I am trying to call Azure Copy Blob API from postman. I have passed below headers and hit the request but I am getting "AuthenticationFailed" error.
I am sure, I might have given wrong header values or missed some required headers. Can some please help me what am I missing.
Here is the request:
Method: PUT
URL: https://accountname.blob.core.windows.net/containername/SAMPLE_FILE.CSV
Headers:
Authorization = SHARED ACCESS SIGNATURE:?sv=2020-08-04&ss=bfqt&srt=sco&sp=rwdlacupitfx&se=2023-05-30T06:52:46Z&st=2022-05-31T22:52:46Z&spr=https,http&sig=lP1fdHkWabckHlMFOrUsAWyVu6zxxJwNX4l%2B6a0WAmE%3D
x-ms-version = 2015-04-05
x-ms-copy-source = https://accountname.blob.core.windows.net/containername/SAMPLE_FILE.CSV
x-ms-date = 2022-06-13T18:51:28.5001104Z
Response Received:
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:aa820193-601e-0037-5959-7f7a5b000000
The reason you are getting this error is because you are using incorrect authorization header.
When you use SAS token, you would need to use SAS URL as the base URL for your copy operation and do not include authorization header as SAS token already contains the authorization information.
Do try with the following PUT URL and you will not get the authorization failed error (assuming your SAS token is valid):
Method: PUT URL:
https://accountname.blob.core.windows.net/containername/SAMPLE_FILE.CSV?sv=2020-08-04&ss=bfqt&srt=sco&sp=rwdlacupitfx&se=2023-05-30T06:52:46Z&st=2022-05-31T22:52:46Z&spr=https,http&sig=lP1fdHkWabckHlMFOrUsAWyVu6zxxJwNX4l%2B6a0WAmE%3D
Related
Postman headers I'm using secret keys to generate an access token that I will use to authenticate for an API that I call. The issue is that I'm getting the error:
status code was: 401, expected: 200
WWW-Authenticate: Bearer error="invalid_token", error_description="The audience value is invalid"
This is how I call the API
Given url `https://login.microsoftonline.com/tenant_id/oauth2/token`
And form field grant_type = `client_credentials`
And form field client_id = `value`
And form field client_secret = `value`
When method post
Then status 200
match response.access_token != null
def access_token = response.access_token
print access_token
Given header Authorization = 'Bearer ' + access_token
Given url 'url'
And header accept = `plain/text`
And header 'X-Mimic-User' = `confidential`
When method GET
Then status 200
I'm expecting to the authenticated to the API with the generated access token.
So it appears your error may be related to the Authorization header, although the error description is hard to decipher, possibly scope related? I would list the URL first, not the header, unless you are re-using it, and want to configure the value for subsequent requests. Another way of setting the Bearer token is:
And match response.access_token == '#present'
* def oauthToken = `Bearer ${response.access_token}`
But really the most important thing is for you to check your request, including headers and compare it between Karate and Postman to see what is different.
From what I see in the error description, the first API call made towards your auth provider is returning a 200 with an access token. but the second call you are making to your application server seems to be failing to see the audience value in your access token.
I doubt you are using the same client credentials input (client_id, client_secret) in your postman and karate setup. Make sure they are the same.
I would also confirm if the access token received is having the aud parameter by checking it in https://jwt.io or any other tool you trust to decode your access token JWT. for the sake of experimentation do the same for the access token you got from postman as well.
Ideally, these configurations are very internal to your application and identity team and may not be directly related to karate. The other teams mentioned should be the ones best to guide you.
I am working a POC to verify the migration of our Signup & Signup flow to Azure AD B2C. I have successfully called the API authorize to get the access token and id token. Then I tried to call /token to refresh the token according to document , however I got the error message below.
AADB2C90090: The provided JWE is not a valid 5 segment token.\r\nCorrelation ID: ae943eb7-9290-4fd5-aeac-d56411d803c7\r\nTimestamp: 2022-10-26 07:13:40Z\r\n
Following is the url I used to get access token in Browser.
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_signupsignin1&client_id=7adbb5f8-17d2-4dfa-94cd-5ab1cbc9f425&nonce=defaultNonce&redirect_uri=https://jwt.ms&scope=openid offline_access&response_type=code+id_token&prompt=login
Following is the screenshot I used to call token API in Postman.
POST /{tenant}.onmicrosoft.com/B2C_1_signupsignin1/oauth2/v2.0/token HTTP/1.1
Host: {tenant}.b2clogin.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 1971
grant_type=authorization_code&client_id=7adbb5f8-17d2-4dfa-94cd-5ab1cbc9f425&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..n8murSwIYYseViQm.WluJ_gU8aUQd1PPadPik4ODSso4KpKAu8geA5NmAlkbieJPVZb30MJSHGOiUsrxfwu4BoV69bshD7URJeVNFzfqPsCjBhpYDyeL8x0uUZIJwDQ7DTiflw8A4LbYf-SzjluqbfSqDwQFGyQvKesgsrnZzyxg9AnLiL1NoBW27Kd3ZcX3i1BHKr8c--qOyxbz8DtUyIzkJGcOq79wIQZRnDCr1_xPo6EhzOi59TlEIfJhzR4qfgLm3tlgK8zDaUY5Zf3a89olfkmpvrjS84vsfDyyWM4UZe_6MpymNQFe-6Q-fJRmWqdmqdvljaDykP2ZSZJS6jHkdmU9t9aYCTWPB4JgnN1PleQDzRK-MR9WPJ5ULoxmp2VOZ_YFdY94MOGEW8c_IeNGVuPRRC8jXEaQnEWA_3Fs5tzuNe4UjQUxRTTjNeZERb1MHFPk2YGZRc4CshvqvobuGQ2fVNKFHA8JvW9Qt6Xibw0gfY8D0tTZuOP6IxPwhFSWXa5nX4j_lDeFFxhTKA38CALXQ1FVWvHZmzYhB_yMYq44jdG46lpQYB4rV9CFIBvFzJ940EPH6LpOPAnLQzLNm6zqtsVKUoB49dXE2hapIbD5LHsoNoZYeQhu8qJdhxg.8PfqgqgrubNchCs9OxHQQA%26id_token%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2NjY3NzE0MDUsIm5iZiI6MTY2Njc2NzgwNSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9iZW5ueXpob3UuYjJjbG9naW4uY29tLzUzYjRjYmY0LWU1NDYtNDU2ZS04ZTI0LTlhM2RlOGQ3ZTljYy92Mi4wLyIsInN1YiI6ImUyN2YwZGU0LTMxODItNDZlYi1iMjYzLTdkMThkOGY4OWE1OCIsImF1ZCI6IjdhZGJiNWY4LTE3ZDItNGRmYS05NGNkLTVhYjFjYmM5ZjQxNSIsIm5vbmNlIjoiZGVmYXVsdE5vbmNlIiwiaWF0IjoxNjY2NzY3ODA1LCJhdXRoX3RpbWUiOjE2NjY3Njc4MDUsIm9pZCI6ImUyN2YwZGU0LTMxODItNDZlYi1iMjYzLTdkMThkOGY4OWE1OCIsImNvdW50cnkiOiJDaGluYSIsIm5hbWUiOiJLYXJsYSIsImVtYWlscyI6WyJrYXJsYS56aGFuZ0BtYWlzY3JtLmNvbSJdLCJ0ZnAiOiJCMkNfMV9zaWdudXBzaWduaW4xIiwiY19oYXNoIjoiOU1Oc2k5b05KQzZYWjRVSkFvS0N6dyJ9.RckgULrCBdXzw-7-VYgmB7k0Ghfg1jRMsJF8_1oxLbNXTOcZDe9grbJKcpWoesHp5L5_bVfAa1HQOFzMlmPwPPvM0a2yl1zT8UQzJ_a8W4EHkA4Ao3Xt3osbjoBhRh65Nu4fCVGHswPgxZNAR_N7jr4pR6Pf4PllmKpne-bw7onz_HjpT4ulyyq8jNZye3YokPZh0ha9LaV_19NiwfnVAR451lqfugKs2DWfseXbyGlOnjFCl_UHQDOxa1_ZUTmvF1JUgff2VAOmW2925RMQopzfDjCUEvwZMLr8pKTystErvUR6a8itRAKIFwbfEh3en8PqBun9T89-5qKmmN4NTQ&client_secret=h888Q~Jlg97L2ngl6GHpaKqS6FmkLygeTVY7Eb-h
I tried to search the error message but only get two discussion threads in Stackoverflow, however no useful info found.
https://stackoverflow.com/search?q=AADB2C90090%3A+The+provided+JWE+is+not+a+valid+5+segment+token.
I tried to reproduce the same in my environment and got the same error as below:
To generate the access token, ID token and code in the browser I used the below parameters:
GET https://Tenant.b2clogin.com/Tenant.onmicrosoft.com/B2C_1_testuserflow/oauth2/v2.0/authorize?
client_id=37cd7fca-ea8f-4300-XXXX-XXXXXXXXXX
&response_type=code+id_token
&redirect_uri=https://jwt.ms
&response_mode=fragment
&scope=openid
&state=12345
The error usually occurs if you pass invalid code value. To resolve the error, make sure to copy only the code value not with id token.
I am able to call /token to refresh the token successfully like below:
I have got details to send data to Azure SAS.
Storage Account Name: acountname123
Blob Container Name - containername123
SAS URI:
https://acountname123.blob.core.windows.net/containername123?sv=2019-12-12&si=xxinboundpolicy&sr=c&sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I tried to call this from soapui however its giving error related to authorization header.
Can you pl help me with what I need to pass in authorization header.
I followed below links
https://learn.microsoft.com/en-us/rest/api/storageservices/put-blob
https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
Thanks
Yatan
Whenever i connect Azure platform from my platform & access for Authorization getting an error like the following
Authorization failed with the error message, 'AADSTS900144: The
request body must contain the following parameter: 'code'. Trace ID:
0c2a6ce5-a127-491f-8ef5-34b4b0f11a00 Correlation ID:
5ae207ac-ff51-43da-92a6-0225372c55b1 Timestamp: 2020-10-06 11:19:33Z'
Similarly faced scope value exception.Refered the link AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
Now, How to fetch the code value Azure platform?
Code will be provided in the response of the authorization request. Once obtained you will include it in the token request as detailed in Request an access token.
According to your error message, you are missing request parameters when requesting an access token. You need to put the following parameters in the request body:
For code, it needs to be acquired by interactive login users, you need to execute the following request in the browser to acquire it:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
I'm using Ember.js and Node. I already have json web token based authentication set up and am now trying to use LinkedIn's REST API to get information for my user profiles.
I'm able to redirect my users to the LinkedIn authorization code endpoint (Step 2 in this guide: https://developer.linkedin.com/docs/oauth2), but I'm getting stuck on Step 3 (Exchange Authorization Code for Access Token). When I make the POST request with the correct parameters, I get a 401 unauthorized_client error no matter how I try and make the request.
I'm making the request directly from my Node server, and using the request module. I've tried including the params as query params, and as part of the body. I've tried adjusting the headers and the url encoding but nothing seems to change the 401 error.
This is the call I need to be making according to the guide:
POST /uas/oauth2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=987654321&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Fauth%2Flinkedin&client_id=123456789&client_secret=shhdonottell
This should not happen if you are POSTing the correct parameters. You can rather try it with an alternative way. With the authorization code you received in Step 2, use request based service like POSTMAN and try getting the response again. If you get it using that it means there has been some error while you are making the request.
Make sure to properly provide the headers.
Even after the POSTMAN service if you get an unauthorized response, confirm your client_id and client_secret.
Please note that for 2-legged authentication, the grant_type should always be "client_credentials". Also, you only need to supply the client_id and client_secret as parameters, nothing more. See the sample in the LinkedIn documentation. It looks like you try to do a 3-legged authentication request.