i have problem for running postman POST using python code.
first i generate python code from fiddler, i capture when i running postman POST from website.
Capture with fiddler
and then the problem is here, the bearer token only work 5-15minutes, after that i got response 401, because bearer token is expired.
Python Code for running my postman
so i want to change the Bearer token to basic auth ( use my user and password of my postman acc)
i already try change Authorization value to apikey and base64encode(user:pass) still not working.
please who experince in this , help my case, thanks.
Related
How can I do authentication and authorization in a REST WEB API in order to get token secret, so that I can make POST requests?
This WEB API already exists, I try just to implement it in my local machine (https://github.com/nipreps/mriqcwebapi). It's based on python Eve, I already tried POST request with Basic authentication & Token authentication with curl, it returns the error message 401 of credentials.enter image description hereenter image description here
Hasnae
I am trying to login to my reddit account using python, not Praw. I succufully extracted the CSRF token, but still don't know why it is not functional and unable to properly login. The desired behavior of the code is to be able to login to reddit through this python script and then confirm if the logging was a success or not.
When you try to login on your browser, in the developer tools (Network tab) you can preview how the request should look. The mistake you made here is that the POST request should be sent not to: https://www.reddit.com/, but https://www.reddit.com/login.
To verify the result you can check, in the debugger, the response you received to your POST request. When I ran your code with the mentioned change of URL the response to "r" was: response
You can see that the server returned response status code 400 with explanation "incorrect username or password". It means that your code should be enough to login to Reddit with inputting the correct credentials.
I want to route my Google Analytics Reporting API request (code will be in AWS Lambda) through a gateway which accepts a REST endpoint only. Since I cant use the Client package method in my interaction with the gateway, I need to query the API as a REST-ful endpoint.
The official document says this (Link) :
Authorization: Bearer {oauth2-token}
GET https://www.googleapis.com/analytics/v3/data/ga
?ids=ga:12345
&start-date=2008-10-01
&end-date=2008-10-31
&metrics=ga:sessions,ga:bounces
I do not know to create the oauth2-token in Python. I have created a service account and have the secrets_json which includes the client id and secret key.
Then client package method as given in this link works. But I need the Rest method only!
Using these, how can I create the oauth2-token ?
You can use Oauth2 for this I have done it in the past but you will need to monitor it. You will need to authorize this code once and save the refresh token. Refresh tokens are long lived they normally dont expire but your code should be able to contact you if it does so that you can authorize it again. If you save the refresh token you can use the last step at any time to request a new access token.
Oauth2 is basicly built up into three calls. I can give you the HTTP calls i will let you work out the Python Google 3 Legged OAuth2 Flow
Authencation and authorization
The first thing you need is the permission of the user. To get that you build a link on the authorization server. This is a HTTP get request you can place it in a normal browser window to test it.
GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Note on redirect uri. If you are running this on a server or something then use urn:ietf:wg:oauth:2.0:oob it basicly tells the server to return the code back where it came from other wise if you are hosing on a website you can supply a url to the page that will be handling the response.
If the user accepts the above then you will have an authorization code.
Exchange code
What you need to do next is exchange the authorization code returned by the above response and request an access token and a refresh token. THis is a http post call
POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
The body parameter should be as i have shown separated by & and the content type of the request is application/x-www-form-urlencoded
Responce
{
"access_token" : "ya29.1.AADtN_VSBMC2Ga2lhxsTKjVQ_ROco8VbD6h01aj4PcKHLm6qvHbNtn-_BIzXMw",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/J-3zPA8XR1o_cXebV9sDKn_f5MTqaFhKFxH-3PUPiJ4"
}
The access token can be used in all of your requests to the api by adding either an authorization header bearer token with the access token or by sending access_token= as your parameter in your requests.
Refresh access token
Refresh tokens are long lived they should not expire they can so you code should be able to handle that but normally they are good forever. Access tokens are only valid for one hour and you will need to request a new access token.
POST https://accounts.google.com/o/oauth2/token
client_id={ClientId}&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
response
{
"access_token" : "ya29.1.AADtN_XK16As2ZHlScqOxGtntIlevNcasMSPwGiE3pe5ANZfrmJTcsI3ZtAjv4sDrPDRnQ",
"token_type" : "Bearer",
"expires_in" : 3600
}
I'm currently stopped in my work because of some authentication work on a project.
I set up a REST API, which needs to have a JWT authentication system.
Some work was already done and I overrode it. So the library used was Python's TurboGears2, and I used PyJWT to manage tokens.
My WS and the token's creation works well. The post method with auth info JSON request's body can create a token, that's sent in the response.
But after that, when I do a 'GET' request on the restricted resource, I can't retrieve the token.
What I do: send a GET request to the restricted resource, with "Authorization: Bearer <TOKEN>" in request headers.
But when I do a 'request.authorization' in my web service function, I always get 'None'.
Do I need to set up a full auth system using TurboGears to access this header?
thanks for help
Where are you trying to access the request.authorization from?
I tried with a newly quickstarted application and modified the index to print the authorization header:
#expose('testauth.templates.index')
def index(self):
"""Handle the front-page."""
print(request.authorization)
return dict(page='index')
And I sent the authorization header from Postman.
It worked fine and printed my test header
Authorization(authtype='Bearer', params='HELLO')
I also tried to disable any auth_backend so that authentication is disabled and it still works as expected.
I am fairly new to Django so sorry if this is a silly question:
When I try to send the request through postman I receive this 403 error:
{ "detail": "CSRF Failed: CSRF token missing or incorrect." }
I have also tried adding it to the params section as well in postman, resulting in the same error.
However, when using the curl command, I receive the correct response:
curl -X POST -d "grant_type=convert_token&client_id=r29GLakM6OZ7c4Zg2cwuSXR7M1jiQHIEEMLvtbWA&client_secret=S2xKO81zzYBUTdxM14QiQWb63jnNvPLIcqDTrN9HIYj7t7ldfuCQFWoziWF6h88OgsMUCUNI6HbhIxZQ8ScPFWUWVcJNjaZspbGkDK1j9SsRYJi9uW6DhTr0A9QKvyOZ&backend=facebook&token=EAAY5l4TWgr4BAMjficP4mPKqlbVwVRXI0Xs5GLXSN97sMyKe3muElrkpXRcxJkiZCMzC7tfZBfT4Cci52Pk6Bb2GQm2BARm23tsJoaViOovmvZABlGlJPPZCJ9OecYvfEinUOBaDeBugiDv614yUzOAIfyE0lfZCAX8YAbYyxnlqYYtmS6ywH" http://localhost:8000/api/social/convert-token
What am I doing wrong?
Edit: I am using the django-rest-framework-social-oauth2 and following a tutorial online which did not require passing in any other token in the X-CSRFToken header field.
My problem was a cookie issue with postman. I deleted the cookies off chrome and disabled the interceptor on postman. It would store and use the previous sessions CSRF token instead of generating a new one.