I want to use Groovy, HttpBuilder and REST API to access our company's onsidte GitHub appliance.
The GitHub developer's site: https://developer.github.com/v3/, shows this URL: https://api.github.com. So if my company's GitHub URL is: http://github.mycompany.com, what is my REST API endpoint URL? e.g. if I want to list all users, what's the correct URL?
When I access this URL: https://github.mycompany.com/api/v3, it gives me an error:
github.mycompany.com refused to connect.
ERR_CONNECTION_REFUSED
According to "API Enterprise 2.5":
All API endpoints—except Management Console API endpoints—are prefixed with the following URL:
https://hostname/api/v3/
But you need to authenticate:
Authentication
Your Enterprise installation's API endpoints accept the same authentication methods as the GitHub.com API. Specifically, you can authenticate yourself with OAuth tokens (which can be created using the Authorizations API) or basic authentication.
Every Enterprise API endpoint is only accessible to GitHub Enterprise site administrators, with the exception of the Management Console API, which is only accessible via the Management Console password.
TLTR; These are the endpoints
+----+------------------------------------------+--------------------------------+
| | Enterprise | GitHub |
+----+------------------------------------------+--------------------------------+
| v3 | https://[YOUR_HOST]/api/v3 | https://api.github.com |
| v4 | https://[YOUR_HOST]/api/graphql | https://api.github.com/graphql |
+----+------------------------------------------+--------------------------------+
Examples
Here you have some examples in case you want to try them. You'll need to create an ACCESS_TOKEN
Enterprise
curl -H "Authorization: bearer [ACCESS_TOKEN]" https://[YOUR_HOST]/api/v3/organizations
curl -H "authorization: bearer [ACCESS_TOKEN]" https://[YOUR_HOST]/api/graphql -d "{\"query\": \"query { viewer { login } }\"}"
GitHub
curl -H "Authorization: bearer [ACCESS_TOKEN]" https://api.github.com/organizations
curl -H "authorization: bearer [ACCESS_TOKEN]" https://api.github.com/graphql -d "{\"query\": \"query { viewer { login } }\"}"
If you are not using https, it's "http://github.mycompany.com/api/v3/".
You're getting that message because the request is not authenticated.
First you have to figure out what kind of auth your server accepts and then incorporate that into the header or the (query string) of your request.
For example, this is how I get a list (using the header approach) of organizations I can access:
`url -k -H "Authorization: token xxxxxx...xxx" \ https://git.acme.com/api/v3/organizations`
Note that xxxxx...xxx is a place holder for a personal access token I created with read-only access to my repos. The docs refer to this as OAUTH_TOKEN. You can opt for inserting the token as a query string. In neither case do you have to enter a user name because the server figures that out from the token.
if you need https://github.com/google/shaka-player it would be
https://api.github.com/repos/google/shaka-player
more info at https://api.github.com/
"current_user_url": "https://api.github.com/user",
"current_user_authorizations_html_url": https://github.com/settings/connections/applications{/client_id}",
"authorizations_url": "https://api.github.com/authorizations",
"code_search_url": "https://api.github.com/search/code?q={query}{&page,per_page,sort,order}",
"commit_search_url": "https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}",
"emails_url": "https://api.github.com/user/emails",
"emojis_url": "https://api.github.com/emojis",
"events_url": "https://api.github.com/events",
"feeds_url": "https://api.github.com/feeds",
"followers_url": "https://api.github.com/user/followers",
"following_url": "https://api.github.com/user/following{/target}",
"gists_url": "https://api.github.com/gists{/gist_id}",
"hub_url": "https://api.github.com/hub",
"issue_search_url": "https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}",
"issues_url": "https://api.github.com/issues",
"keys_url": "https://api.github.com/user/keys",
"label_search_url": "https://api.github.com/search/labels?q={query}&repository_id={repository_id}{&page,per_page}",
"notifications_url": "https://api.github.com/notifications",
"organization_url": "https://api.github.com/orgs/{org}",
"organization_repositories_url": "https://api.github.com/orgs/{org}/repos{?type,page,per_page,sort}",
"organization_teams_url": "https://api.github.com/orgs/{org}/teams",
"public_gists_url": "https://api.github.com/gists/public",
"rate_limit_url": "https://api.github.com/rate_limit",
"repository_url": "https://api.github.com/repos/{owner}/{repo}",
"repository_search_url": "https://api.github.com/search/repositories?q={query}{&page,per_page,sort,order}",
"current_user_repositories_url": "https://api.github.com/user/repos{?type,page,per_page,sort}",
"starred_url": "https://api.github.com/user/starred{/owner}{/repo}",
"starred_gists_url": "https://api.github.com/gists/starred",
"topic_search_url": "https://api.github.com/search/topics?q={query}{&page,per_page}",
"user_url": "https://api.github.com/users/{user}",
"user_organizations_url": "https://api.github.com/user/orgs",
"user_repositories_url": "https://api.github.com/users/{user}/repos{?type,page,per_page,sort}",
"user_search_url": "https://api.github.com/search/users?q={query}{&page,per_page,sort,order}"
Related
I'm trying to obtain the access_token for my user in Azure IAM via OAuth2. I've built a curl command this way:
curl \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "scope=openid" \
-d "response_type=id_token+access_token" \
-d "grant_type=password" \
-d "client_id=${MY_APP_ID}" \
-d "username=${MY_USER}" \
-d "password=${MY_PASS}' \
'https://login.microsoftonline.com/${MY_TENANT_ID}/oauth2/v2.0/token'
However I'm getting:
{"error":"invalid_grant","error_description":"AADSTS50158: External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges...
We use MFA, however the curl call is not triggering it. What's the proper way to get the access_token in the MFA-backed OAuth2 flow?
I tried to reproduce the same in my environment and got the results like below:
I created a user and enabled MFA:
I tried to generate the tokens in Postman using ROPC flow and got the similar error like below:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:clientID
scope:openid
grant_type:password
username:username
password:password
Note that : ROPC Grant Type doesn't support MFA enabled users and will be blocked instead. Refer this MsDoc.
To get the access_token in the MFA-backend OAuth2 flow, you can make use of Authorization Code Flow like below:
Make use of below endpoint to generate auth-code:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=RedirectURI
&response_mode=query
&scope=openid
&state=12345
I signed-in with the MFA enabled user to generate the code like below:
I generated the tokens by making use of below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecert
scope:openid
grant_type:authorization_code
redirect_uri:RedirectURI
code:code
You can also make use of Implicit grant flow for MFA enabled users. Refer this MsDoc.
How to I get a bearer token for a Dialogflow v2beta1 API call?
I want to integrate Dialogflow APIs so now I can't even test APIs in postman without bearer token. For testing I have generated API Key for my agent in GCP project but I didn't found any solution for getting bearer token.
POST https://dialogflow.googleapis.com/v2beta1/[PARENT]/intents?key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN] Accept: application/json Content-Type: application/json
I guess you already have a Service Account with proper permissions to project/product/resource. If no, you can find a guide on how to create it in Creating and managing service accounts.
Regarding Bearer Token you should read about it in Authenticating as a service account.
If you have a Service Account with proper access and key.json you can use Bearer token.
In GCP console you can print default token using command:
### for default SA
$ gcloud auth application-default print-access-token
### for other SA
$ gcloud auth print-access-token SA_NAME#PROJECT_ID.iam.gserviceaccount.com
More details can be found in this docs.
Request for default SA should looks like this:
curl -X POST /v2beta1/{parent=projects/*}/agent:train \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)"
For specific one time request you should use below example:
curl -X POST /v2beta1/{parent=projects/*}/agent:train \
-H "Authorization: Bearer $(gcloud auth print-access-token <YourSAaccount>)"
SA account might looks like: <SAname>#<projectID>.iam.gserviceaccount.com
Please keep in mind that this SA must be active. You can do it using command to activate SA:
$ gcloud auth activate-service-account SA_NAME#PROJECT_ID.iam.gserviceaccount.com --key-file=/path/to/SAkey/key.json
###or using just key
$ gcloud auth activate-service-account --key-file=/path/to/SAkey/key.json
And command for listing active SA is:
$ gcloud auth list
I chose a random POST from Dialogflow API.
I want to connect Superset to a Databricks for querying the tables. Superset uses SQLAlchemy to connect to databases which requires a PAT (Personal Access Token) to access.
It is possible to connect and run queries when I use the PAT I generated on my account through Databricks web UI? But I do not want to use my personal token in a production env. Even so, I was not able to find how to generate a PAT like token for a Service Principal.
The working SQLAlchemy URI is looks like this:
databricks+pyhive://token:XXXXXXXXXX#aaa-111111111111.1.azuredatabricks.net:443/default?http_path=sql%2Fprotocolv1%qqq%wwwwwwwwwww1%eeeeeeee-1111111-foobar00
After checking the Azure docs, there are two ways on how to run queries between Databricks and another service:
Create a PAT for a Service Principal to be associated with Superset.
Create a user AD account for Superset.
For the first and preferred method, I was able to advance, but I was not able to generate the Service Principal's PAT:
I was able to register an app on Azure's AD.
So I got the tenant ID, client ID and create a secret for the registered app.
With this info, I was able to curl Azure and receive a JWT token for that app.
But all the tokens referred in the docs are JTW's OAUTH2 tokens, which does not seems to work with SQLAlchemy URI.
I know it's possible to generate a PAT for a Service Principal since there is a mention on how to read, update and delete a Service Principal's PAT on the documentation. But it has no information on how to create a PAT for a Service Principal.
I prefer to avoid using the second method (creating an AD user for Superset) since I am not allowed to create/manage users for the AD.
In summary, I have a working SQLAlchemy URI, but I want to use a generated token, associated with a Service Principal, instead of using my PAT. But I can't find how to generate that token (I only found documentation on how to generate OAUTH2 tokens).
You can create PAT for service principal as following (examples are taken from docs, do export DATABRICKS_HOST="https://hostname" before executing):
Add service principal into the Databricks workspace using SCIM API (doc):
curl -X POST '$DATABRICKS_HOST/api/2.0/preview/scim/v2/ServicePrincipals' \
--header 'Content-Type: application/scim+json' \
--header 'Authorization: Bearer <personal-access-token>' \
--data-raw '{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
],
"applicationId":"<application-id>",
"displayName": "test-sp",
"entitlements":[
{
"value":"allow-cluster-create"
}
]
}'
Get AAD Token for service principal (doc, another option is to use az-cli):
export DATABRICKS_TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id=<client-id>&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d&client_secret=<application-secret>' \
https://login.microsoftonline.com/<tenant-id>/oauth2/token|jq -r .accessToken)
Generate token using the AAD Token (doc):
curl -s -n -X POST "$DATABRICKS_HOST/api/2.0/token/create" --data-raw '{
"lifetime_seconds": 100,
"comment": "token for superset"
}' -H "Authorization: Bearer $DATABRICKS_TOKEN"
I am using IBM Cloud and sometimes when coming back from a coffee break I have to enter my credentials again. Is there a way to change the session expiration time? Could it be done programmatically?
The settings can be changed either in the IBM Cloud console (UI) or via REST API. In the UI you have to access the Identity and Access Management (IAM) settings.
The IBM Cloud API docs have a section for the platform services. There, the IAM services can be found. They have an API to fetch the current account settings and update the account settings. It includes the configuration values for session_expiration_in_seconds and session_invalidation_in_seconds to control the session expiration. You could use curl to update the settings like this:
curl -X PUT 'https://iam.cloud.ibm.com/v1/accounts/ACCOUNT_ID/settings/identity'
-H 'Authorization: Bearer TOKEN' -H 'Content-Type: application/json'
-d '{
"session_expiration_in_seconds": 3600,
"session_invalidation_in_seconds": 1800
}'
I am trying to use authorization code grant flow to authorize to my app Documentation here. I am building an app to support auto user provisoning to Docusign using REST APIs. i have created a developer account and have obtained Integrator Key and the secret key.
I made following request to obtain the auth code :
account-d.docusign.com/oauth/auth?response_type=code&scope=signature&client_id=<MY_CLIENT_ID>&redirect_uri=<localhost> and the response on the browser with the code.
I am using curl command to generate tokens using the following request :
curl -iX POST account-d.docusign.com/oauth/token -H "Authorization: Basic base64_representation_of_clientId:clientSecret" -d 'grant_type=authorization_code&code=<Auth Code recieved in the previous step>'
However I am getting this response :
HTTP/1.0 301 Moved Permanently
Location: account-d.docusign.com/oauth/token
Server: BigIP
Connection: Keep-Alive
Content-Length: 0
What can be the possible reason for this error response?
Perhaps try adding the protocol (https://) to the request URI?
curl -iX POST https://account-d.docusign.com/oauth/token...