I am trying to automate my deployment to my public COS bucket using the IBM CI/CD pipeline - I do a curl PUT with the payload data and the authorization token.
I can upload using the same script on my local terminal window fine to my COS bucket.
When I do it via the CI/CD pipeline, I get this error:
* upload completely sent off: 22 out of 22 bytes
AccessDeniedAccess
Denied/mbp-ui-subscription/widget-bundle403<
HTTP/1.1 403 Forbidden
I have verified that i am generating the token correctly, is CI/CD pipeline or COS blocking me somehow?
turns out i was not parsing the iam token properly and passing it because it also contains a uaa token
Related
I have to upload images to google drive through mule integration. I'm facing trouble with <google-drive:file-content> connector. Can someone help me or direct me a tutorial relates to it?
This is the error message while I tried to connect to the google drive
Message : Request returned status code 403
Element : imageuploaderFlow/processors/4 #
imageuploader:imageuploader.xml:39 (Create media file)
Element DSL : <google-drive:create-media-file doc:name="Create media file" doc:id="hhhhhjhj" config-ref="Google_Drive_Connector_Config" contentType="application/octet-stream">
<google-drive:file-content><![CDATA[
#[payload.parts.image.content write "application/octet-stream"]
]]></google-drive:file-content>
</google-drive:create-media-file>
Error type : GOOGLE-DRIVE:CLIENT_ERROR
FlowStack : at imageuploaderFlow(imageuploaderFlow/processors/4 # imageuploader:imageuploader.xml:39 (Create media file))
Google Drive Connector Config
scopes: https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.file
connector xml snippet
<google-drive:create-media-file doc:name="Create media file" doc:id="ac59e7fe-e615-fggh-9473-2we5cd73ecb7" config-ref="Google_Drive_Connector_Config" contentType="application/octet-stream">
<google-drive:file-content ><![CDATA[#[payload.parts.image.content write "application/octet-stream"]]]></google-drive:file-content>
</google-drive:create-media-file>
The version of the Google Drive connector is 1.0.1
Ensure that you have Enabled the Google Drive API in your project. Not enabling this also raises a 403 error. Also, mostly, Google API sends pretty clear message when you do something wrong. You can access the detailed HTTP response using error.errorMessage.payload and headers using error.errorMessage.attributes.headers
I am using the ReactS3Client and I am having issues with uploading to a bucket. I have all the config files ready. I am using a 3rd party library that allows a user to upload media to a designated cloud server, that being S3. Everything works good on iOS side for the configuration and I am able to upload accordingly. For that, I am using AmplifyCLI.
The error I am getting is: POST BUCKETURL 403 (Forbidden)
On the S3 side, I configured the following -- S3 bucket policy config
I know the error stems from the S3 CORS policy. Ive tried making the bucket public and editing the policy to allow all sorts of requests, but I'm still receiving the 403 forbidden error.
Any help would be really appreciated.
I'm new to Snowflake and my objective is to use the SQL API to execute queries.
Using curl I'm able to create an access token and a refresh token. I can then use the access token in the snowsql connection parameter "--token" to start a snowsql session and execute SQL statements. This all works fine.
However, when I try to use curl to POST a request to the /api/statements endpoint (as documented on https://docs.snowflake.com/en/developer-guide/sql-api/guide.html#example-of-a-request) and I use the same access token, then I'm getting an "JWT token is invalid" error.
Am I missing something here? Do I need to generate and use a different access token for the SQL API than the one I can use with snowsql?
If so, how can I generate such access token?
Any idea or hint is greatly appreciated.
Thanks.
There are 2 mechanisms for authorizing the users for SQL API, one is the External Oauth and the other is key-pair mechanism.
From what I presume, it seems that you have used the External OAuth token for Key pair auth for SQL API hence the error is seen.
In the SQL API request that is being tested, remove this line:
-H "X-Snowflake-Authorization-Token-Type: KEYPAIR_JWT" \
Now, run the curl command and it should work successfully.
When no parameter value for Auth token type is passed, it defaults to external OAuth.
I am trying to upload a file to Sharepoint. I Got the Accesstoken based on the client id and tenant id given by the application and able to do it.
'client_id='||'xxxx'||'&scope='||'https%3A%2F%2Fgraph.microsoft.com%2F.default'||'&client_secret='||'xxxxxx'||'&grant_type='||'client_credentials'
Token as follows :
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Based on the token i am trying to create an upload session and it is saying http1.1 403 forbidden. I have the known site id and Drive (Item id).
HTTPResponseHeader X-Original-HTTP-Status-Line:CHARACTER:HTTP/1.1 403
Forbidden X-Original-HTTP-Status-Code:INTEGER:403 Cache-Control:CHARACTER:private
Content-Type:CHARACTER:application/json request-id:CHARACTER:1f6e2c51-5061-41c0-be0d-ee38a2c2a533
client-request-id:CHARACTER:1f6e2c51-5061-41c0-be0d-ee38a2c2a533 x-ms-ags-
diagnostic:CHARACTER:{"ServerInfo":{"DataCenter":"South Central US","Slice":"SliceC","Ring":"3","ScaleUnit":"000","RoleInstance":"AGSFE_IN_11"}}
Strict-Transport-Security:CHARACTER:max-age=31536000
Date:CHARACTER:Fri, 19 Jun 2020 17:23:53 GMT Content-Length:CHARACTER:256
Application had given permissions to Sites.readwrite.All provided admin consent as well. Any help is Appreciated.
So there's a couple of things here:
To use the Microsoft Graph APIs to create an upload session to write a file to SharePoint using the site/library as a drive with an app only permission (client_credentials) you need to request the at least the Sites.ReadWriteAll scope for the Microsoft Graph resource https://graph.microsoft.com: https://learn.microsoft.com/en-us/graph/api/driveitem-createuploadsession?view=graph-rest-1.0
Instead of requesting the https://graph.microsoft.com/.default scope try using 'https://graph.microsoft.com/Sites.ReadWriteAll`
So we have an application that allows you to create a xml file that runs the app again at a later stage (which may or may not have a user in attendance). Files are stored on the user cloud drive platform of choice. So the process is
Workflow 1
Authenticate to cloud with User 1 details/input
Select files to Download and use
Save and encrypt file metadata and Refresh token to xml file. (app workflow 1)
Workflow 2 ( can be repeated multiple thousands of times)
Send xml file to another pc with User 2. (either by email or remotely through a console
that pc then runs under user 2
start app
App authenticates automatically using refresh token saved in xml file with no user input (as there is a very high chance of the user who created workflow 1 not being in the same city as where workflow 2 is running
Downloads files
applies files (app workflow 2)
PROBLEM
all other platforms we cater for (Dropbox and google and onedrive) gives us access to the refresh token and allow us to authenticate with it again , however the onedrive for business (graph sdks) give us a Token cache which is session based?
Questions
So I need to know how I can get the refresh token from the Token Cache so we can reuse it at a later stage. (yes I'm aware that it will expire after 6 months which is acceptable) .
When i have the refresh token how do initiate a call to refresh the token
Further note - I have managed to handle all platforms before Within silverlight (where the sdks are not supported) through directly calling the rest api calls but we are converting our solution to WPF and would want to use the sdks
thanks
I assume you were developing Microsoft Graph SDK when you mentioned graph sdks.
AFAIK, this library does not include any default authentication implementations. Instead, the user will want to authenticate with the library of their choice, or against the OAuth endpoint directly, and built-in DelegateAuthenticationProvider class to authenticate each request.
And if you were authenticating Azure AD with Active Directory Authentication Library, you can use the default token cache which use memory to store the cache or you can implement the token cache based on your requirement.
So I need to know how I can get the refresh token from the Token Cache so we can reuse it at a later stage. (yes I'm aware that it will expire after 6 months which is acceptable) .
When you using the ADAL library, there is no need to get the refresh token manually, it will handle for us to renew the access token if the refresh token is existed.
When i have the refresh token how do initiate a call to refresh the token
If you want to perform the request yourself to refresh the access token, you can refer the request below, and more detail you can refer this document.
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
&grant_type=refresh_token
&resource=https%3A%2F%2Fservice.contoso.com%2F
&client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps
OK so the answer is taking the tokencache from the PublicIdentityApp and serializing as below.
var tokenCache = _app.UserTokenCache;
var tokenBytes = tokenCache.Serialize();
var tokenString = Convert.ToBase64String(tokenBytes);
And deserializing it later.
_app = new Microsoft.Identity.Client.PublicClientApplication(ClientID);
var array = Convert.FromBase64String(bytestring);
_app.UserTokenCache.Deserialize(array);
authHelper = new AuthenticationHelper(_app);
var authorise = await authHelper.GetTokenForUserAsync()