I am trying to create rest based webservices, which I want to secure them using spring security Oauth2.
What I found is then, in oauth2 we have to send auth_token in query string.
But my need is to send in header.
I have searched a lot, but I didn't get the answer which I need.
Is there anybody who can help?
Reference link [ http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html
]
You can test sending the access token for example using Curl:
curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.com
With this you should be able to see, if server is working as expected. How to do it in client application depends on the programming language you are using.
Related
I am working on an Elixir Phoenix web project where I want to interact with Google's Indexing API.
Google uses OAuth2 to authenticate api requests and actually has a decent documentation on this.
But it only explains the process using one of the supported libraries in Python, Java, PHP or JS.
I would like to make the HTTP requests by myself to retrieve that access token. But the request format (including headers or parameters) is nowhere documented and I cannot even figure out from the libraries' source code.
I have tried requesting https://accounts.google.com/o/oauth2/token (also other eligible URLs) in Postman with the "OAuth 2.0" request type.
But it was all just guessing and trying. All the research did not help.
There are useful instructions including HTTP/Rest examples at Using OAuth 2.0 for Web Server Applications. Each step has the individual parameters fully documented. Here are some useful excerpts.
Send user to Google's OAuth 2.0 server. Example URL:
https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&
access_type=offline&
include_granted_scopes=true&
state=state_parameter_passthrough_value&
redirect_uri=http%3A%2F%2Foauth2.example.com%2Fcallback&
response_type=code&
client_id=client_id
Retreive authorization code (your domain). Example:
https://oauth2.example.com/auth?code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7
Request access token. Example:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https://oauth2.example.com/code&
grant_type=authorization_code
Use API. Example:
GET /drive/v2/files HTTP/1.1
Authorization: Bearer <access_token>
Host: www.googleapis.com/
Trying to perform a load testing using Jmeter tool however can not pass authentication.
The following curl works well
curl -u <USERNAME>:<PASSWORD> -X PUT "http://server-url/artifactory/my-repository/my/new/artifact/directory/file.txt" -T Desktop/myNewFile.txt
I need to upload file via PUT method based on the curl sample above and can not do it because do not understand where username and password values should be placed in the HTTP Request sampler, in the parameters part, Post Body or somewhere else.
Thanks you
You need to add a HTTP Authorisation Manager to your Test Plan and configure it as follows:
Base URL: http://server-url
Username: USERNAME
Password: PASSWORD
JMeter will generate relevant Authorization header and add it to the request. See How to Use HTTP Basic Authentication in JMeter article for more details.
Guessing, but you probably add the HTTP header
Authentication: basic [base64 of username:password]
Google "HTTP Basic Authentication"
We are using our own logging solution because stackdriver is su...bpar. I want to pull the metrics on how many unacknowledged messages there are in the pubsub. Started to read the docs on that and they are all over the place.
Found this page:
https://cloud.google.com/monitoring/api/metrics
Despite being under the api it does not describe any api calls, but does contain the description of the metric I want to extract.
Now I am thinking I need to use the monitoring api to extract what I need somehow:
https://cloud.google.com/monitoring/api/ref_v3/rest/
So I use the api explorer to try a couple of methods:
https://developers.google.com/apis-explorer/#search/monitoring/monitoring/v3/monitoring.projects.groups.list
I query and gives me an available url:
GET https://monitoring.googleapis.com/v3/projects/myprojectname/groups?key={YOUR_API_KEY}
I go to my project's console (api & credentials page) and generate an api key without restrictions and paste it in trying to curl.
curl https://monitoring.googleapis.com/v3/projects/myproject/groups?key=myrandomkeylkjlkj
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Why is this happening? How can I get the metrics? I went to the url provided but it explains oauth token creation and has nothing regarding the api keys. I just need to curl things to make sure I am going the right way.
Why does this have to be so hard? Killed several hours of my life trying to get this.
curl -H "Authorization: Bearer $(gcloud config config-helper --format='value(credential.access_token)')" https://monitoring.googleapis.com/v3/projects/myproject/groups
I am new to Spring and very new to Spring Oauth2 Security. I have searched a lot about how to request the following link in web browser(In Firefox Rest Client plugin).The following request is curl and working perfectly fine in terminal through this command.
I am getting the problem while giving basic authorization. So How we can interact with basic authorization given below as -vu myapp:123456.
curl -X POST -vu myapp:123456 http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=sunit&username=sunit&grant_type=password&scope=read%20write&client_secret=123456&client_id=myapp"
I used wireshark for capture the request and ended the same request to fb just to connect because I don't have a local server running... you can see that is a post request with the body in encoded URL...
I'd like to get a list of my documents from google docs api. First I get a authValue using ClientLogin, then I send a request to that url https://docs.google.com/feeds/documents/private/full with header set to "Authorization: GoogleLogin auth=authValue", but I always get a response "Authorization required". What should I do?
Make sure you request the token with the "writely" service when performing ClientLogin. Also, make sure that you're sending the token provided after Auth= in the ClientLogin response.
Authorization: GoogleLogin auth=DQAAA...