I am following this guide in order to authenticate devices with certificates, but when i run the following command i get 404 NOT FOUND (i am using the Hono sandbox):
curl -i -H 'Content-Type: application/json' -H 'Expect:' --data-binary #tenant.json https://hono.eclipse.org:28443/tenant
I also tried replacing hono.eclipse.org with hono.eclipseprojects.io since i read that the domain name will be deprecated.
I was wondering if the guide is up to date or something changed on the new releases of Hono.
Indeed, Hono's example registry (as used by the sandbox) implements and exposes the Device Registry Management API now. The tenant management endpoint URL to post to in order to create a tenant is
https://hono.eclipseprojects.io:28443/v1/tenants/{your_desired_tenant_id}
Also make sure to check the payload format with the API spec.
You might want to take a look at Hono's Getting Started guide which also illustrates how to register a tenant, device and credentials.
Related
It's easy to upload an API to an organisation via SwaggerHub CLI:
swaggerhub api:create OWNER/API_NAME/[VERSION]
But I need to upload an API under some project inside an organisation.
In all examples from https://github.com/SmartBear/swaggerhub-cli
there is no "project" variable.
SwaggerHub CLI does not support projects yet. There's an existing feature request for that.
You can, however, use SwaggerHub Registry API to add your uploaded API to a specific project.
curl -X PUT https://api.swaggerhub.com/projects/ORG_NAME/PROJECT_NAME/apis/API_NAME -H "Authorization: YOUR_API_KEY"
If you use self-hosted SwaggerHub On-Premise, the request would be as follows and requires v. 1.26 or later. Add the -k flag if your instance uses a self-signed or privately signed certificate.
curl -X PUT http(s)://YOUR_SERVER/v1/projects/ORG_NAME/PROJECT_NAME/apis/API_NAME -H "Authorization: YOUR_API_KEY"
My HTTP Cloud Function is working fine, but it is public. After testing it out I used the GCP console to restrict it to a particular user (ie my own Google account) and, as I expected, I get 403 when I send requests to it. This is good. But I don't know what I need to add to my request for it to get past Google's security. I assume it wants to check a header for a token and verify it against the IAM, but I haven't found any examples yet.
There's a lot of information about using Cloudflare for this, and also someone has done some clever work building an OAuth check inside their cloud function. But clearly Google is already doing a security check for me (this may be new functionality) and I would rather use that than build my own. To be specific then, I went into the permissions section of my Cloud Function and added a member to the 'Cloud Functions Invoker' role. I can add AllUsers as a member and the CF becomes public, take it out and I'm back to 403 responses. So the security is definitely working. I just need a way to identify the caller.
Does anyone know how to add the right keys or whatever to the request?
Some more reading and I found the answer here
The answer is that CFs are, indeed, doing OAuth so my request needs to look something like this:
curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME \
-H "Authorization: bearer $(gcloud auth print-identity-token)"
That's using the gcloud command to pull the JWT down and put it in the header. To actually make it work I needed to create a service account and download its key (to the file referred to below). I then added that to the CF (in permissions) and then used
gcloud auth activate-service-account --key-file=sa-cf.json
to make that my currently active account so that the token printed was for that account. Beware when doing this because the tokens quickly expire so if you're pasting them into Postman (as I was) it won't work if you leave it any time before sending the request.
Hope this helps someone else.
I just signed up for an Azure free trial and added the Bing Cognitive Service (I want to do image searches). I've gotten the auth key for the service from the Resource Management section of the service, and followed the walkthrough steps in the documentation. Here's a sample request:
curl "https://api.cognitive.microsoft.com/bing/v7.0/images/search?safeSearch=Strict&q=Chutes%20and%20Ladders%20game&imageType=Photo" \
-H 'Ocp-Apim-Subscription-Key: <my key from Resource Management>'
I'm getting a 401 response with the message Access denied due to invalid subscription key. Any ideas? Am I using the wrong key?
Here's a visual where I'm getting the key from:
I decided to try creating a new instance of the same service and the new keys works. I'm not sure what went wrong with my first one. If MS wants to troubleshoot it I'll keep it around and post any updates here.
I want to create a simple backend application in node that can query AAD to get a list of OUs or Groups. My application needs this type of information to create groups of users in our system. I'm having trouble getting started here. I found this example which is in DotNet which does a Daemon server flow. I've found these informative links:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/#daemon-or-server-application-to-web-api
Basically I want to be able to make a backend request using certificate based authentication without any user involvement. I'm assuming an adminsitrator will need to allow my application to make this request through some authorization flow. I'm looking for a simple step-by-step guide to get this going along with some sample NodeJS code. Something similar to this example: https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential
Assuming I don't have a windows machine will I need to somehow run Powershell commandsfrom some sort of mono emulator on my Linux servers?
I figured out how to get the basic certificate flow working. It's not well documented, however if you look at the tests/client-credentials.js in the source code for adal-node, you will see some examples.
If you're using Azure App Service web apps, you can follow this guide to integrate AAD with your application: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/
Once you have that, auth will be enabled for your app and you can configure the AAD app in the portal. See this blog post for more details: http://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles.aspx
To integrate with node.js, see this example for details:
https://github.com/Azure-Samples/active-directory-node-webapi
Once you have that, switch to using cert auth similar to the example you provided. Also you shouldn't need powershell. For more information on how AAD works see: https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/
In my GitHub account I have a few public repositories that I created plus several private repositories forked from repositories in my organization.
My problems are
a) GET /user/repos is only listing the public personally created repositories regardless of the 'type' parameter
b) COMPARE calls on the forked repositories is returning 404
I'm logging in using Oauth 2.
Is there something that I am missing?
Thanks
If I understand correctly, the situation you're describing is as follows:
You belong to an organization. (Let's call it "#your-organization".)
#your-organization has at least one private repository. (Let's call it "your-organization/private-repo".)
You have a fork of that repository in your personal account (e.g., gulliver-smith/private-repo).
You're using an OAuth token to authenticate with the GitHub API.
When you access GET /user/repos, the response does not include your fork (e.g., gulliver-smith/private-repo).
When you access GET /repos/gulliver-smith/private-repo/compare/:base...:head, you get a 404.
If that's right, there are a few things you'll want to verify:
Ensure that your OAuth token has repo scope. If your token does not have repo scope, you'll observe the behavior described above. To verify the scopes associated with your token, look at the X-OAuth-Scopes response header.
$ curl -I https://api.github.com/ -H "Authorization: token REDACTED" | grep ^X-OAuth-Scopes
X-OAuth-Scopes: admin:org, admin:public_key, delete_repo, gist, notifications, repo, user
If you're using a token that belongs to an OAuth application, the organization may have third-party application restrictions enabled. If so, you can ask the organization's administrators to approve the OAuth application so that the app can access the organization's repositories on your behalf.