Is there any way that I can create or modify an AzureAD App to allow the OAuth 2.0 Implicit flow via the Azure CLI 2.0?
I'm able to create app registrations without issue using az ad app create
It does not look like the Azure CLI 2.0 exposes the OAuth2AllowImplicitFlow property to be set, however the Azure Active Directory PowerShell 2.0 does expose this property:
-Oauth2AllowImplicitFlow
Specifies whether this web application can request OAuth2.0 implicit
flow tokens. The default is false.
Type: Boolean
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Let me know if this helps.
You can use CLI to call Graph API to do achieve that. This method needs to create service principal in your AAD Tenant, and assign Company Admin role to it.
Get an authentication token
curl -X "POST" "https://login.microsoftonline.com/$TENANTID/oauth2/token" \
-H "Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productionb; stsservicecookie=ests" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$APPID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$PASSWORD" \
--data-urlencode "resource=https://graph.windows.net/"
Set the AAD applicaiton Oauth2AllowImplicitFlow to be true:
curl -X "PATCH" "https://graph.windows.net/$TENANTID/applications/$ObjectId?api-version=1.6" \
-H "Authorization: Bearer $ACCESSTOKEN" \
-H "Content-Type: application/json" \
-d $'{"oauth2AllowImplicitFlow":true}'
After few seconds, Oauth2AllowImplicitFlow of your application has been set to be true.
Additional, as #Shawn said that Azure CLI doesn't have this cmdlet to set AAD Application,but Azure Powershell have. However Azure CLI is an important tool for Linux platform to use Azure. I think we can post this feature feedback in this Page. Azure Team will review it.
Hope this helps!
Related
The exception is:
InvalidAbfsRestOperationExceptionjava.net.SocketException: Connection
reset
The same storage account and the container is accessible from another machine.
we have also checked the following API, it is providing the proper token.
curl --location -g --request POST 'https://login.microsoftonline.com/{{tenantId}}/oauth2/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id={{Application_ID}}' --data-urlencode 'client_secret={{clientSecret}}' --data-urlencode 'resource=https://management.azure.com/'
We have also checked the following things:
Network access is public in the storage account (no restriction)
We are accessing it via java using lib hadoop-azure3.3.0.jar
I generated selfsigned domain certificate and then started Keycloak:
docker run \
--name keycloak \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=password \
-e KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem \
-e KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem \
-v $PWD/server.crt.pem:/opt/keycloak/conf/server.crt.pem \
-v $PWD/server.key.pem:/opt/keycloak/conf/server.key.pem \
-p 8443:8443 \
quay.io/keycloak/keycloak \
start-dev
But I can't access auth page https://<IP>:8443/auth/. There is always "Page not found" error.
What is wrong?
Starting with Keycloak 17 for the Quarkus distribution:
The new distribution introduces a number of breaking changes,
including:
Configuring Keycloak has significantly changed
Quarkus is not an application server, but rather a framework to build applications
/auth removed from the default context path
Custom providers are packaged and deployed differently
Because of the third bullet point you are getting
But I can't access auth page https://:8443/auth/. There is always
"Page not found" error.
You can get around this issue with one of two solutions:
Use the previous endpoints, but now removing /auth from them or;
as pointed on in the documentation:
By default, the new Quarkus distribution removes /auth from the
context-path. To re-introduce the /auth use the http-relative-path
build option. For example: bin/kc.[sh|bat] start-dev --http-relative-path /auth
There is no more auth. It is now called admin
Access page with: https://<IP>:8443/admin/
I would like people to be able to subscribe to my website through Paypal. I've managed to install the Paypal buttons and can now obtain an access token to make "REST API" calls. But I'm failing to get any details of the subscriptions. Here's my cURL code which I run through reqbin.com:
curl -v -X GET https://api-m.paypal.com/v1/payments/billing-plans?page_size=3&status=ALL&page_size=2&page=1&total_required=yes \
-H "Content-Type: application/json" \
-H "Authorization: Bearer A21AAOtUj14g7QOd..............mL2MjJrgPE-Hr5lkaBN4f5Tg8wiErwgWd-sn-1hg6yqRMjtgRg"
curl -v -X GET https://api-m.paypal.com/v1/payments/billing-plans/P-8YD8773..........5UOKQ \
-H "Content-Type: application/json" \
-H "Authorization: Bearer A21AAOtUj14g7QOdj2PKN............6nutDPKmL2MjJrgPE-Hr5lkaBN4f5Tg8wiErwgWd-sn-1hg6yqRMjtgRg"
where you can see I have inserted the details of my access token and my billing plan ID obtained from my Paypal account. The former curl call should return details of my billing plan ID and the latter subscriptions under it. But the billing plan doesn't seem to exist as far as the API-REST goes. Can anyone see what I'm doing wrong?
Thanks.
It seems you are using a deprecated billing-plans API.
The current PayPal Subscriptions APIs are documented here., with a guide here.
I am doing example of Spring Boot Security with wso2is server from this post https://github.com/angel-git/wso2is-springoauth, when I am trying to access resource with access token I am getting
{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
I am generating access token by:
curl -u CLIENT_ID:CLIENT_SECRET-k -d
"grant_type=password&username=admin&password=admin" -H
"Content-Type:application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token
and accessing resources by:
curl -H GET "Authorization: ACCESS_TOKEN"
http://localhost:8080/greeting
I found many solution on stackoverflow but unfortunately could not solve my issue
please help, thank you
I was getting the same error message for
"curl http://localhost:8080/spring4/beans" :
{"timestamp":1493591079040,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource.","path":"/spring4/beans"}
Setting the below property in application.properties bypassed the security check & I could use all the acuator endpoints:
management.security.enabled=false
Many thanx to Angel Gavalda who helped me to solved problem. I used following commands to generate access token and access resource
For Generating Access token:-
curl -k -d
'grant_type=client_credentials&client_id=yourClientId&client_secret=yourClientSecret'
https://localhost:9443/oauth2/token
For Accessing Resource:-
curl -k -H "Authorization: Bearer $ACCESS_TOKEN"
http://localhost:8080/greeting
When the answer above does not solve this issue change OAuthConfigurations/RemoveOAuthHeadersFromOutMessage to false in the file api-manager.xml.
How can I find the publicly available Image IDs on Windows Azure?
I found this related question - Azure: List OS Images
But, the answer requires Windows+PowerShell while I need a way to get it on Linux or REST/
Use the URL specified here:
http://msdn.microsoft.com/en-us/library/windowsazure/jj157191.aspx
You'll need to provide a client certificate when sending the request.
If you are using curl on Linux, add the --cert to point to a .pem file (you'll need to upload it to the administrator's management certificate as a .cer file first).
Don't forget to add the x-ms-version header for it to work:
-H "x-ms-version: 2013-03-01"
Here is an example of using curl to get the auto-scale information for a cloud service
curl -H "accept: application/json" -H "x-ms-version: 2013-10-01"
--cert azure-cert.pem $AUTOSCALEURL