I am using python's request library to interface with JIRA's API but when I try to do a GET request, I get a Microsoft error saying that I am not authenticated. I was able to do a work around by passing my session cookie in with the request but the issue is that the cookie expires every 4 hours. How can I authenticate with both Microsoft AD and JIRA to send my GET request?
Related
How can I do authentication and authorization in a REST WEB API in order to get token secret, so that I can make POST requests?
This WEB API already exists, I try just to implement it in my local machine (https://github.com/nipreps/mriqcwebapi). It's based on python Eve, I already tried POST request with Basic authentication & Token authentication with curl, it returns the error message 401 of credentials.enter image description hereenter image description here
Hasnae
I want to protect my Flask REST endpoints using Okta and OpenID connect.
I have seen how to do it for routes that are views of the application, but is there a way to integrate Okta with REST endpoints? When I make calls to my API, I get the html for Okta as a response, even if I'm logged in in the browser.
What HTML do you get from Okta? in one case you might get a HTML page with a self-submitting form that is meant to be sent back to your client, and that's normal.
But at the same time, the openid-connect implementation in the API is different from your client applications. The API should not deal with user-redirects, instead it should only listen for access-tokens in the authorize request header. The API should for the received tokens validate them against Okta.
To add token to request, then see this question Flask Rest API - How to use Bearer API token in python requests
I am writing a Python program part of which authenticates with OAuth 1.0 to access a privileged API. I have figured out how to get the authorization URL. After signing in, the browser redirects to http://localhost which I registered as the callback with the provider. How do I get the request to localhost and continue with my bot? I figure I need to have a http server of some sort. I would rather not install a full Apache server. What is a lightweight alternative that can receive the request and forward the token to my bot code to continue with API calls?
I want to route my Google Analytics Reporting API request (code will be in AWS Lambda) through a gateway which accepts a REST endpoint only. Since I cant use the Client package method in my interaction with the gateway, I need to query the API as a REST-ful endpoint.
The official document says this (Link) :
Authorization: Bearer {oauth2-token}
GET https://www.googleapis.com/analytics/v3/data/ga
?ids=ga:12345
&start-date=2008-10-01
&end-date=2008-10-31
&metrics=ga:sessions,ga:bounces
I do not know to create the oauth2-token in Python. I have created a service account and have the secrets_json which includes the client id and secret key.
Then client package method as given in this link works. But I need the Rest method only!
Using these, how can I create the oauth2-token ?
You can use Oauth2 for this I have done it in the past but you will need to monitor it. You will need to authorize this code once and save the refresh token. Refresh tokens are long lived they normally dont expire but your code should be able to contact you if it does so that you can authorize it again. If you save the refresh token you can use the last step at any time to request a new access token.
Oauth2 is basicly built up into three calls. I can give you the HTTP calls i will let you work out the Python Google 3 Legged OAuth2 Flow
Authencation and authorization
The first thing you need is the permission of the user. To get that you build a link on the authorization server. This is a HTTP get request you can place it in a normal browser window to test it.
GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Note on redirect uri. If you are running this on a server or something then use urn:ietf:wg:oauth:2.0:oob it basicly tells the server to return the code back where it came from other wise if you are hosing on a website you can supply a url to the page that will be handling the response.
If the user accepts the above then you will have an authorization code.
Exchange code
What you need to do next is exchange the authorization code returned by the above response and request an access token and a refresh token. THis is a http post call
POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
The body parameter should be as i have shown separated by & and the content type of the request is application/x-www-form-urlencoded
Responce
{
"access_token" : "ya29.1.AADtN_VSBMC2Ga2lhxsTKjVQ_ROco8VbD6h01aj4PcKHLm6qvHbNtn-_BIzXMw",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/J-3zPA8XR1o_cXebV9sDKn_f5MTqaFhKFxH-3PUPiJ4"
}
The access token can be used in all of your requests to the api by adding either an authorization header bearer token with the access token or by sending access_token= as your parameter in your requests.
Refresh access token
Refresh tokens are long lived they should not expire they can so you code should be able to handle that but normally they are good forever. Access tokens are only valid for one hour and you will need to request a new access token.
POST https://accounts.google.com/o/oauth2/token
client_id={ClientId}&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
response
{
"access_token" : "ya29.1.AADtN_XK16As2ZHlScqOxGtntIlevNcasMSPwGiE3pe5ANZfrmJTcsI3ZtAjv4sDrPDRnQ",
"token_type" : "Bearer",
"expires_in" : 3600
}
I need refresh token so that I can send messages to registered Chrome browsers using GCM. However most of the tutorials I consulted require a server to be running at my side and I have to do everything manually, open the auth url, authenticate it and get redirected to my server to get refresh token.
I was hoping if there is a way to do this without running a server at my side. Is it possible to get refresh token just using client id and client secret?
Once I get a refresh token I have to do a POST to GCM server to send notifications.
You can not get refresh token just using client_id and client_secret. Only in authorization code flow, refresh token is issued. Good news is refresh token will not be expire until user revoke it, so you can use it for a long long time. So you can once get it and use it. In authorization code flow, you need a server to get redirected tokens.