Tried to get numbers of discord members using discord's API endpoint GET/guilds/{guild.id}/members (see here).
I am using Postman to make a call to it. I set the Authorization header:
Authorization: "Bot ${BOT_TOKEN}"
The response I get is
{ "message": "Missing Access", "code": 50001 }
I also tried with Authorization: DISCORD_CLIENT_ID.
The response is { "message": "401: Unauthorized", "code": 0 }.
Am I missing something? Please help me out with this.
First, you need to make sure you are using the correct guild id and not a channel id. You can enable Developer Mode on Discord through User settings -> Advanced, which allows you to obtain the guild id by right-clicking on a guild (server), and then clicking on Copy ID.
Next, go to your application through Developer Portal, select your application and navigate to the Bot tab on the navigation bar to the left. From there, obtain your bot's authentication token that you need to pass in the headers of your request. On the same tab - since you need to get the list of Guild Members, and since that "endpoint is restricted according to whether the GUILD_MEMBERS Privileged Intent is enabled for your application" - scroll down to the Privileged Gateway Intents section and enable SERVER MEMBERS INTENT.
Below is a working example using the Node.js standard modules. Please note that, as described here, the default limit of maximum number of members to return is 1. Thus, you can adjust the limit in the query parameters, as below, to receive more results per request. The maximum number of results you can get per request is 1000. Therefore, if a guild contains more members than that, you can keep track of the highest user id present in each previous request, and pass it to the after parameter of the next request, as described in the documentation. In this way, you can obtain every member in a guild. Also, make sure you set the properties in options in the proper way, as shown below; otherwise, you might come accross getaddrinfo ENOTFOUND error, as shown here.
Update
If you haven't already, you should add your bot to the server you wish, by generating an invite link for your bot through URL Generator under OAuth2 in your application settings (select bot from scopes). Now, you can access that URL from your browser and add the bot to any of your servers. If you need to, you can share the same invite link with others, so that they can add your bot to their servers.
Example in Node.js
const https = require('https')
const url = require('url');
GUILD_ID = "YOUR_GUILD_ID"
BOT_TOKEN = 'YOUR_BOT_TOKEN'
LIMIT = 10
const requestUrl = url.parse(url.format({
protocol: 'https',
hostname: 'discord.com',
pathname: `/api/guilds/${GUILD_ID}/members`,
query: {
'limit': LIMIT
}
}));
const options = {
hostname: requestUrl.hostname,
path: requestUrl.path,
method: 'GET',
headers: {
'Authorization': `Bot ${BOT_TOKEN}`,
}
}
const req = https.request(options, res => {
res.on('data', d => {
process.stdout.write(d)
})
})
req.on('error', error => {
console.error(error)
})
req.end()
Example in Python
import requests
import json
GUILD_ID = "YOUR_GUILD_ID"
BOT_TOKEN = 'YOUR_BOT_TOKEN'
LIMIT = 10
headers = {'Authorization' : 'Bot {}'.format(BOT_TOKEN)}
base_URL = 'https://discord.com/api/guilds/{}/members'.format(GUILD_ID)
params = {"limit": LIMIT}
r = requests.get(base_URL, headers=headers, params=params)
print(r.status_code)
print(r.text,'\n')
#print(r.raise_for_status())
for obj in r.json():
print(obj,'\n')
Related
I'm using Python 3.7, and Slack Version 4.1.2 (Production). I want to invite a user group that is already present and has many users in it.
What I have tried in python3:
def invite_user(scid):
# invite_url = 'https://slack.com/api/channels.invite'
# invite_url = 'https://slack.com/api/groups.invite'
invite_url = 'https://slack.com/api/usergroups.update'
invite_url_data = {
'token': auth_token,
'channel': scid,
'usergroup': 'SPXXXXXX',
'name': 'testing'
}
r = requests.post(url=invite_url, data=invite_url_data, headers=header)
print(r.json())
Can someone help me get the right API to invite usergroup to a channel?
Inviting the users of a usergroup to a private channel is indeed just one API call. Before that you need to get the users of the usergroup though, which is another API call. And you can't invite yourself, so you need another API call to get your current user ID.
Here is an example script using the official python library for Slack. Note that this will work for up to 1.000 users. If your usergroups are larger you need to add them in chunks.
import slack
import os
# init slack client with access token
slack_token = os.environ['SLACK_TOKEN']
client = slack.WebClient(token=slack_token)
# get my own user ID
response = client.auth_test()
assert response['ok']
my_user_id = response['user_id']
# get members of usergroup excluding myself
response = client.usergroups_users_list(usergroup='S12345678')
assert response['ok']
users = [x for x in response['users'] if x != my_user_id]
# add members to private channel
response = client.conversations_invite(
channel='G12345678',
users = users
)
assert response['ok']
print(response)
It's not how it works in Slack.
You can get members of group by https://api.slack.com/methods/groups.info
Then you can extract user ids list from group_data["group"]["members"] for a group you want users to invite from.
After you can do the same a group where you can add them.
After you have 2 lists of users for each group, you can merge them and then make a request:
invite_url = 'https://slack.com/api/usergroups.update'
invite_url_data = {
'token': auth_token,
'channel': scid,
'usergroup': 'SPXXXXXX',
'name': 'testing',
'users': [
"U060R4BJ4", # here are your users from a merged lists
"U060RNRCZ"
],
}
r = requests.post(url=invite_url, data=invite_url_data, headers=header)
The code I've written seems to be what I need, however it doesn't work and I get a 401 error (authentication) I've tried everything: 1. Service account permissions 2. create secret id and key (not sure how to use those to get access token though) 3. Basically, tried everything for the past 2 days.
import requests
from google.oauth2 import service_account
METADATA_URL = 'http://metadata.google.internal/computeMetadata/v1/'
METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
SERVICE_ACCOUNT = [NAME-OF-SERVICE-ACCOUNT-USED-WITH-CLOUD-FUNCTION-WHICH-HAS-COMPUTE-ADMIN-PRIVILEGES]
def get_access_token():
url = '{}instance/service-accounts/{}/token'.format(
METADATA_URL, SERVICE_ACCOUNT)
# Request an access token from the metadata server.
r = requests.get(url, headers=METADATA_HEADERS)
r.raise_for_status()
# Extract the access token from the response.
access_token = r.json()['access_token']
return access_token
def start_vms(request):
request_json = request.get_json(silent=True)
request_args = request.args
if request_json and 'number_of_instances_to_create' in request_json:
number_of_instances_to_create = request_json['number_of_instances_to_create']
elif request_args and 'number_of_instances_to_create' in request_args:
number_of_instances_to_create = request_args['number_of_instances_to_create']
else:
number_of_instances_to_create = 0
access_token = get_access_token()
address = "https://www.googleapis.com/compute/v1/projects/[MY-PROJECT]/zones/europe-west2-b/instances?sourceInstanceTemplate=https://www.googleapis.com/compute/v1/projects/[MY-PROJECT]/global/instanceTemplates/[MY-INSTANCE-TEMPLATE]"
headers = {'token': '{}'.format(access_token)}
for i in range(1,number_of_instances_to_create):
data = {'name': 'my-instance-{}'.format(i)}
r = requests.post(address, data=data, headers=headers)
r.raise_for_status()
print("my-instance-{} created".format(i))
Any advice/guidance? If someone could tell me how to get an access token using secret Id and key. Also, I'm not too sure if OAuth2.0 will work because I essentially want to turn these machines on, and they do some processing and then self destruct. So there is no user involvement to allow access. If OAuth2.0 is the wrong way to go about it, what else can I use?
I tried using gcloud, but subprocess'ing gcloud commands aren't recommended.
I did something similar to this, though I used the Node 10 Firebase Functions runtime, but should be very similar never-the-less.
I agree that OAuth is not the correct solution since there is no user involved.
What you need to use is 'Application Default Credentials' which is based on the permissions available to your cloud functions' default service account which will be the one labelled as "App Engine default service account" here:
https://console.cloud.google.com/iam-admin/serviceaccounts?folder=&organizationId=&project=[YOUR_PROJECT_ID]
(For my project that service account already had the permissions necessary for starting and stopping GCE instances, but for other API's I have grant it permissions manually.)
ADC is for server-to-server API calls. To use it I called google.auth.getClient (of the Google APIs Auth Library) with just the scope, ie. "https://www.googleapis.com/auth/cloud-platform".
This API is very versatile in that it returns whatever credentials you need, so when I am running on cloud functions it returns a 'Compute' object and when I'm running in the emulator it gives me a "UserRefreshClient" object.
I then include that auth object in my call to compute.instances.insert() and compute.instances.stop().
Here the template I used for testing my code...
{
name: 'base',
description: 'Temporary instance used for testing.',
tags: { items: [ 'test' ] },
machineType: `zones/${zone}/machineTypes/n1-standard-1`,
disks: [
{
autoDelete: true, // you will want this!
boot: true,
type: 'PERSISTENT',
initializeParams: {
diskSizeGb: '10',
sourceImage: "projects/ubuntu-os-cloud/global/images/ubuntu-minimal-1804-bionic-v20190628",
}
}
],
networkInterfaces: [
{
network: `https://www.googleapis.com/compute/v1/projects/${projectId}/global/networks/default`,
accessConfigs: [
{
name: 'External NAT',
type: 'ONE_TO_ONE_NAT'
}
]
}
],
}
Hope that helps.
If you’re getting a 401 error that means that the access token you're using is either expired or invalid.
This guide will be able to show you how to request OAuth 2.0 access tokens and make API calls using a Service Account: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
The .json file mentioned is the private key you create in IAM & Admin under your service account.
I'm having trouble adding a Compliance Standard to an existing Policy via the Pal Alto Prisma Cloud API.
Everytime I send the request, I'm returned with a 500 Server Error (and, unfortunately, the API documentation is super unhelpful with this). I'm not sure if I'm sending the right information to add a compliance standard as the API documentation doesn't show what info needs to be sent. If I leave out required fields (name, policyType, and severity), I'm returned a 400 error (bad request, which makes sense). But I can't figure out why I keep getting the 500 Server Error.
In essence, my code looks like:
import requests
url = https://api2.redlock.io/policy/{policy_id}
header = {'Content-Type': 'application/json', 'x-redlock-auth': 'token'}
payload = {
'name': 'policy_name',
'policyType': 'policy_type',
'severity': 'policy_severity',
'complianceMetadata': [
{
'standardName': 'standard_name',
'requirementId': 'requirement_ID',
'sectionId': 'section_id'
}
]
}
response = requests.request('PUT', url, json=payload, header=header)
The response should be a 200 with the policy's metadata returned in JSON format with the new compliance standard.
For those using the RedLock API, I managed to figure it out.
Though non-descriptive, 500 errors generally mean the JSON being sent to the server is incorrect. In this case, the payload was incorrect.
The correct JSON for updating a policy's compliance standard is:
req_header = {'Content-Type':'application/json','x-redlock-auth':jwt_token}
# This is a small function to get a policy by ID
policy = get_redlock_policy_by_ID(req_header, 'policy_ID')
new_standard = {
"standardName":"std-name",
"requirementId":"1.1",
"sectionId":"1.1.1",
"customAssigned":true,
"complianceId":"comp-id",
"requirementName":"req-name"
}
policy['complianceMetadata'].append(new_standard)
requests.put('{}/policy/{}'.format(REDLOCK_API_URL, policy['policyId']), json=policy, headers=req_header)
I'm trying to get a specific user OAuth2 bearer token using HTTP POST request, and nothing seems to work.
login_url = 'https://login.microsoftonline.com/'
authorize_endpoint = '{0}{1}{2}'.format(login_url,config.tenant_id,'/oauth2/authorize')
bodyvals = {'client_id': config.client_id,
'client_secret': config.client_secret,
'grant_type': 'client_credentials',
'resource':config.resource_endpoint}
return requests.post(authorize_endpoint, data=bodyvals)
The above code works, but generates a token on behalf of the application.
I can't seem to find a way to pass in the users credentials, and no documentation on this whatsoever.
Generally I don't care if the answer is in Python or Powershell or just a general explanation, I just don't seem to understand how to properly do that with AAD.
You can do it manually, see my other answer here: https://stackoverflow.com/a/40844983/1658906.
You must use grant_type=password and call the oauth2/token endpoint. Here is the C# version for authenticating:
private async Task<string> GetAccessToken()
{
string tokenEndpointUri = Authority + "oauth2/token";
var content = new FormUrlEncodedContent(new []
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", Username),
new KeyValuePair<string, string>("password", Password),
new KeyValuePair<string, string>("client_id", ClientId),
new KeyValuePair<string, string>("client_secret", ClientSecret),
new KeyValuePair<string, string>("resource", PowerBiResourceUri)
}
);
using (var client = new HttpClient())
{
HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);
string json = await res.Content.ReadAsStringAsync();
AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);
return tokenRes.AccessToken;
}
}
In the request you must specify:
Username
Password
Client ID
Client secret
The resource URI
For GraphAPI, resource is "https://graph.windows.net/"
If you don't want to use ADAL, you might however take a look at the code for usage of "resource". This scenario is covered, so consider ADAL as a big sample :)
Also, msrestazure has a UserPassCredentials instance that works too on GraphAPI.
I want to get the auth token from keystone using horizon and then wants to pass that auth token to my backed code.
i don't know how to get this, please help me out.
I read many articles and blogs blogs but i am not able to find the answer. Please just point me into the right direction.
Easiest is to use a Rest client to login and just take the token from the response. I like the Firefox RESTClient add-on but you can use any client you want.
Post a request to the Openstack Identity URL:
POST keystone_ip:port/version/tokens
(e.g. 127.0.0.1:5000/v2.0/tokens)
with header:
Content-Type: application/json
and body:
{
"auth": {
"tenantName": "enter_your_tenantname",
"passwordCredentials": {
"username": "enter_your_username",
"password": "enter_your_password"
}
}
}
Note: If you're not sure what is the correct identity (keystone) URL you can log in manually to Horizon and look for a list of API endpoints.
The response body will include something like this:
{
"token": {
"issued_at": "2014-02-25T08:34:56.068363",
"expires": "2014-02-26T08:34:55Z",
"id": "529e3a0e1c375j498315c71d08134837"
}
}
Use the returned token id as a header in new rest calls. For example, to get a list of servers use request:
GET compute_endpoint_ip:port/v2/tenant_id/servers
with Headers:
X-Auth-Token: 529e3a0e1c375j498315c71d08134837
Content-Type: application/json
As an example of how to get at it:
import keystoneclient.v2_0.client as ksclient
# authenticate with keystone to get a token
keystone = ksclient.Client(auth_url="http://192.168.10.5:35357/v2.0",
username="admin",
password="admin",
tenant_name="admin")
token = keystone.auth_ref['token']['id']
# use this token for whatever other services you are accessing.
print token
You can use python-keystoneclient. To authenticate the user, use for example
username='admin'
password='1234'
tenant_name='admin'
auth_url='http://127.0.0.1:5000/v2.0'
keystone = client.Client(username=username, password=password, tenant_name=tenant_name, auth_url=auth_url)
Once, the user is authenticated, a token is generated. The auth_ref property on the client ( keystone variable in this example) will give you a dictionary like structure having all the information you need about the token, which will enable you to re-use the token or pass it to the back-end in your case.
token_dict = keystone.auth_ref
Now,the token_dict is the variable that you can pass to your back-end.
Go to the node where you have installed Keystone services. Open vi /etc/keystone/keystone.conf
Check for the third line starting admin_token. It should be a long random string:
admin_token = 05131394ad6b49c56f217
That is your keystone token. Using python:
>>> from keystoneclient.v2_0.client as ksclient
>>> keystone = ksclient.Client(auth_url="http://service-stack.linxsol.com:35357/v2.0", username="admin", password="123456", tenant_name="admin")
Ofcourse, you will change auth_url, *username, password* and tenant_name to your choice. Now you can use keystone to execute all the api tasks:
keystone.tenants.list()
keystone.users.list()
keystone.roles.list()
Or use dir(keystone) to list all the available options.
You can reuse the token as follows:
auth_ref = keystone.auth_ref or token = ksclient.get_raw_token_from_identity_service(auth_url="http://service-stack.linxsol.com:35357/v2.0", username="admin", password="123456", tenant_name="admin")
But remember it returns a dictionary and a raw token not in a form of a token as you can see above.
For further information please check the python-keystoneclient.
I hope that helps.
Use the python-keystoneclient package.
Look into the Client.get_raw_token_from_identity_service method.
First you have to install python-keystoneclient.
To generate the token you can use the following code, here I want to mention you can change the authentication url with your server url but port number will be same,
from keystoneclient.v2_0 import client
username='admin'
password='1234'
tenant_name='demo'
auth_url='http://10.0.2.15:5000/v2.0' # Or auth_url='http://192.168.206.133:5000/v2.0'
if your username, password, or tenant_name is wrong then you will get keystoneclient.openstack.common.apiclient.exceptions.Unauthorized: Invalid user / password
keystone = client.Client(username=username, password=password, tenant_name=tenant_name, auth_url=auth_url)
token_dict = keystone.auth_ref
token_dict