I trying to access data from restlet using spoon rest client but it is not working. I am creating a field in add rows named creadentials. And passing this hole string in heders of rest client.
Authorization: NLAuth nlauth_account=12345, nlauth_email=jsmith#ABC.com, nlauth_signature=xxxx, nlauth_role=4
But i am getting error as no authorization headers.
I got the answer. We have to put authorization as name and
NLAuth nlauth_account=123, nlauth_email=abc#abc.com, nlauth_signature=password, nlauth_role=3
as value in add rows of spoon client and also add content-type as name and application/json as value then add all the fields in parameters. You have to add name as authorization and field authorization again name content-type field content-type. Remove default authorization username and password because we are sending it with the headers.
Related
Postman headers I'm using secret keys to generate an access token that I will use to authenticate for an API that I call. The issue is that I'm getting the error:
status code was: 401, expected: 200
WWW-Authenticate: Bearer error="invalid_token", error_description="The audience value is invalid"
This is how I call the API
Given url `https://login.microsoftonline.com/tenant_id/oauth2/token`
And form field grant_type = `client_credentials`
And form field client_id = `value`
And form field client_secret = `value`
When method post
Then status 200
match response.access_token != null
def access_token = response.access_token
print access_token
Given header Authorization = 'Bearer ' + access_token
Given url 'url'
And header accept = `plain/text`
And header 'X-Mimic-User' = `confidential`
When method GET
Then status 200
I'm expecting to the authenticated to the API with the generated access token.
So it appears your error may be related to the Authorization header, although the error description is hard to decipher, possibly scope related? I would list the URL first, not the header, unless you are re-using it, and want to configure the value for subsequent requests. Another way of setting the Bearer token is:
And match response.access_token == '#present'
* def oauthToken = `Bearer ${response.access_token}`
But really the most important thing is for you to check your request, including headers and compare it between Karate and Postman to see what is different.
From what I see in the error description, the first API call made towards your auth provider is returning a 200 with an access token. but the second call you are making to your application server seems to be failing to see the audience value in your access token.
I doubt you are using the same client credentials input (client_id, client_secret) in your postman and karate setup. Make sure they are the same.
I would also confirm if the access token received is having the aud parameter by checking it in https://jwt.io or any other tool you trust to decode your access token JWT. for the sake of experimentation do the same for the access token you got from postman as well.
Ideally, these configurations are very internal to your application and identity team and may not be directly related to karate. The other teams mentioned should be the ones best to guide you.
I have carefully followed the documentation outlined here by Microsoft to create a Bug in Dev Ops via the API. The documentation is well written.
Steps followed:
In Dev Ops I created a Personal Access Token, the string value of which I converted to Base64.
In a separate Power Automate flow, I composed a list of the projects in my target DevOps Organization for testing purposes. The JSON for the projects in this Organization is as follows:
Now if I copy and paste this URL (in the picture above) into my browser it resolves correctly.
I created a Postman HTTP POST Request with the following details:
URL: https://dev.azure.com/{my org}/{Demo guid}/_apis/wit/workitems/{{taskType}}?api-version=7.0
Under Authorization I set the Bearer Token and pasted in my encoded PAT
The JSON Body is as follows:
The POSTMAN variable in the URL taskType is set to Bug
The request Headers are as follows:
Once again please note that if I paste the URL (1) in green into a browser it resolves correctly. However, the request returns a 404 Page not found.
I cannot understand why it is not finding the page, as I would expect a not authorized error if the problem was with the token.
Looks like you have {{taskType}} as a literal in your URL string.
Just try to perform a List to find all the valid taskTypes. Also drop the Bearer token and just use Basic Auth to keep it simple. The username should be empty and password should contain your AzDO PAT.
Needed to include the $ symbol. I am now getting authentication issues but this is outside the scope of the original submission.
I have created a web activity in azure data factory pipeline which have only one header and I have to pass body for a POST request. I have tried passing body as JSON and as String also but the request failed with "Invalid Query". Can anyone please tell me how can I send a POST request from azure data pipeline with additional header and body. I have multiple key value pairs to pass to body.Check the Screenshot of web activity
Please try this. First, add one more header with Name of Content-Type and value of application/x-www-form-urlencoded
Then change the Body to:
grant_type=password&username={username}&password={password}&scope=customer-api
I'm using Azure AD to provide Oauth2 auth for an API. Setup & config seemed to work fine for me, but a partner pointed out that the Oauth2 token endpoint doesn't like inline parameters -- it wants params passed in the HTTP body instead.
Ex: this call returns AADSTS90014: The request body must contain the following parameter: 'grant_type':
https://login.microsoftonline.com/my tennant/oauth2/token?grant_type=client_credentials&client_id=theclientid&client_secret=thesecret&code=AUTHORIZATION_CODE'
But a post w/ the same params in the body as form data works just fine. I believe Oauth is supposed to supposed to support the parameterized call (as shown in google documentation).
Is there somewhere in Azure to configure the Oauth2 endpoint to accept token parameters as post params vs. sending in the form body?
he request body must contain the following parameter: 'grant_type':
Based on the response I would say you are setting the content-type header wrongly.
If you are posting this request : https://login.microsoftonline.com/my tennant/oauth2/token?grant_type=client_credentials&client_id=theclientid&client_secret=thesecret&code=AUTHORIZATION_CODE' ensure that you are setting the content-type as application/x-www-form-urlencoded.
If you are the parameters in the body set the content-type as application/json
I'm using Ember.js and Node. I already have json web token based authentication set up and am now trying to use LinkedIn's REST API to get information for my user profiles.
I'm able to redirect my users to the LinkedIn authorization code endpoint (Step 2 in this guide: https://developer.linkedin.com/docs/oauth2), but I'm getting stuck on Step 3 (Exchange Authorization Code for Access Token). When I make the POST request with the correct parameters, I get a 401 unauthorized_client error no matter how I try and make the request.
I'm making the request directly from my Node server, and using the request module. I've tried including the params as query params, and as part of the body. I've tried adjusting the headers and the url encoding but nothing seems to change the 401 error.
This is the call I need to be making according to the guide:
POST /uas/oauth2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=987654321&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Fauth%2Flinkedin&client_id=123456789&client_secret=shhdonottell
This should not happen if you are POSTing the correct parameters. You can rather try it with an alternative way. With the authorization code you received in Step 2, use request based service like POSTMAN and try getting the response again. If you get it using that it means there has been some error while you are making the request.
Make sure to properly provide the headers.
Even after the POSTMAN service if you get an unauthorized response, confirm your client_id and client_secret.
Please note that for 2-legged authentication, the grant_type should always be "client_credentials". Also, you only need to supply the client_id and client_secret as parameters, nothing more. See the sample in the LinkedIn documentation. It looks like you try to do a 3-legged authentication request.