I've created a gitlab page for myself and now want to access the page via a curl or a postman request. Seems that I can but the only way I can do this is by setting the Pages variable to Everyone. The issue being it will be accessible without any access token.
I've been through gitlab's docs and couldn't find anything about setting it to Only Project Members and passing an access token so we can still access the page without having to logging into Gitlab
Does anyone know if there's any way this can be done?
Related
I am just wondering, did anyone manage to authenticate into the Github GraphQL API with using a Github App and how?
The purpose of this is to write a script that pulls information from Github with the GraphQL API, but uses an app for authentication - so it is not user dependant and if a user leaves the organisation it doesn't take the functionality of the script with him.
The aim is to have a script that pulls all the Dependabot alerts from all the repos and pushes them to a Google spreadsheet.
I think I read somewhere Github does not recommend using a user service account.
Thanks
I followed this guide to "Authenticate as an installation", which generates a token.
Then I set a http header to: "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN"
I am trying to connect gitlab api from code to download artifacts.
To do so, i'm required to generate a private access token and send it with the request.
I don't want to set a permanent token because it is not secure, so i tried to find some api to delete and generate new token when the old is expired, but i couldn't find anything.
I also tried to use deploy-tokens but it has no permission to gitlab api.
Any suggestions?
I don't want to set a permanent token because it is not secure
Since 13.3 gitlab version there is available Project access tokens, which let you opportunity to issue a token for a specific project and limit it's scope. So it's definitely better than using yourself private token
Project level access tokens allow access to a project without the need to provision a new GitLab user. Project access tokens can be generated by project Maintainers or Owners and be used to authenticate with the GitLab API. Project access tokens will be authorized as Maintainers. This new functionality will make programmatic access to GitLab easier and more secure.
Previous answer:
Probably it would be less insecure if create extra user with permissions only for desired repository (from which we want to download artifacts) and issue personal-token for this user. So even the token will be compromised the offender will be capable only to download artifacts.
It is not possible yet, but they have an issue opened to add it
you can follow the discussion here https://gitlab.com/gitlab-org/gitlab/-/issues/17176
I have developed one application using MERN stack. It is working properly in a single. I am facing the following issue while using it :
Steps:
Login to the System.
Open a duplicate Tab after login.
Logout from the Original Tab.
Go back to the Duplicate Tab and Perform any action. Instead of logging out from System the user is able to perform the operations.
Provided that "TOKEN" is deleted from "localstorage" when I logout from the original tab.
I am using REACT, REDUX, NODEJS, MONGODB, EXPRESS
My main question is that how user is able to hit the api without authenticating.
I think you should try the following steps:
Check whether you are always fetching token from local storage or you are storing it in some variable in react due to which even after deleting the token from local storage your service might be able to access the token.
Make sure the token is deleted from the local storage.
Check the network tab of browser console for request header and body for the token being sent or not.
I'm trying to execute a REST API call in SharePoint Online. For this, I wanted to see if I can register an app in Azure AD. I believe I was able to do so and I'm able to get back a token. However, upon executing the GET request Postman always throws {"error_description":"Invalid issuer or signature."}in the body of the response.
Here're the screenshots detailing everything:
Don't mind the Postman variable {{TenantID}}. That's not the issue, I also tried with the writte-out tenant ID - doesn't make a difference.
So what I was unsure about at first was the 'Scope' parameter in the "GET NEW ACCESS TOKEN" in Postman. I tried various scopes, for example
'Sites.FullControl.All' or 'https://microsoft.sharepoint-df.com/.default'. But that didn't change the outcome. Still, is the scope I set correct for SharePoint REST API? I know that for the Microsoft Graph 'https://graph.microsoft.com/.default' works.
I also tried different app permissions, not just
'Sites.FullControl.All'
Do you have any idea what the cause of the error might be?
Thanks.
The sharepoint permission Sites.FullControl.All is of type Application.
For this type of permission you MUST use the client_credential flow.
The Client Credentials grant is used when applications request an
access token to access their own resources, not on behalf of a user.
Try to call the auth url with:
grant_type=client_credentials
&client_id=xxxxxxxxxx
&client_secret=xxxxxxxxxx
Otherwise if you want to access the Sharepoint on behalf of the user change the permission type to delegated
I'm developing a web application which will require users to login before they can use the app. I've looked into using the Azure Active Directory as the resource which I will authenticate against, however I'm having trouble understanding how to set things up.
I've logged into the Azure Portal and have created my Active Directory. I've also added my custom Web App to the Applications area, and provided the App Login URL and APP ID URI. Now I have been given my Client ID and Federation Metadata Document Url, but I have no idea where to go from here.
Could someone provide an example of how I take the username and password which they enter in my login form and submit that to Azure, receiving back a result which would indicate success or failure? Or is that not how it works?
Any help is greatly appreciated. I don't need any other information from the Active Directory other than confirmation that YES, the username and password matches and let them in.
The web application is coded in ColdFusion as per the client's request, and it is hosted on their server.
Thank you!!!
UPDATE
Using the directions found here https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx I have been able to successfully request an authorization code by logging in using an Active Directory account. After I log in, the system redirects me back to my web application, and has a long url code variable, along with a url session_state variable. My question now is, what do I do with this information from my web app?
Using the directions found here
https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx I have
been able to successfully request an authorization code by logging in
using an Active Directory account. After I log in, the system
redirects me back to my web application, and has a long url code
variable, along with a url session_state variable. My question now is,
what do I do with this information from my web app?
If you look at the picture in the link you mentioned, there are 6 steps.
What you have done so far is performed step 1 and 2. Now you would need to perform step 3 and 4 i.e. get an access token using the auth code you have received.
Please see the section titled Use the Authorization Code to Request an Access Token in the same link regarding how to do it.
As part of Step 4, you will get an access token back. It is essentially a JWT token. Not sure how you would do that in Cold Fusion, but you can simply decrypt/parse (for the lack of better words :)) this token to get information about the user.
Given that you only want to find out if the user is authenticated successfully, I believe if you have received the code you're good. You don't have to do anything more.