I recently deployed a Node.js/express application to a Google Cloud Compute VM. How do I send it get requests? I followed the instructions in this article to get my URL. When I curl it from the command line, though, I get a 401 authentication credential error.
Request:
https://compute.googleapis.com/compute/v1/projects/*PROJECT_ID*/zones/*ZONE*/machineTypes/e2-standard-2
I am already logged into the gcloud SDK--is there some kind of other auth I need to network with my VM?
Full Error Message:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "compute.v1.MachineTypesService.Get",
"service": "compute.googleapis.com"
}
}
]
}
}
Related
I have a REST API on the internet that is secured with Azure AD and a required header (custom apikey).
You can call this API in example with postman using the client credentials flow. This all works fine.
I'm now developing a custom Azure DevOps extension that is showing the information returned from that API in the workitem form of ADO. I can call the API (if I remove the security from the API) from the extension through a generic Service Connection. Now I want to get the security working.
So I want to create a custom service connection that will get an accesstoken from the azure AD using ClientID and ClientSecret (client credentials flow).
When I have that working, I can call my API on a secure way.
Also how do I add the mandatory header to the call to the api? I need to add the header as field to the service connection as well right?
So I think I end up with a custom service connection instance that asks for TenantId, ClientId, Client Secret, Audience/Scope, List of headers (name/value).
For a more reference blog post I used this one: https://thingswithcode.blogspot.com/2019/07/using-azure-devops-service-connections.html
{
"id": "api-service-connection",
"description": "Service connection for api",
"type": "ms.vss-endpoint.service-endpoint-type",
"targets": [
"ms.vss-endpoint.endpoint-types"
],
"properties": {
"name": "Call API",
"displayName": "Call API",
"icon": "img/world.png",
"url": {
"displayName": "API Url",
"value": "https://path-to-api",
"helpText": "Url of the API to connect to."
},
"inputDescriptors": [
{
"id": "api-key",
"name": "API Key",
"description": "The value for the header 'ApiKey'",
"inputMode": "textbox",
"isConfidential": false,
"validation": {
"isRequired": true,
"dataType": "string"
}
}
],
"authenticationSchemes": [
{
"type": "ms.vss-endpoint.endpoint-auth-scheme-oauth2" // this is wrong...
}
],
"headers": [
{
"name": "ApiKey",
"value": "{{endpoint.api-key}}"
}
],
"helpMarkDown": "<b>Learn more</b>"
}
}
Thanks
I am using arm template to deploy Azure NotificationHub
Here is
{
"apiVersion": "2017-04-01",
"type": "Microsoft.NotificationHubs/namespaces/notificationHubs",
"name": "[parameters('notificationHub_name')]",
"location": "[parameters('location')]",
"properties": {
"GcmCredential": {
"properties": {
"googleApiKey": "[parameters('googleApiKey')]",
"gcmEndpoint": "[parameters('googleEndpoint')]"
}
},
"ApnsCredential": {
"properties": {
"appId": "[parameters('apnsAppId')]",
"appName": "[parameters('apnsAppNameId')]",
"keyId": "[parameters('apnsKeyId')]",
"token": "[parameters('apnsToken')]",
"endpoint": "[parameters('apnsEndpoint')]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.NotificationHubs/namespaces', parameters('notificationHub_namespace'))]"
]
}
But I got error without details BadRequest
{
"code": "DeploymentFailed",
"details": [
{
"code": "BadRequest",
"message": {
"error": {
"message": "Bad Request",
"code": "BadRequest"
}
}
]
}
I test my parameters from azure portal and it works - so I assume that parameters are correct.
The question is how to deploy NotificationHub with ApnsCredentials using ARM?
Above arm template is correct.
My parameters were bad.
I found solution by previewing requests sent from azure portal.
I was using endpoints for certificates:
Sandbox endpoint: gateway.sandbox.push.apple.com,
Production endpoint: gateway.push.apple.com
Endpoints for token authorization are different :
Sandbox Endpoint: https://api.development.push.apple.com:443/3/device
Production Endpoint: https://api.push.apple.com:443/3/device
Here you can find details:
https://learn.microsoft.com/en-us/azure/notification-hubs/notification-hubs-push-notification-http2-token-authentification#configure-via-management-api-rest
We are setting up Microsoft Azure Active Directory as an SSO solution for our mobile app but want to manage the account creation for users via the server side Microsoft Graph API.
For internal users of the domain, this works perfectly as we are using the Graph API as an admin user to create the accounts.
But, when trying to create an external account, (say joe.bloggs#gmail.com), this fails.
We are using the API call:
POST https://graph.microsoft.com/v1.0/users
BODY:
{
"accountEnabled": true,
"mailNickname": "joe.bloggs",
"displayName": "Joe Bloggs",
"givenName": "Joe",
"surname": "Bloggs",
"userPrincipalName": "joe.bloggs#gmail.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": false,
"password": "somepassword"
}
}
RESPONSE:
{
"error": {
"code": "Request_BadRequest",
"message": "Property userPrincipalName is invalid.",
"innerError": {
"request-id": "619450ec-e703-4a12-86e3-8f53c20d55fc",
"date": "2018-01-17T16:30:37"
},
"details": [
{
"target": "userPrincipalName",
"code": "InvalidValue"
}
]
}
}
It is saying the "userPrincipalName" is invalid, but after reviewing the documentation I'm not sure if the API supports external accounts or not?
NOTE: I realise you can use the "/beta/invitations" call but this does not create accounts.
I assume that you'r using Azure AD B2B and want to add new guest users to your Directory.
One thing I want to make clear is that you can invite guest users to your Directory , but you cannot create guest users directly in your Directory.
So, you can invite guest users with this Microsoft Graph API:
Request
POST https://graph.microsoft.com/beta/invitations
Content-type: application/json
Content-length: 551
{
"invitedUserEmailAddress": "yyy#test.com",
"inviteRedirectUrl": "https://myapp.com"
}
Response
HTTP/1.1 201 OK
Content-type: application/json
Content-length: 551
{
"id": "7b92124c-9fa9-406f-8b8e-225df8376ba9",
"inviteRedeemUrl": "https://invitations.microsoft.com/redeem/?tenant=04dcc6ab-388a-4559-b527-fbec656300ea&user=7b92124c-9fa9-406f-8b8e-225df8376ba9&ticket=VV9dmiExBsfRIVNFjb9ITj9VXAd07Ypv4gTg%2f8PiuJs%3d&lc=1033&ver=2.0",
"invitedUserDisplayName": "yyy",
"invitedUserEmailAddress": "yyy#test.com",
"sendInvitationMessage": false,
"invitedUserMessageInfo": {
"messageLanguage": null,
"ccRecipients": [
{
"emailAddress": {
"name": null,
"address": null
}
}
],
"customizedMessageBody": null
},
"inviteRedirectUrl": "https://myapp.com/",
"status": "Completed",
"invitedUser": [ { "id": "243b1de4-ad9f-421c-a933-d55305fb165d" } ]
}
Additional, if you want to invite guest users without an invitation, please refer to this document.
Hope this helps!
I'm trying to use Gocardless to enable SEPA payment in my website.
The example in the API doc doesn't work and seems uncomplete
POST https://api.gocardless.com/redirect_flows HTTP/1.1
{
"redirect_flows": {
"description": "Wine boxes",
"session_token": "SESS_wSs0uGYMISxzqOBq",
"success_redirect_url": "https://example.com/pay/confirm",
"prefilled_customer": {
"given_name": "Frank",
"family_name": "Osborne",
"email": "frank.osborne#acmeplc.com"
}
}
}
That's the response I get :
{
"error": {
"message": "not found",
"errors": [
{
"reason": "not_found",
"message": "not found"
}
],
"documentation_url": "https://developer.gocardless.com/api-reference#not_found",
"type": "invalid_api_usage",
"request_id": "7ae43821-345d-4ffd-98d6-15c4fe5513e6",
"code": 404
}
}
How can it work if the access token of the application is never asked for the request ?
I am trying to create filters via the Gmail API
Services > Gmail API v1 > gmail.users.settings.filters.create
Listing and lookup of single filters are working but I am not able to create new filters.
Request
POST https://www.googleapis.com/gmail/v1/users/me/settings/filters?key={YOUR_API_KEY}
{
"criteria": {
"query": "test"
},
"action": {
"addLabelIds": [
"Label_582"
]
}
}
Response
500
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Backend Error"
}
],
"code": 500,
"message": "Backend Error"
}
}
"Label_582" is valid.
Any ideas?
Thanks and best regards