I'm facing issue, my model named Provider and i called a GET method it shows :
{
"error": {
"name": "Error",
"status": 401,
"message": "Authorization Required",
"statusCode": 401,
"code": "AUTHORIZATION_REQUIRED",
"stack": "Error: Authorization Required\n at /home/developer/node_modules/loopback/lib/application.js:396:21\n at /home/developer/node_modules/loopback/lib/model.js:322:7\n at /home/developer/node_modules/loopback/common/models/acl.js:472:23\n at /home/developer/node_modules/async/dist/async.js:3679:13\n at /home/developer/node_modules/async/dist/async.js:952:25\n at iteratorCallback (/home/developer/node_modules/async/dist/async.js:997:17)\n at /home/developer/node_modules/async/dist/async.js:847:20\n at /home/developer/node_modules/async/dist/async.js:3676:17\n at /home/developer/node_modules/async/dist/async.js:339:31\n at /home/developer/node_modules/loopback/common/models/acl.js:454:17\n at /home/developer/node_modules/loopback/common/models/role.js:272:21\n at /home/developer/node_modules/async-listener/glue.js:188:31\n at _combinedTickCallback (internal/process/next_tick.js:67:7)\n at process._tickDomainCallback [as _tickCallback] (internal/process/next_tick.js:122:9)"
}
}
I'm dealing with a client whose project was abandoned by the developer . since i'm new to LOOPBACK i was confused totally and so need your HELP very badly ...
Thanks in advance ...
Check your model common/models/Provider.json file
Add the specific method permission:
"acls": [
{
"principalType": "ROLE",
"principalId": "$everyone",
"permission": "ALLOW"
}
]
This will make all your model methods public without any authentication, for more information about ACL, read the docs:
https://docs.strongloop.com/display/public/LB/Controlling+data+access
Related
I want to purges data for my custom log with TimeGenerated range.
Sample Request
POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-00000000000/resourceGroups/OIAutoRest5123/providers/Microsoft.OperationalInsights/workspaces/aztest5048/purge?api-version=2020-08-01
Request Body
{
"table": "MY_CUSTOM_TABLE",
"filters": [
{
"column": "TimeGenerated",
"operator": "between",
"value": ["2022-01-02T04:00:00","2022-01-07T03:59:59"]
}
]
}
Response Code: 400
Response Body:
{
"error": {
"message": "The request had some invalid properties",
"code": "BadArgumentError",
"correlationId": "00000000-0000-0000-0000-00000000000",
"innererror": {
"code": "QueryValidationError",
"message": "The user with object Id '00000000-0000-0000-0000-00000000000' does not have the role 'Data Purger' required to perform purge operation on this resource"
}
}
}
"message": "The user with object Id
'00000000-0000-0000-0000-00000000000' does not have the role 'Data
Purger' required to perform purge operation on this resource"
Looking at the Error Message that you have shared above, it is moreover related to access issue. You need to have DataPurger RBAC role on that resource inorder to perform data purge over a particular table in log analytic workspace.
Here is the reference documentation for more information about DataPurger RBAC role.
We have tested this in our local environment , it is working fine.
In our local environment , we have tried to purge the heartbeat table using the above shared Purge REST API of Azure Log Analytics workspace.
if you are using the between operator in the body of your restAPI , the value should be array of items.
Here is the sample request & body of the Rest API :
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/purge?api-version=2020-08-01
Body:
{
"table": "Heartbeat",
"filters": [
{
"column": "TimeGenerated",
"operator": "between",
"value": ["2022-01-18T05:40:00","2022-01-18T05:50:59"]
}
]
}
Here is the sample Output for reference:
I am trying to create a user using azure graph API. For this, I have got the token response as below:
Once I have the token, I have added this as bearer token in Authorization for the below url:
https://graph.microsoft.com/v1.0/users
and posting the below json data:
{
"accountEnabled": true,
"displayName": "Andrew",
"mailNickname": "SanAndrew",
"userPrincipalName": "andrew.san204#gmail.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "password"
}
}
But getting below error:
{
" error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "c06079d2-ff6b-4e5b-b34d-704f16bc312f",
"date": "2019-06-03T11:20:20"
}
}
}
although I have all the permissions as shown below:
Can anyone please suggest what I am doing wrong here.
One possibility for the error is that you are trying to create a user with gmail.com domain. The domain needs to be one of the verified domains in your AAD tenant.
If you want to add a gmail.com user anyway, you need to send an invitation through the invitations endpoint: https://learn.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=cs
I am using Azure AD B2C to create users.
After a user is created I would like to add them to a Group
Using Postman I have made the following request (with access token in the header). Note: I have managed to successfully create a group using the Api.
POST
https://graph.windows.net/{azure-tenant}/groups/{group-objectId/members/$ref?api-version=1.6
With Body:
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/directoryObjects/{user-objectId}"
}
Which is what the documentation specifies. No matter the body that is sent I get the following error
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "The request URI is not valid. Since the segment 'members' refers to a collection, this must be the last segment in the request URI. All intermediate segments must refer to a single resource."
},
"requestId": "48cf65f3-20ba-411e-8121-f7ea54252f3a",
"date": "2019-05-27T06:09:25"
}
}
I tried removing the /$ref
POST
https://graph.windows.net/{azure-tenant}/groups/{group-objectId/members?api-version=1.6
Body:
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/directoryObjects/{user-objectId}"
}
as well as
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/users/{user-objectId}"
}
Now the error that gets returned now is:
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "Unsupported resource type 'DirectoryObject' for operation 'Create'."
},
"requestId": "2c36cc6d-383c-44f8-8609-2ac3e3efc862",
"date": "2019-05-27T06:15:26"
}
}
The documentation that I have been using https://learn.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=javascript
You are using graph.windows.net endpoint, so you should refer to azure ad graph api.
POST https://graph.windows.net/myorganization/groups/b4bda672-1fba-4711-8fb1-5383c40b2c14/$links/members?api-version=1.6
{
"url": "https://graph.windows.net/myorganization/directoryObjects/3eb6055a-baeb-44d4-a1ea-2fee86d8891b"
}
The document you referred to is microsoft graph api. The endpoint should be https://graph.microsoft.com.
You can use Microsoft Graph explorer to call these apis.
I want to fetch the analytics of any channel of youtube that basically are not owned by me. I am using this API.
If this is not the right API please suggest me how to achieve this.
Also, I am using node.
https://youtubeanalytics.googleapis.com/v2/reports?dimensions=day&endDate=2019-01-01&ids=channel%3D%3DUCZSNzBgFub_WWil6TOTYwAg&metrics=likes&startDate=2018-01-01
Response:
{
"error": {
"code": 403,
"message": "Forbidden",
"errors": [
{
"message": "Forbidden",
"domain": "global",
"reason": "forbidden"
}
]
}
}
You need to understand the difference between private and public data. Public data is data that can be accessed by anyone. Public videos on YouTube for example
Private data is data that is owned by a user. A good example of that would be the analytics for a channel on Youtube. You cant access this kind of information without the permission of the user who owns it.
{
"error": {
"code": 403,
"message": "Forbidden",
"errors": [
{
"message": "Forbidden",
"domain": "global",
"reason": "forbidden"
}
]
}
}
Means that the currently authenticated user doesn't have permission to do what you are trying to do. You need to login with a user who has access to this data. I suggest you ask the owner of the channel to give you access.
I have azure AD with 3 groups
I execute api call for retrieve it
Login : https://login.microsoftonline.com/${tenantID}/oauth2/token
Get groups : https://graph.microsoft.com/v1.0/groups
Get users : https://graph.microsoft.com/v1.0/groups/${groupID}/members
Thats OK, i receive 3 groups and users inside
But for now i need only groups that assigned to applications
Like this
I cant find any methods in graph api for filter it .
If somebody know how to do it , help please
Resolve this problem in such way:
Get all groups as before
Get groups and users assigned to application graph.microsoft.com/beta/servicePrincipals/${applicationId}/appRoleAssignments
Response :
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments",
"value": [
{
"id": "tV-E7eUeFkmIemkoWcUgTkrT54btaddPtiLX96wVx0g",
"creationTimestamp": "2018-07-06T10:43:32.548348Z",
"principalDisplayName": "Pasha Kostohrys",
"principalId": "${userID}",
"principalType": "User",
"resourceDisplayName": "azure-group-sync",
"resourceId": "${applicationId}"
},
{
"id": "ZRCxfjNVlUqrjp9Y3wuLJz6beU58dtNOvr41VsKwADo",
"creationTimestamp": null,
"principalDisplayName": "ops",
"principalId": "${groupID}",
"principalType": "Group",
"resourceDisplayName": "azure-group-sync",
"resourceId": "${applicationId}"
}
] }
Just filter groups that are not in assignments list