I am using Coinbase Wallet Endpoints of Coinbase API in my application and trying to hit create_account API https://developers.coinbase.com/api/v2#create-account using curl without OAuth2. According to Coinbase documentation, curl command would be like:
curl https://api.coinbase.com/v2/accounts \
-X POST
-H 'Content-Type: application/json'
-H 'Authorization: Bearer
abd90df5f27a7b170cd775abf89d632b350b7c1c9d53e08b340cd9832ce52c2c'
-d '{"name": "New wallet"}'
I am unable to figure out what will be the value of access token and how I will get it without using OAuth2 request.
Please guide me that "How I will get Bearer access token without using OAuth2?".
Related
I have a trouble right now with an access token received from Google Identity Services.
Some details about the case. I have full stack application, back-end based on Spring/Webflux/Hibernate-Reactive and frond end based on React. I'm using the google login feature from Google Identity Services with this react library #react-oauth/google.
I'm using the received "credential" after successful login for back-end access. Everything works like expected except that I there is no refresh token in the response after successful login. The token expires after 1 hour and a user must be prompted to login again to receive a new token, which is horrible!
So, how to refresh this token, any Idea?
I could not found more info on google side, that's why I am writing here.
So I found the solution by myself. I will post it here, in hoping to help someone else who is struggling with this problem.
So using the react library #react-oauth/google I used the useGoogleLogin hook. I added "flow: 'auth-code'" to function's options object.
const login = useGoogleLogin({
onSuccess: codeResponse => console.log(codeResponse),
flow: 'auth-code',
});
The function is triggered by click on simple button.
After successful login from the user, in the response object we can find a code property. We can exchange the code for an access,refresh and id token by calling the google oauth2 api:
curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=your_client_id' \
--data-urlencode 'client_secret=your_client_secret' \
--data-urlencode 'code=recieved_code_after_login' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'redirect_uri=one of your redirect uri's listed in your
credential'
after successful request access,refresh and id token are received.
refreshing the token also so simple:
curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=your_client_id' \
--data-urlencode 'client_secret=your_client_secret' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=received_refresh_token'
Here is the original Google documentation: https://developers.google.com/identity/protocols/oauth2/web-server#httprest_3
!important!
Remember that the refresh is valid until access is revoked. When you refresh the tokens, a new refresh token is not coming with the response. For further refreshes, you can use the same refresh token, receive by exchange.
Hello, in a sh script i try to call an api in App Engine Standard (with a POST) behind an IAP.
I use a service account who have the "IAP-secured Web App user" permission.
The service account is from an another account that the IAP.
I first generate an OpenId connect :
OIDC_token_response=$(curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer "$(gcloud auth print-access-token) \
-H "Accept: application/json" \
--data '{"audience":"{CLIENT_ID_IAP","includeEmail":true}' \
-s --write-out "HTTP_CODE:%{http_code}" \
https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${MY_SERVICE_ACCOUNT:generateIdToken)
Then i use the token :
api_response=$(curl -X POST -H "Authorization: Bearer "${OIDC_token} -s --write-out "HTTP_CODE:%{http_code}" https://{MY-APP}.appspot.com/my-api/)
The answer is :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>401 Unauthorized</title>
<h1>Unauthorized</h1>
<p>Unauthorized</p>
HTTP_CODE:401
Any idea ?
Regards
The error was not at the IAP Level : the 401 error was returned by the app engine application.
The IAP connection is OK.
Sorry for this post.
I'm facing the issue where I am not able to generate an Access Token for Google IAM Service Account using this method .
I've got my personal OAuth2 access token using:
gcloud auth application-default print-access-token
I've got all the necessary roles (roles/iam.serviceAccountTokenCreator) but when I cURL the API I always get an error response:
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT"
}
}
This is how full curl request looks like:
curl -X POST --header 'Content-Type: application/json' --header 'authorization: Bearer ya29.AASDSADASDASDi9C1yAXXXXXXZzLtDDrCAzblqF_qi5sKvMZcHieBADASDASDTNJiOKrqJBffb4Moh3gTgiTbDgMIF1XDQU5JZ31aACs0aUbI4wgeqV2Q' https://iamcredentials.googleapis.com/v1/projects/<PROJECT_NAME>/serviceAccounts/<SA_NAME>#<PROJECT_NAME>.iam.gserviceaccount.com:generateAccessToken -d '{"scope": ["https://www.googleapis.com/auth/cloud-platform"]}'
Thanks
You have two problems in your API call.
The Service Account Name is a path parameter and must be URL encoded. The # character is not valid. Use %40 in its place (as an example of correct encoding).
The URI specifies a PROJECT_NAME. This is not correct. You need to use a - (hyphen/dash character). Example projects/-/serviceAccounts.
You also need to have the permission iam.serviceAccounts.getAccessToken attached to one of the roles that are assigned to the account that created the request Access Token use in this API request. This will cause a different error if incorrect. Just a tip as you get to the next step.
Using the Bugzilla 5.0 REST API, how do I send the API key in a header?
The following works with a 200 response and creates a bug:
curl -Ski -X POST -H "Content-Type: application/json"
-H "Accept: application/json"
--data "#$HOME/bug_attrs.json"
"https://fmd-bugzil-01tst.vrt.sourcefire.com/rest/bug?Bugzilla_api_key=ibMexQ7suwgyiYNskgxgBDqrXGLV5Jkogj1KSYL0"
But sending it in the header returns a 401:
curl -Ski -X POST -H "Content-Type: application/json"
-H "Accept: application/json"
-H "X-BUGZILLA-API-KEY: ibMexQ7suwgyiYNskgxgBDqrXGLV5Jkogj1KSYL0"
--data "#$HOME/bug_attrs.json"
"https://fmd-bugzil-01tst.vrt.sourcefire.com/rest/bug"
How do I send the API Key in the headers instead of the Query string?
I think you are using stable version of Bugzilla, version 5.0.4, according to the documentation for Rest API 5.0.4, it does not support X-BUGZILLA-API-KEY header for authentication.
However, latest version 5.1.2 has support for allowing api key in the header.
Alternatively, authentication credentials can be provided via one of
the following headers:
X-BUGZILLA-LOGIN
X-BUGZILLA-PASSWORD
X-BUGZILLA-API-KEY
X-BUGZILLA-TOKEN
Credentials passed as part of the query string take
precedence over the header credentials.
I have enables authentication in Zeppelin. I am able to authenticate Zeppelin from curl:
curl -i --data 'userName=admin&password=admin' -X POST http://ip_address:port/api/login
It is giving me response properly with JSESSIONID.
How can I use the same session in my next API calls like
http://ip_address:port/api/notebook
Thanks.
Write the response cookies to local file during login api call
curl -c cookies.txt -i --data 'userName=admin&password=admin' -X POST http://ip_address:port/api/login
and pass the cookies to next API calls
curl -b cookies.txt http://ip_address:port/api/notebook
Example for run note
curl -i -b 'JSESSIONID=ad51301f-a13b-4b8d-a6c7-b684dc453f8f; Path=/; HttpOnly' -X POST -H "Content-Type: application/json" http://ip_address:port/api/notebook/job/note_id