We have a simple auth2 applciation (like this) that works, when called from CURL, but we have a problem getting the token from angular http
So the question is: what is the equivalent of this curl in angular:
curl -H "Accept: application/json" my-client-with-secret:secret#localhost:8080/oauth/token -d grant_type=client_credentials
We tried to set the Authorization header
$http.defaults.headers.common['Authorization'] = "Basic <'secret:secret' in Base64>";
but we got 401 unauthorized
Related
Hello, in a sh script i try to call an api in App Engine Standard (with a POST) behind an IAP.
I use a service account who have the "IAP-secured Web App user" permission.
The service account is from an another account that the IAP.
I first generate an OpenId connect :
OIDC_token_response=$(curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer "$(gcloud auth print-access-token) \
-H "Accept: application/json" \
--data '{"audience":"{CLIENT_ID_IAP","includeEmail":true}' \
-s --write-out "HTTP_CODE:%{http_code}" \
https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${MY_SERVICE_ACCOUNT:generateIdToken)
Then i use the token :
api_response=$(curl -X POST -H "Authorization: Bearer "${OIDC_token} -s --write-out "HTTP_CODE:%{http_code}" https://{MY-APP}.appspot.com/my-api/)
The answer is :
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>401 Unauthorized</title>
<h1>Unauthorized</h1>
<p>Unauthorized</p>
HTTP_CODE:401
Any idea ?
Regards
The error was not at the IAP Level : the 401 error was returned by the app engine application.
The IAP connection is OK.
Sorry for this post.
Using the Bugzilla 5.0 REST API, how do I send the API key in a header?
The following works with a 200 response and creates a bug:
curl -Ski -X POST -H "Content-Type: application/json"
-H "Accept: application/json"
--data "#$HOME/bug_attrs.json"
"https://fmd-bugzil-01tst.vrt.sourcefire.com/rest/bug?Bugzilla_api_key=ibMexQ7suwgyiYNskgxgBDqrXGLV5Jkogj1KSYL0"
But sending it in the header returns a 401:
curl -Ski -X POST -H "Content-Type: application/json"
-H "Accept: application/json"
-H "X-BUGZILLA-API-KEY: ibMexQ7suwgyiYNskgxgBDqrXGLV5Jkogj1KSYL0"
--data "#$HOME/bug_attrs.json"
"https://fmd-bugzil-01tst.vrt.sourcefire.com/rest/bug"
How do I send the API Key in the headers instead of the Query string?
I think you are using stable version of Bugzilla, version 5.0.4, according to the documentation for Rest API 5.0.4, it does not support X-BUGZILLA-API-KEY header for authentication.
However, latest version 5.1.2 has support for allowing api key in the header.
Alternatively, authentication credentials can be provided via one of
the following headers:
X-BUGZILLA-LOGIN
X-BUGZILLA-PASSWORD
X-BUGZILLA-API-KEY
X-BUGZILLA-TOKEN
Credentials passed as part of the query string take
precedence over the header credentials.
I am using Coinbase Wallet Endpoints of Coinbase API in my application and trying to hit create_account API https://developers.coinbase.com/api/v2#create-account using curl without OAuth2. According to Coinbase documentation, curl command would be like:
curl https://api.coinbase.com/v2/accounts \
-X POST
-H 'Content-Type: application/json'
-H 'Authorization: Bearer
abd90df5f27a7b170cd775abf89d632b350b7c1c9d53e08b340cd9832ce52c2c'
-d '{"name": "New wallet"}'
I am unable to figure out what will be the value of access token and how I will get it without using OAuth2 request.
Please guide me that "How I will get Bearer access token without using OAuth2?".
We have an API server and are using HTTP Load Balancer. We found that the L7 Load balancer returns 502 error if HTTP request's data is large.
We have confirmed that it works when accessing the API without the Load Balancer (accessing the API Server directly.)
This question might be a similar issue. HTTP Load Balancer cuts out part of a large request body
Someone said that using L4 Network Load Balancer is a possible solution but we don't want to use it for some reasons e.g. URL based load balancing and cross-region load balancing.
// Response OK (data size is 1024)
curl -H "Content-Type: application/json" -X POST -d '{"xx": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}' https://xxxxxxxxxxxxxxx.com/xx/xxxxxxxxxxxx/xxxxxxxxx
// Response NG (data size is 1025)
curl -H "Content-Type: application/json" -X POST -d '{"xx": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}' https://xxxxxxxxxxxxxxx.com/xx/xxxxxxxxxxxx/xxxxxxxxx
It seems that LB has some limitation about the size of post data. Tests show the limit is around 1024 bytes.
Update1
#chaintng saved me. Someone on the linked post says that curl adds "Expect: 100-continue Header" if the post data is over 1024 byte.
// Response NG (data size is 1025. without "Expect: ")
curl -H "Content-Type: application/json" -X POST -d '{"xx": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}' https://xxxxxxxxxxxxxxx.com/xx/xxxxxxxxxxxx/xxxxxxxxx
// Response OK (data size is 1025. with "Expect: ")
curl -H "Expect: " -H "Content-Type: application/json" -X POST -d '{"xx": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"}' https://xxxxxxxxxxxxxxx.com/xx/xxxxxxxxxxxx/xxxxxxxxx
reference from this question Curl to Google Compute load balancer gets error 502
It's because CURL has default value when request large POST body defining header as Expect: 100-continue
Which is not support in Google L7 Load Balancing (stated in this document https://cloud.google.com/compute/docs/load-balancing/http/)
All you have to do is ignoring this behaviour by set the header before execute curl.
For e.g. in PHP
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Expect:']);
I have a problem with my request.
Using Angular Chrome browser return:
OPTIONS http://example.it/api/v1/auth/sign_in
(index):1 XMLHttpRequest cannot load http://example.it/api/v1/auth/sign_in. Invalid HTTP status code 404
But trying with Curl
curl -XPOST -v -H 'Content-Type: application/json' http://example.it/api/v1/auth/sign_in -d '{"email": "admin#example.it, "passoword": "administrator" }'
Everything is ok. Why?
I'm using NG Token Auth.