Bonita (7.1) returns unathorized process - bonita

We are working with version 7.1 Bonita and execute with WSO2 (4.9.0) and Rest Client first a loginprocess and then a process it returns unauthorized, it is send as a parameter of the request with name Cookie, Are we doing something bad?
A greet

If it returns Unauthorized you are doing something bad. :)
To start a case via REST execute the following calls within the same HTTP Session:
POST http://localhost:8080/bonita/loginservice?username=walter.bates&password=bpm with an empty payload
and then POST http://localhost:8080/bonita/API/bpm/case with the following payload:
{
"processDefinitionId":"5777042023671752656",
"variables":[
{
"name":"stringVariable",
"value":"aValue"
},
{
"name":"dateVariable",
"value":349246800000
},
{
"name":"numericVariable",
"value":5
}
]
}
More information about can be found here

Related

IdentityServer4 - End Session in POST

IdentityServer4 documentation explains how to use the end session endpoint using the HTTP method GET (https://identityserver4.readthedocs.io/en/latest/endpoints/endsession.html).
Is it possible to configure it in order to accept POST requests as well?
If you look at the source code here, it seems that the endpoint accepts both GET and POST requests.
if (HttpMethods.IsGet(context.Request.Method))
{
parameters = context.Request.Query.AsNameValueCollection();
}
else if (HttpMethods.IsPost(context.Request.Method))
{
parameters = (await context.Request.ReadFormAsync()).AsNameValueCollection();
}
else
{
_logger.LogWarning("Invalid HTTP method for end session endpoint.");
return new StatusCodeResult(HttpStatusCode.MethodNotAllowed);
}

How to send json payload when executing a command from IoT Central v3 connector Logic app

In IoT Central we have a command as toggle_bulb where it accepts json object of mac and on_off value as follows:
{'mac': <mac address>', 'on_off': '0'}
when we run the command manually from dashboard we are receiving the request.payload value in the backend application.
But we have created a rule to execute the command using logic app action
payload parameter is defined as shown below for raw input
when the rule gets fired, we are receiving the method request but not receiving the payload in the backend application.
logs are as follows
iotcentral: Received call for bulb_state
iotcentral.py: toggle_bulb_command: iotcentral: request payload: {}
Please help me how to send json object to back end application when using iot central connector in logic app for executing a command
When the request format isn't correct, it isn't received correctly by the device. Right now you are using this as the payload in your Logic App
{
"mac": "00:17:88:01:06:3a:ec:bf",
"on_off": "0"
}
Try using:
{
"request": {
"mac": "00:17:88:01:06:3a:ec:bf",
"on_off": "0"
}
}

ADAL.js - Obtaining Microsoft Graph Access Token with id_token

I am attempting to integrate Azure AD login and Graph API into my angular2 website.
I have successfully implemented an ADAL login and redirect, built around a useful blog post here
From this I retrieved an id_token parameter that my adalservice can access. Currently this is acheived through a simple context.login() and catching the token in the redirect.
When I use this token to try and access Microsoft Graph, I receive an InvalidAuthenticationToken response stating Access Token validation failure.
I'm new to this stuff, so it could be that my call is intrinsically wrong, or that I lack certain permissions in AD, or my app reg lacks permissions. I've seen that I potentially need to request an access token with sufficient scope, yet I can find any examples of this.
Has anyone used this adalService library to obtain tokens for use with Graph API?
I found a solution to my problem.
I was using the wrong token. I had to acquire a token specifically for Graph API. This meant I would have to first log in and then call this.context.acquireToken() like below:
this.context.acquireToken("https://graph.microsoft.com", function (error, id_token) {
if (error || !id_token) {
console.log('ADAL error occurred: ' + error);
}
else {
this.graphAccessToken = id_token;
//Call graph API
}
}.bind(this)
);
It seems like it's essential that this process have 2 calls. Maybe someone can shed some light on whether I can immediately obtain a token with scope for the Graph API on login. Perhaps by setting required permissions for the app in Azure AD.
Just to have a clarity for all, updating the end to end solution here again.
In case you do not have the base starter code, refer to this link Adal-JS Tutorial. This post only concerns with the customization involved.
Step 1: Configure the AdalService
(only new code is shown, other methods remain as it is)
export class AdalService {
public get graphAccessToken() {
return sessionStorage[new AppConstants().User_Graph_Token];
}
public retrieveTokenForGraphAPI() {
this.context.acquireToken('https://graph.microsoft.com', function (error, graph_token) {
if (error || !graph_token) {
console.log('ADAL error occurred: ' + error);
} else {
// Store token in sessionStorage
sessionStorage[new AppConstants().User_Graph_Token] = graph_token;
return;
}
}.bind(this)
);
}
}
The code should have existing handlers for id_token callback and corresponding configuration in the routing. If not, please refer to link above for the initial code.
Now the requirement is retrieve the access_token once the id_token is retrieved. The access_token has additional field for "puid" which describes identifier for claims. This will be the step 2.
Step 2: Update LoginComponent
ngOnInit() {
if (!this.adalService.isAuthenticated) {
console.log('LoginComponent::Attempting login via adalService');
this.adalService.login();
} else {
if (this.adalService.accessTokenForGraph == null) {
console.log('LoginComponent::Login valid, attempting graph token retrieval');
this.adalService.retrieveTokenForGraphAPI();
}
}
Now the token is retrieved and stored for later use.
Step 3: Update Routing for 'access_token' callback
Similar to the 'id_token' callback, we need to add additional callback route for the access_token. The callback components will remain same. Their code is as described in the main link. Note that *access_token" endpoint is MS provided, hence be careful not to change the name.
{ path: 'access_token', component: OAuthCallbackComponent, canActivate: [OAuthCallbackHandler] },
{ path: 'id_token', component: OAuthCallbackComponent, canActivate: [OAuthCallbackHandler] }
Step 4: Use the token wherever required
const bearer = this.adalService.graphAccessToken();

Issue with watch request on gmail api

I am using the below code to send a watch request to gmail. But it is sending push notifications for every action on the mailbox. I need google to send notifications if there is a new email received only. Otherwise I don't want google to send notifications. I am using google-api nodejs client. Can anyone please assist me on this?
watch (cb) {
const params = {
userId: 'me',
resource: {
labelIds: ['INBOX'],
labelFilterAction: 'include',
topicName: configure.Google.TopicName
}
};
this.gmail.users.watch(params, cb);
}
You can do labelIds: ['UNREAD']
When you go to request history.list with the historyId, there is an option to limit the messages returned to messagesAdded, though you will continue to get extraneous push notifications.
labelIds expects the id of the label, not the display name of it.

Unauthenticated call to Endpoint working for an API method with authentication

I am facing issue with Endpoints authentication.
This is the api code I am using
#ApiMethod(name = "myapiname.myapimethod", scopes = { Constants.EMAIL_SCOPE }, clientIds = {
Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID,
Constants.API_EXPLORER_CLIENT_ID }, audiences = { Constants.ANDROID_AUDIENCE })
public Result myapimethod(User user) throws OAuthRequestException, IOException {
// some work
return new Result();
}
In API explorer, it shows that the method requires Authorization, but it is getting successfully executed even without authorizing the request in API explorer.
Any help will be highly appreciated.
Thanks in advance.
Adding an User parameter alone won't check if the endpoint request is authenticated, we need to check that ourselves refer the documentation https://developers.google.com/appengine/docs/java/endpoints/auth#Java_Adding_a_user_parameter_to_methods_for_auth
`If an incoming client request has no authorization token or an invalid one, user is null. In your code, you need to check whether user is null and do ONE of the following, depending on the condition:
If the user is present, perform the authorized action.
If the user is null, throw an OAuthRequestException.
Alternatively, if the user is null, perform some action for an unauthorized client access if some sort of unauthorized access is desired.`

Resources