Forbidden: 403 Access Denied: Table marketcheck-gcp:marketcheck_histrorical_data.marketcheck_data: User does not have permission to query table marketcheck-gcp:marketcheck_histrorical_data.marketcheck_data.
403 has to do with your authentification being forbidden. You have to make sure that 1/ you have allowed the user (you) to access GCP ressource in firebase and 2/ That you send a request with headers containing your accurate key or bearer token.
Related
When i request my registry url i see this message "Unauthorized: Full authentication is required to access this resource".
NB: I start my keycloak and my registry before)
I've created a logic app that uploads a video file from OneDrive to VideoIndexer for processing.
Im getting an 401 error.
{
"ErrorType": "USER_NOT_ALLOWED",
"Message": "Access token does not have 'Contributor' permission. Trace id: '*****'."
}
** Im using a Trial account
** the error happened in callback url step
I tried to give a contributor access in the IAM account of my Media service.
When using a Trial account you need to retrieve a token using the dataplane API
https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Get-Account-Access-Token
Make sure you select "trial" as region and that you create a token with "edit" permission scope.
FvN
I have a protected service, but I need to create links for sharing purpose. So I came over this feature:
new ApiKeyAuthProvider(AppSettings) {
AllowInHttpParams=true
},
I'm calling the service, getting the API directly from the ApiKey table, and in the debug console I can even see the SQL, which is correct (select where id, and id is my api key) and matches an active user, but still I'm getting a 403 from ServiceStack.
The apikey query param is used. Https is used (with valid CA signed cert).
403 Forbidden indicates Authentication was successful (otherwise would return 401 unauthorized) but the authenticated user does not have access to the resource, e.g. they don't have the required roles or permissions.
I'm trying do develop an application that makes use of the Power BI API.
The problem is, even though I have a valid authentication token, every API endpoint I tried to access so far returns a 403 (Forbidden) Http status with no content on the response body.
I think the token I'm getting is valid because when I try to use the same token the next day it gives me a "Token expired message".
I'm using a corporative Azure Active Directory account where I'm not an administrator. But I have full access to the Power BI workspaces and Reports on it's web interface.
I'm currently authenticating with Azure AD Oatuh2 v1 but I also tryed v2 with no success (I'm still using v1 because on v2 I'm not sure my scope and resource parameters are right).
Here are the requests I'm sending:
GET
https://login.microsoftonline.com/{tenant}/oauth2/authorize?
client_id=<my client id>
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%3A8080/azureLogin/authorize
&response_mode=query
get the authorization code on the redirect at localhost:8080/azureLogin/authorize then
POST https://login.microsoftonline.com/{tenant}/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=<my client id>
&code=<the code I just got>
&redirect_uri=http%3A%2F%2Flocalhost%3A8080/azureLogin/authorize
&client_secret=<my client secret>
As "tenant" I tried both "common" and my organization id.
But when I try to access https://api.powerbi.com/v1.0/myorg/reports with the Authorization: Bearer <token> header. I get a 403 Forbiden response.
On Azure AD I can see my user has given all permissions to this application I registered.
Am I missing something? How can I solve that?
To make the answer visible to others, I'm summarizing the answer shared in comment:
You missed the resource parameter, you are access powerbi, so it should be
resource: https://analysis.windows.net/powerbi/api
The resource is app ID URI of the target web API (secured resource). It may also be an external resource like https://graph.microsoft.com, https://analysis.windows.net/powerbi/api etc. This is required in one of either the authorization or token requests.
I have an Azure Function that I have secured using Azure Active Directory (using express settings)
I generated an secret key and was able to get the other bits required (client id, tenant etc).I followed this guide to test the Client Credentials
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds .
I was able to get an access token but when I try to access the function using the Bearer Token I get error code 403 with 'You do not have permission to view this directory or page.'
How can I fix this? I want to secure my Azure function using a secret key.
Edit ----------
I want to access my Azure function http endpoint.
The requests I have used:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token/
With body:
client_id:{Application Id in Azure AD}
scope:https://{functionname}.azurewebsites.net/.default // This might be the source of the problem
client_secret:{Key Generated}
grant_type:client_credentials
This returns an access token eyJ0eXAiOiJKV1QiLCJhbGciOiJS.....
Then
Get http endpoint of my AzureFunction
https://{functionName}.azurewebsites.net/api/endpoint?Params
The Header contains Authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJS.....