I used to be able to make the following call with a Personal Access Token (the classic token)
curl https://$PAT#raw.githubusercontent.com/$ORG/$REPO/master/$FILE
But now I just get the Github default 404 response.
If I follow a different approach the the file is accessible.
curl -H 'Authorization: token $PAT' \
-H 'Accept: application/vnd.github.v3.raw' \
-O -L https://api.github.com/$ORG/$REPO/master/$FILE
I can't find anything in the docs that states the old curl URL request has been removed. Has this method now been removed?
Related
I am new to GitHub API and trying to create a file in my repo using API.
I am using postman to check the API first.
PUT Method:
URL:https://api.github.com/repos/KaranS-hexaware/Rapidx_Documentation/contents/text.txt
Body:{
"message":"my commit message",
"content":"bXkgbmV3IGZpbGUgY29udGVudHM="
}
Header
Authorization:Bearer ****************************************************
Content-Type:application/vnd.api+json
The response is:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/repos#create-or-update-file-contents"
}
Can I get some input on what I am missing here?
The create file contents API example is:
curl \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token <TOKEN>" \
https://api.github.com/repos/OWNER/REPO/contents/PATH \
-d '{"message":"my commit message","committer":{"name":"Monalisa Octocat","email":"octocat#github.com"},"content":"bXkgbmV3IGZpbGUgY29udGVudHM="}'
Check if those headers (which are slightly different than yours) make a difference and allow your call to succeed.
I implemented keycloak in my node.js project and call following API for add user in keycloak:
{{keycloak_url}}/admin/realms/{{realm}}/users
This API works and I can add user in keycloak but I need userId in response to this API how can I get this, any alternative way for this
Thanks in advance
I believe there is another way to do this which will save you an extra request. If you take a look at the reponse headers when you create a user, you should find a field named "Location". It looks like this:
Location: http://keycloak_address/auth/admin/realms/realm/users/3a11cc77-9871-4f6e-805b-bf17ea79fa3a
In this case the value "3a11cc77-9871-4f6e-805b-bf17ea79fa3a" would be the new user's id.
Update: The /auth path was removed starting with Keycloak 17 Quarkus distribution. So you might need to remove the /auth from the endpoint calls presented on this answer.
You use the Keycloak Admin REST API endpoint GET /{realm}/users with the query parameter username. For instance:
GET "{{keycloak_url}}/auth/admin/realms/{{realm}}/users/?username={{username}}"
NOTE: In some Keycloak version it will return all the users with a username that matches {{username*}}. Therefore, additional filtering of the list might be necessary. For those using bash script I have uploaded to my repo one example on how to do filter currently. From the response you just need to extract the field id.
The approach pointed out first by #Sillas Reis allows to create the user and get its ID in a single call, which is more performant. However, I am not a fan of relying on non documented behavior. Nonetheless, for those using bash and curl that solution could look like the following:
Call the Keycloak Admin REST API with an access token from a user with the proper permissions. For now, I will be using the admin user from the master realm:
curl “https://${KEYCLOAK_HOST}/auth/realms/master/protocol/openid-connect/token” \
-d "client_id=admin-cli" \
-d "username=${ADMIN_NAME}” \
-d "password=${ADMIN_PASSWORD}" \
-d "grant_type=password"
You get a JSON response with the admin's token. Extract the value of property access_token from that response. Let us save it in the variable $ACCESS_TOKEN for later reference.
To create the user in your realm $REALM_NAME and get back its id execute:
URL="https://${KEYCLOAK_HOST}/auth/admin/realms/${REALM_NAME}/users/"
curl --include -X -s POST "${URL}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-d "$USER_JSON" | grep "Location: ${URL}" | grep -o '[^/]\+$'
the flag --include will make curl include the headers, and the command grep "Location: ${URL}" will extract the location and the command grep -o '[^/]\+$' the user ID from that location.
I am currently working on some code to interact with images on the Google Container Registry. I have working code both using plain curl and also httpx. I am trying to build a package without 3rd party dependencies. My curiosity is around a particular endpoint from which I get a successful response in curl and httpx but a 401 Unauthorized using urllib.request.
The bash script that demonstrates what I'm trying to achieve is the following. It retrieves an access token from the registry API, then uses that token to verify that the API indeed runs version 2 and tries to access a particular Docker image configuration. I'm afraid that in order to test this, you will need access to a private GCR image and a digest for one of the tags.
#!/usr/bin/env bash
set -eu
token=$(gcloud auth print-access-token)
image=...
digest=sha256:...
get_token() {
curl -sSL \
-G \
--http1.1 \
-H "Authorization: Bearer ${token}" \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--data-urlencode "scope=repository:$1:pull" \
--data-urlencode "service=gcr.io" \
"https://gcr.io/v2/token" | jq -r '.token'
}
echo "---"
echo "Retrieving access token."
access_token=$(get_token ${image})
echo
echo "---"
echo "Testing version 2 capability with access token."
curl -sSL \
--http1.1 \
-o /dev/null \
-w "%{http_code}" \
-H "Authorization: Bearer ${access_token}" \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
https://gcr.io/v2/
echo
echo "---"
echo "Retrieving image configuration with access token."
curl -vL \
--http1.1 \
-o /dev/null \
-w "%{http_code}" \
-H "Authorization: Bearer ${access_token}" \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
"https://gcr.io/v2/${image}/blobs/${digest}"
I additionally created two Jupyter notebooks demonstrating my solutions in httpx and bare urllib.request. The httpx one works perfectly while somehow urllib fails on the image configuration request. I'm running out of ideas trying to spot the difference. If you run the notebook yourself, you will see that the called URL contains a token as a query parameter (is this a security issue?). When I open that link I can actually successfully download the data myself. Maybe urllib still passes along the Authorization header with the Bearer token making that last call fail with 401 Unauthorized?
Any insights are greatly appreciated.
I did some investigation and I believe the difference is that the last call to "https://gcr.io/v2/${image}/blobs/${digest}" actually contains a redirect. Inspecting the curl and httpx calls showed me that both do not include the Authorization header in the second, redirected request, whereas in the way that I set up the urllib.request in the notebook, this header is always included. It's a bit odd that this leads to a 401 but now I know how to address it.
Edit: I can now confirm that by building a urllib.request.Request instance and unlike in the linked notebook, add the authorization header with the request's add_unredirected_header method, everything works as expected.
I just setup a OneLogin account and wish to do a basic test from the command line with curl according to the docs at
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials
and
https://developers.onelogin.com/api-docs/1/oauth20-tokens/generate-tokens-2
I get "unauthorized" despite many permutations of the curl command. Let me start with the curl command as included in the docs in the second link above. I do this:
curl 'https://api.us.onelogin.com/auth/oauth2/v2/token' \
-X POST \
-H "Authorization: client_id:144a1200f765fc67f1e, client_secret:d2dc92524169ee2" \
-H "Content-Type: application/json" \
-d '{
"grant_type":"client_credentials"
}'
(fake client_id and client_secret is included so that you can see the form they take in my call, i.e., spaces, encoding, etc.)
Response:
{"status":{"error":true,"code":401,"type":"Unauthorized","message":"Authentication Failure"}}
So I tried everything I could think of in terms of the "Authorization" line. Here are some examples of what I tried:
# base64 encode just the client_id and the client_secret (i.e., separately encoded and independent)
Authorization: client_id:zODU1NjYwOTRiZjYwOWFiOWJiZDQ1NGZjNg==, client_secret:WIxY2NjZWJjNWJlZDJlZDdiYmFiMDZiYTkyNzY3M2IxZQ==
# result: unauthorized
# base64 encode "Basic <client_id:client_secret>"
Authorization: Basic NjllZTIxZGRjOWU5YjFjY2NlYmM1YmVkMmVkN2JiYWIwNmJhOTI3NjczYjFl
# result: unauthorized
# use Basic without base64 encoding id and secret
Authorization: Basic 094bf609ab9bbd454fc6:c5bed2ed7bbab06ba927673b1e
# result: unauthorized
And finally... here is an image of the credentials page to demonstrate that I indeed did create the id and secret in the proper place.
I'm embarrassed to give the solution to this answer and there is no way from the question anyone could have answered this correctly except by guessing.
I accidentally swapped the client_id and client_secret early in my work flow and never went back to double check them... or at least if I did double check them I made the same error twice.
My best guess for why I swapped them is that they appear in one order (client_id, client_secret) in the docs and API, and they appear in the reverse order in the OneLogin UI (client_secret, client_id). You can see this in my OP.
The correct curl command is the first one I gave in the answer... plain text client id and secret (not base64 encoded). Here it is again for reference:
curl 'https://api.us.onelogin.com/auth/oauth2/v2/token' \
-X POST \
-H "Authorization: client_id:bed2ed7bbab06ba927673b1e, client_secret:385566094bf609ab9bbd454fc6" \
-H "Content-Type: application/json" \
-d '{
"grant_type":"client_credentials"
}'
Gitlab-CE v8.14.3
I'm reading the GitLAB API docs, and am trying to get the list of active users. I'm an admin and created a personal token. I do this
$ curl -XGET "Private-Token: kfjakjfkjkd" https://company.domain.com/api/v3/users?active=true
and keep getting 401 (Unauthorized) error. Like I said, I'm an admin. What gives?
You must specify the header using the -H option as noted in Bertrand Martel's answer. That will retrieve up to 20 users.
Above 20 users, you must get fancier. The JSON output is paginated, and each query is limited to 100 users per page. So to get 300 users, you must get three pages, 100 users at a time:
curl -H "Private-Token: kfjakjfkjkd" "https://company.domain.com/api/v4/users?active=true&per_page=100&page=1" > gitlabusers1.json
curl -H "Private-Token: kfjakjfkjkd" "https://company.domain.com/api/v4/users?active=true&per_page=100&page=2" > gitlabusers2.json
curl -H "Private-Token: kfjakjfkjkd" "https://company.domain.com/api/v4/users?active=true&per_page=100&page=3" > gitlabusers3.json
You need to specify that Private-Token: kfjakjfkjkd is an HTTP header with -H :
curl -H "Private-Token: kfjakjfkjkd" https://company.domain.com/api/v4/users?active=true