALWARE", "SOCIAL_ENGINEERING","THREAT_TYPE_UNSPECIFIED","UNWANTED_SOFTWARE","POTENTIALLY_HARMFUL_APPLICATION"], "platformTypes": ["WINDOWS","PLATFORM_TYPE_UNSPECIFIED","ANY_PLATFORM"], "threatEntryTypes": ["URL"], "threatEntries": [ {"url":"hxxp://bookmyroom.pk/assets/timepicker/f.exe"} ] } }' https://safebrowsing.googleapis.com/v4/threatMatches:find?key=AIzaSyD1IMgjaHEza6e9m_jwtjBgPmJX0IMKKIs
Caution: I have "xx"ed instead "tt" for the http string. This site might be a potential malicious site.So do not open it using browser.
I'm getting JSON response as
{
"matches": [
{
"threatType": "UNWANTED_SOFTWARE",
"platformType": "ANY_PLATFORM",
"threat": {
"url": "hxxp://bookmyroom.pk/assets/timepicker/f.exe"
},
"cacheDuration": "300.000s",
"threatEntryType": "URL"
}
]
}
Caution: I have "xx"ed instead "tt" for the http string. This site might be a potential malicious site.So do not open it using browser.
When i'm doing the same in loop
#check.sh
for i in $(cat malsite.txt); do
content="$(curl -H "Content-Type: application/json" -X POST -d ' { "client": { "clientId": "Test", "clientVersion": "1.0.0" }, "threatInfo": { "threatTypes": ["MALWARE", "SOCIAL_ENGINEERING","THREAT_TYPE_UNSPECIFIED","UNWANTED_SOFTWARE","POTENTIALLY_HARMFUL_APPLICATION"], "platformTypes": ["WINDOWS","PLATFORM_TYPE_UNSPECIFIED","ANY_PLATFORM"], "threatEntryTypes": ["URL"], "threatEntries": [ {"url":"$i"} ] } }' https://safebrowsing.googleapis.com/v4/threatMatches:find?key=AIzaSyD1IMgjaHEza6e9m_jwtjBgPmJX0IMKKIs)"
echo "$i"
echo "$content"
done
#malsite.txt
"hxxp://bookmyroom.pk/assets/timepicker/f.exe"
Caution: I have "xx"ed instead "tt"ing for the http string.This site might be a potential malicious site.So do not open it using browser.
I'm not getting any results. It just returns empty result.
#Result of /.check.sh :
{}
Not sure , Where i'm making mistakes. Any thoughts ?