I'd like to test Microsoft Project Oxford Speech recognition API, but I don't know where or how to get the client_id.
I'm trying to test Search API. First, I'm trying to get a token to use the service:
curl -d -i "https://oxford-speech.cloudapp.net/token/issueToken?grant_type=client_credentials&client_id=123&client_secret=456scope=https%3A%2F%2Fspeech.platform.bing.com"
{ "statusCode": 401, "message": "Access denied due to invalid subscription key. Make sure you are subscribed to an API you are trying to call and provide the right key." }
I have primary and secondary keys, but I can't find client_id. Can someone help?
See here
// Note: Sign up at http://www.projectoxford.ai to get a subscription key. Search for Speech APIs from Azure Marketplace.
// Use the subscription key as Client secret below.
Authentication auth = new Authentication("Come up with a short ClientId", "Client Secret");
More instructions here http://www.projectoxford.ai/doc/general/subscription-key-mgmt
goto the following link Subscribe to speech control and subscribe to speech recognition control...
register a new app using this link and here you can give the CLIENT ID of your choice which will be later used in the app..
finally goto the following link [www.microsoft.com/cognitive-services/en-us/subscriptions] sign in with a Microsoft account and find subscription key for any any api you wanna use and use this key as CLIENT SECRET
Hope this will help as I have tested this and it works perfectly for me...
third link is in brackets as i wasn't allowed more than 2 links...
After you signed up for the Speech API, you can view your subscription keys using this link: https://www.microsoft.com/cognitive-services/en-us/subscriptions.
Authentication auth = new Authentication("Come up with a short ClientId", "Client Secret");
In your code, DO NOT come up with a short ClientId. Just replace "Come up with a short ClientId" with the first key you find on the subscription page and replace "Client Secret" with the second key you find on the subscription page.
Related
I am trying to use Google as an identity provider in an ADB2C SignInSignUp userflow, consumed within a React Native app through a WebView.
When I am testing this I am hitting an error that I cannot seem to find the cause of. Upon signing up with google I receive the following response object:
{"canGoBack": true, "canGoForward": false, "loading": false, "target": 99, "title": "Loading...", "url": "https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/oauth2/authresp?state=StateProperties%3DeyJTSUQiOiJ4LW1zLWNwaW0tcmM6NjIxMDMyYTYtZTVlZC00OTJkLTg1NmMtMTAzYzg3Mzc0YmE3IiwiVElEIjoiZDM5ZTgwY2MtNzJlNy00ZGE5LWJjODYtMGRjZGNlN2Q1MDZlIiwiVE9JRCI6IjRkOTkyMzhiLTBhOGEtNGU0Ny1hYTRkLTk5NTZiYTY3NmE5YyJ9&code=4%2F0AX4XfWhrpKK2DDX58pFTHkb_U2e8SvGnLrPvhI4grUn5ojA5R-q7q4KjcdS1tO4DYemuWQ&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none#"}
Typically I would receive the fully formatted token back in this response, which I then use for server side validation. This works when signing up with Apple and as a B2C user when pressing 'Sign up now' on the userflow.
The token returned in this is not formatted correctly and doesn't follow 'code=' in the response url as I usually get when signing in or up through the other methods, and therefore throws an error of :'AADB2C90090: The provided JWE is not a valid 5 segment token.' when trying to parse what follows StateProperties.
Does anybody know why Google would not return a valid token in the same way that Apple/Microsoft do when signing up?
Any help would be greatly appreciated
Please check few workarounds:
Try to include client id in scope along with other scopes
2.Try mentionin Response_mode=form_post in auth request
In some cases its working with other versions , so try Msal version 4.32. see Issue · GitHub
According to sign-in with a Google account - Azure AD B2C | Microsoft Docs make sure to create app registered in google’s console
Also note from the same document and this blog:
References:
jwt - Azure AD B2C - Token validation does not work - Stack Overflow
Azure Active Directory B2C - Authorization code encoding issue
(microsoft.com)
I tried to upload a Blob video to Video Analyzer For Media with Power Automate by referring to the tutorial below.
https://learn.microsoft.com/ja-jp/azure/azure-video-analyzer/video-analyzer-for-media-docs/logic-apps-connector-tutorial
However, when I created the flow according to the procedure and ran the test, the following error occurred in the third "Get Account Access Token" of the first flow.
Status code: 401
{
"ErrorType": "INVALID_AUTH_SUBSCRIPTION_KEY",
"Message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription."
}
I considered the following as possible errors.
(1) The input information of the connector is incorrect.
In the input information of the connector created to create this flow, the AAD secret obtained in "API Access" of Video Analyzer For Media was entered in "API Key".
What should I enter for the "API Key" if this value is incorrect?
If you could understand, please tell me.
(2) The input information of "Account ID" entered in the flow is incorrect.
For this value, enter the "Account ID" obtained from "Account Settings" on the Azure Video Analyzer For Media Portal (https://www.videoindexer.ai/).
What should I enter if this value is entered incorrectly?
If you could understand, please tell me.
Also, if the above possibilities are incorrect, we would appreciate it if you could tell us other possible causes.
The API key can be retrieved from this page : https://api-portal.videoindexer.ai/profile
The account ID is a GUID. It can be seen in "user accounts" and in account settings.
I'm trying to request the contents of a Google doc (that I own) using the Google Docs API and the contents would be read to a website. I'm making the following request in Postman:
GET https://docs.googleapis.com/v1/documents/{documentId}?key=API_KEY
where the API_KEY is a key created in Google developer dashboard and is not restricted for now. However, I'm getting the following error:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I have made the doc public (read-access without signing in) and enabled the Docs API in the Google developer dashboard. Further, the dashboard is registering these (failing) requests, so something is going through.The answer is probably in the error message, but to me "or other valid authentication credential" means the API key that I'm already using.
I'm asking for advice on how to make this request successfully without needing to use OAuth or server-side code.
I found a workaround answer to my problem, although it didn't solve the problem with the Docs API. I decided to request the text data from a Google Sheet instead, which works fine with
GET https://sheets.googleapis.com/v4/spreadsheets/documentId?key=API_KEY
when the sheet is public and read-only.
Yes you can open the doc programatically using a service account. You need to "share" the doc with the service account email.
Instructions on creating a service account and reading a Google doc: https://www.futurice.com/blog/read-goog-doc-using-service-account
I'm reading the documentation for Cloud Identity and Access Management Method: projects.serviceAccounts.signBlob. I've got it figured out except for the body, which is
{
"bytesToSign": string
}
The documentation says that this should be
The bytes to sign.
A base64-encoded string.
Gosh, how helpful! Can anyone explain what bytesToSign is? What do I put there? The service account private key?
The Google Cloud Platform (GCP) IAM API method projects.serviceAccounts.signBlob allows you to cryptographically "sign" a blob of data using the system-managed private key for a given service account.
More info: Digital Signature
Permissions
In order to sign blobs using a service account, you need to make sure your account has the iam.serviceAccounts.signBlob permission on the service account in question. The easiest way to do this is to grant your account the Service Account Token Creator on the Project or the Service Account. This role contains the following permissions:
iam.serviceAccounts.get
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.implicitDelegation
iam.serviceAccounts.list
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt
resourcemanager.projects.get
resourcemanager.projects.list
Using the API
This API endpoint takes two arguments:
service account name (in the URL of the request)
blob that you would like to cryptographically sign (in the body of the request)
As an example, let's say that you want to sign this text:
Here is some text that I would like to sign.
First, you must base64 encode the string, which becomes:
SGVyZSBpcyBzb21lIHRleHQgdGhhdCBJIHdvdWxkIGxpa2UgdG8gc2lnbi4=
Then you would post to the endpoint with the base64-encoded string in the body. For example, if your project was called my-project and you wanted to sign the blob with my App Engine default service account, you would do:
POST: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/my-project#appspot.gserviceaccount.com:signBlob?key={YOUR_API_KEY}
BODY:
{
"bytesToSign": "SGVyZSBpcyBzb21lIHRleHQgdGhhdCBJIHdvdWxkIGxpa2UgdG8gc2lnbi4="
}
If successful, it will return a response with the keyId that was used to sign the blob and the signature which is the signed blob.
Example:
{
"keyId": "f123aa7016e4565e49a489357aa384fa25a9e789",
"signature": "t7FT+3b0AUzqmGHofHIa8MDcfuBOKQa4/DtK6Ovel22Y9pa5G4PduW5iYY9EMQpyXW3sZEZiyFRs3M9nGkLt/DKXITCW9Ta4nvLZwNj1ahFjkujr12iUzyU+NR9/Db2LWoI/g4j1e27E9O8zqXdi+BQpKkOYHUcfbH3xcTbEJnmjU/1zEHztNRXlihNPyOjSWsKhPdVnVzxYmi6Y3Bmgb3kCZe5hhUhANo9gavsakSogi0y5z625vHiW3roQkH2fEktcDkf49GlLJEHqRu+FaCcAwgpsEs/Nm+llgfhSuHKx1tcvslmTWOGAnYDKVg74oqg4FgfhiLqBWJYRrFRwxQ=="
}
You can try it here with the API Explorer (but change the project name to your project and change the service account name to your service account).
This can also be done with gcloud, for example:
$ gcloud iam service-accounts sign-blob \
--iam-account my-account#somedomain.com input.bin output.bin
For more information on how this command ties into the wider cloud infrastructure, please see:
https://cloud.google.com/appengine/docs/standard/python/appidentity/
https://cloud.google.com/appengine/docs/java/appidentity/
https://cloud.google.com/appengine/docs/standard/php/appidentity/
https://cloud.google.com/appengine/docs/standard/go/appidentity/
You might use this to to assert your identity to non-Google services. If you want to assert that some text provided by you to an external application is in fact coming from you, then you can sign the text with the signBlob method to sign the text with your private key, and then you can use the get_public_certificates() method to obtain a list of certificates which can be used to validate that the signature.
More: Asserting identity to third-party services
Thanks to #lukwam and #John Hanley, the answer was that I didn't need to use projects.serviceAccounts.signBlob, i.e., this was a rabbit hole I didn't need to go down. I was getting a SigningError message and I needed to assign roles to service accounts, as I have detailed in this question and answer.
I am creating a LUIS app using the LUIS programmatic API. After the app is successfully created and trained, I want to assign an API key to the app using this endpoint:
PUT /luis/api/v2.0/apps/{appId}/versions/{versionId}/assignedkey
Both my programmatic API key (obtained from luis.ai) and the normal API key (the one I am trying to assign, obtained from Azure Portal) are registered to the same email address.
However, when I am trying to send a request to the above endpoint, it fails with this error:
{
"error": {
"code": "BadArgument",
"message": "Cannot find the specified subscription"
}
}
I'm out of ideas for what I might be doing wrong, because exactly the same logic already worked before.
Is there some kind of way to "assign" an Azure subscription to my LUIS account?
Update:
I didn't find an answer to my question, but I found a workaround. Calling PUT /luis/api/v2.0/apps/{appId}/settings will set the application to "public", which means you can use any subscription key with it. See docs.
It seems that this endpoint is now deprecated because I get the following:
{
"error": {
"code": "DeprecatedException",
"message": "To assign a subscription key to an app, please go to the LUIS website at https://www.luis.ai and assign it from the app publish page."
}
}
In the luis page I see this:
The endpoint PUT /luis/api/v2.0/apps/{appId}/versions/{versionId}/assignedkey and /luis/api/v2.0/subscriptions are indeed deprecated. I contacted to LUIS support and they answered:
We are shifting the key management experience to happen only through the portal. Users no longer need to copy and paste keys, we offer a well-integrated experience that lists all the Azure keys inside our portal, key management details here.