I cannot seem to generate a basic successful call to the onelogin API. I can generate a token from a client ID and secret successfully but every call I do with the token that is output gets a 401. Sample code with replaced token below.
Invoke-RestMethod -Uri https://api.us.onelogin.com/api/2/users? -ContentType application/json -Headers #{Authorization="bearer:12345"} -Method Get
I built the command out by hand to prove it was not some error saving the access_token line out to a variable and still 401.
It was a space needing to be added in the bearer statement.
$Splat = #{
Method = 'GET'
Uri = 'https://api.us.onelogin.com/api/2/users?created_until=2020-07-01T20:38:24Z&last_login_until=2020-07-01T20:38:24Z'
ContentType = "application/json"
Headers = #{authorization = "bearer: $($Token)"}
}
Invoke-RestMethod #Splat
Related
I have an Azure Function which has authentication enabled and set to require an identity provider:
App Service authentication: Enabled
Restrict access: Require authentication
Unauthenticated requests: Return HTTP 401 Unauthorized
Token store: Enabled
Identity provider - App (client) ID
(Name of App Removed): Client ID Removed
Client Secret Setting Name: Microsoft_Provider_Authentication_Secret
When I use Power Automate to POST to the HTTP function it works. This tells me the security is set up and working as expected. When I try and POST to the function directly from PowerShell using my desktop, I get a 401 unauthorized. This is a GCCH environment.
This is the PowerShell code where I get an oath token and am trying to use that to POST to the HTTP function. I tried using the HTTP URL with and without the 'code=' and neither worked.
#These URLs are used to access get the token; scope has not been required is uses the app ID
$loginURL = "https://login.microsoftonline.us"
$resource = "https://graph.microsoft.us"
$Tenant = "mytenant.onmicrosoft.us"
$ClientID = "removed"
$Secret="removed"
$fcnKey = "removed"
$fcnURL = "https://removed?" #Azure function url without the code at the end
$AuthBody = #{
grant_type="client_credentials";
resource=$resource;
client_id=$ClientID;
client_secret=$Secret}
$Oauth = Invoke-RestMethod -Method POST -Uri $loginURL/$Tenant/oauth2/token?api-version=1.0 -Body
$AuthBody -ContentType "application/x-www-form-urlencoded"
$AuthToken = #{
'Authorization'="$($Oauth.token_type) $($Oauth.access_token)";
'Content-Type' = "application/json";
'x-functions-key' = $fcnkey;}
#This returns a 401 unauthorized
Invoke-RestMethod -Headers $AuthToken -Uri $fcnURL -Method POST
#This also returns a 401 unauthorized
$AuthToken = #{
'Authorization'="$($Oauth.token_type) $($Oauth.access_token)";
'Content-Type' = "application/json";}
$FullURL = "https://removed?code=removed"
Invoke-RestMethod -Headers $AuthToken -Uri $fullURL -Method POST
As #jdweng suggested to check the type of authentication and the process of authorization in this MS Doc of Azure AD Authentication Flows.
Check if the below steps help to fix the issue:
Make Sure you entered the "App ID URI" in the "Allowed Token Audiences" Box.
Same App ID URI should be used for acquiring the token.
Refer to the Similar issue-solutions where 401 Unauthorized error is registered on enabling the App service Authentication on Azure Function App such as MSQ&A337577, SO Questions 67957353 and 55226143.
I am trying to fetch the attachments of the Test Run Result steps and Test Run Result Summary Details but unable to find any API related to that
I am attaching the Image below Rectangle 1 is the attchments for Test Run Result Steps and Rectangele 2 is the attachments for Test Run Result Summary Detais
If anyone have any knowledge about these perticular apis please let me know.
I have checked the AZURE API Documentation but couldn't find the specific API if I have missied something please let me know.
Thanks
By calling the Get Test Result Attachments REST API, we can get all the IDs of the attachments:
GET https://dev.azure.com/{organization}/{project}/_apis/test/Runs/{runId}/Results/{testCaseResultId}/attachments?api-version=6.0-preview.1
After that, if you want to get the attachments you can call Attachments - Get Test Result Attachment Zip REST API with the specific Attachment ID.
GET https://dev.azure.com/{organization}/{project}/_apis/test/Runs/{runId}/Results/{testCaseResultId}/attachments/{attachmentId}?api-version=6.0-preview.1
Please note that the REST API Attachments - Get Test Result Attachment Zip will display the context of the attachments instead of download the attachments directly. If you want to download the attachments, you can write a script to save them to a local directory. The following PowerShell script for your reference:
$AttachmentsOutfile = "D:\Test\HellWorld.java"
$connectionToken="You PAT Here"
$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::
ASCII.GetBytes(":$($connectionToken)"))
$AuditLogURL = "https://dev.azure.com/{organization}/{project}/_apis/test/Runs/{runId}/Results/{testCaseResultId}/attachments/{attachmentId}?api-version=6.0-preview.1"
$AuditInfo = Invoke-RestMethod -Uri $AuditLogURL -Headers #{authorization = "Basic $base64AuthInfo"} -Method Get –OutFile $AttachmentsOutfile
UPDATE:
However the Get Test Result Attachments REST API can only get the attachments attached from the test run UI (attached by clicking the Add attachment button).
To get the attachments of the Test Run Result steps and Test Run Result Summary, we can call Results - Get REST API with parameter detailsToInclude=iterations added:
GET https://dev.azure.com/{organization}/{project}/_apis/test/Runs/{runId}/results/{testCaseResultId}?detailsToInclude=iterations&api-version=6.0
After that we can download the attachments by their ID. The following PowerShell script for your reference to download them in a loop:
Param(
[string]$orgurl = "https://dev.azure.com/{org}",
[string]$project = "Test0924",
[string]$downloadlocation = "C:\temp\1025\",
[string]$TestRunId = "1000294",
[string]$ResultId = "100000",
[string]$user = "",
[string]$token = "PAT"
)
# Base64-encodes the Personal Access Token (PAT) appropriately
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$token)))
#List test result and test step attachments:
$testresultUrl = "$orgurl/$project/_apis/test/Runs/$TestRunId/Results/$($ResultId)?detailsToInclude=iterations&api-version=6.0"
$attachments = (Invoke-RestMethod -Uri $testresultUrl -Method Get -Headers #{Authorization=("Basic {0}" -f $base64AuthInfo)}).iterationDetails.attachments
ForEach ($attachment in $attachments) {
#Get test result and step attachments:
$attachmentid = $attachment.id
$attachmentname = $attachment.name
$attachmenturl = "$orgurl/$project/_apis/test/Runs/$TestRunId/Results/$ResultId/attachments/$($attachmentid)?api-version=6.0"
Invoke-RestMethod -Uri $attachmenturl -Method Get -Headers #{Authorization=("Basic {0}" -f $base64AuthInfo)} -OutFile $downloadlocation\$attachmentname
}
I'm trying to use the Azure Cognitive Services API with Powershell to 'read' the contents of a .jpg in a blob store. Everything I am trying to do works perfectly using the Azure API demo/test page, so I am fairly sure that this, to a degree, proves that some elements I'm using in my code are valid. Well, at least they are when using the API testing tool.
Here is my Powershell:
Clear-Host
$myUri = "<ENDPOINT value from "keys and endpoint blade">/vision/v3.0/read/analyze?language=en"
$imagePath = "<path to image in blob. accessible online and anonymously>"
$subKey = "<KEY #1 from "keys and endpoint" blade>"
$headersHash = #{}
$headersHash.Add( "Host", "westeurope.api.cognitive.microsoft.com" )
$headersHash.Add( "Ocp-Apim-Subscription-Key", $subKey )
$headersHash.Add( "Content-Type","application/json" )
$bodyHash = #{ "url" = $imagePath }
out-host -InputObject "Sending request:"
$response = Invoke-WebRequest -uri $myUri `
-Method Post `
-Headers $headersHash `
-Body $bodyHash `
-verbose
"Response: $response"
When I send that, all I ever get is a:
Invoke-WebRequest : The remote server returned an error: (400) Bad Request.
At C:\scratch\testy.ps1:15 char:13
+ $response = Invoke-WebRequest -uri $myUri `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-W
ebRequest], WebException
+ FullyQualifiedErrorId :
WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
I must be missing something basic but I cannot see what. There are no published examples of using Powershell to access the CS APIs that I can find but there is an example with Python (requests) and I'm pretty sure I'm emulating and representing what goes into the Python example correctly. But then again, its not working so something isn't right.
Strangely, when I try to recreate this in Postman, I get a 202 but no response body, so its not possible for me to view or extract the apim-request-id in order to manufacture the next request to retrieve the results.
Found the issue. The problem was made clear when I wrapped the call in a try/catch block and put this in the catch block:
$streamReader =
[System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream())
$ErrResp = $streamReader.ReadToEnd() | ConvertFrom-Json
$streamReader.Close()
I was then able to look at the contents of the $ErrResp variable and there was a fragment of a string which said "unable to download target image.." or something to that effect. Odd because I could use the URL I was supplying to instantly connect to and get the image.. so it had to be the way the URL was being injecting into the body.
It was.
When using a hashtable as the body, where your Content-Type is 'application/json' all you need to do, it seems, is use convertto-json with your hash first. This worked and I instantly got my 202 and the pointer to where to collect my results.
Hopefully this will help someone, somewhere, sometime.
Trying to figure out how to use Azure AppConfiguration REST API (mostly to retrieve and create key-values). So far I found two sources of information: Configuration Stores REST API docs and this GitHub repo Azure App Configuration.
How these two sources are corresponding with each other? They apparently describe some different AppConfig REST API.
I managed to retrieve values from my AppConfig store using this type of URI and AAD authorization
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.AppConfiguration/configurationStores/{configStoreName}/listKeyValue?api-version=2019-10-01 But it allows to get only one value of one particular key.
The other approach uses URI based on AppConfig endpoint {StoreName}.azconfig.io/kv/... and must have more flexible ways to retrieve data. But I can't make it work. I tried to follow instructions. And I tried to make a request to this URI using AAD token as I did for the first type of API. In both cases I get 401 auth error.
Could anyone share some detailed working examples (Powershell, Postman)? Any help would be appreciated.
https://management.azure.com/ is the Azure Resource Management API, while the azconfig.io one is App Configuration's own API.
I think you should use App Configuration's own API. The same Azure AD token will not work for this API however. You need to request another access token with resource=https://yourstorename.azconfig.io or scope=https://yourstorename.azconfig.io/.default, depending if you use v1 or v2 token endpoint of Azure AD.
Use the $headers in the script to authenticate your api calls:
function Sign-Request(
[string] $hostname,
[string] $method, # GET, PUT, POST, DELETE
[string] $url, # path+query
[string] $body, # request body
[string] $credential, # access key id
[string] $secret # access key value (base64 encoded)
)
{
$verb = $method.ToUpperInvariant()
$utcNow = (Get-Date).ToUniversalTime().ToString("R", [Globalization.DateTimeFormatInfo]::InvariantInfo)
$contentHash = Compute-SHA256Hash $body
$signedHeaders = "x-ms-date;host;x-ms-content-sha256"; # Semicolon separated header names
$stringToSign = $verb + "`n" +
$url + "`n" +
$utcNow + ";" + $hostname + ";" + $contentHash # Semicolon separated signedHeaders values
$signature = Compute-HMACSHA256Hash $secret $stringToSign
# Return request headers
return #{
"x-ms-date" = $utcNow;
"x-ms-content-sha256" = $contentHash;
"Authorization" = "HMAC-SHA256 Credential=" + $credential + "&SignedHeaders=" + $signedHeaders + "&Signature=" + $signature
}
}
function Compute-SHA256Hash(
[string] $content
)
{
$sha256 = [System.Security.Cryptography.SHA256]::Create()
try {
return [Convert]::ToBase64String($sha256.ComputeHash([Text.Encoding]::ASCII.GetBytes($content)))
}
finally {
$sha256.Dispose()
}
}
function Compute-HMACSHA256Hash(
[string] $secret, # base64 encoded
[string] $content
)
{
$hmac = [System.Security.Cryptography.HMACSHA256]::new([Convert]::FromBase64String($secret))
try {
return [Convert]::ToBase64String($hmac.ComputeHash([Text.Encoding]::ASCII.GetBytes($content)))
}
finally {
$hmac.Dispose()
}
}
# Stop if any error occurs
$ErrorActionPreference = "Stop"
$uri = [System.Uri]::new("https://{myconfig}.azconfig.io/kv?api-version=1.0")
$method = "GET"
$body = $null
$credential = "<Credential>"
$secret = "<Secret>"
$headers = Sign-Request $uri.Authority $method $uri.PathAndQuery $body $credential $secret
Sauce: https://github.com/Azure/AppConfiguration/blob/master/docs/REST/authentication/hmac.md#JavaScript
I am developing a node.js application which uses outlook rest API to fetch the mails. I am using this API.
I am trying to refresh the token using the following request. I am using request npm to call the API
{
url: 'https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token',
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
formData:
{
scope: 'offline_access User.Read Mail.Read',
client_id: 'c251b61b-c6db-4f64-89bd-7009444d1bc8',
grant_type: 'refresh_token',
redirect_uri: 'http://localhost:3000/myurl',
refresh_token: 'refresh-token',
client_secret: 'cli-secret'
}
}
but getting the following error
{
"error": "invalid_grant",
"error_description": "AADSTS9002313: Invalid request. Request is malformed or invalid.745ec0500",
"correlation_id": "a2d87f11-0671-41f1-a5e7-654f1796c3d1"
}
I have also tried with adding Content-length in headers and appending all variables into a string using & and = and sending that in the body, but I got the same error. I am getting an access-token successfully.
So far I know you are trying to get refresh token in wrong way!
As the error said ,you are trying in incorrect grant_type.
As per your given document reference the grant_type should be authorization_code. Once you would get your Code then you need to use it for achieving access tokenand refresh token.
When your access token would expired then you have to Use the refresh token to get a new access token as document explains
In that case try with response_type=code format. I hope it would resolve your problem.
Request For Code:
Get Code In Postman Console:
Request For Access And Refresh Token With Code:
Get Access And Refresh Token By Code:
Get Refresh Token When Access Token Expired:
Note: This this the exact way how you would get authorization code and with this code how to get access token and refresh
token finally how to renew token with the refresh token when the
access token expired!
Thank you and happy coding!
When you generate the access token the first time that time you also get the refresh token. you have to store that token anywhere you can also store it in a database or a txt file.
$post_params_refresh = array(
"grant_type" => "refresh_token",
"client_id" => 'ReplaceYourClientId',
"refresh_token" => 'ReplaceYourOldRefreshToken',
"client_secret" => 'ReplaceYourClientSecretKey',
'scope' => 'https://graph.microsoft.com/User.ReadWrite.All',
);
$refreshTokenUrl = "https://login.windows.net/common/oauth2/v2.0/token";
$curl_refresh = curl_init($refreshTokenUrl);
curl_setopt($curl_refresh, CURLOPT_POST, true);
curl_setopt($curl_refresh, CURLOPT_POSTFIELDS, $post_params_refresh);
curl_setopt($curl_refresh, CURLOPT_HTTPHEADER, array("application/x-www-form-urlencoded"));
curl_setopt($curl_refresh, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($curl_refresh, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl_refresh, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl_refresh, CURLOPT_RETURNTRANSFER, 1);
$response_refresh = curl_exec($curl_refresh);
$arrResponseRefresh = json_decode($response_refresh);
$accessToken = $arrResponseRefresh->access_token;
$refreshToken = $arrResponseRefresh->refresh_token;
You get a new refresh token using this curl method and update this refresh token to the old token which you stored previously.