Dear stackoverflow community, i'am currently developing a plugin with Python which extract data (payload) about developers activity on repositories (push, pull requests) from bitbucket using webhooks. In my python script , i am trying to access to the patch and diffstat url's (Bitbucket API) content to extract data about files changes.
here example of the url's:
https://api.bitbucket.org/2.0/repositories/username/projectname/patch/cac0848613fea833316fcf7d87da9f80a5a2174e
https://api.bitbucket.org/2.0/repositories/username/projectname/diffstat/c6899a0a271db82790bf57de35dbbafb099417e4
But when the repository is private i cant access to the content of these web pages. If in the owner change private to public everything is okey but he can't change it for privacy so my question is how can access to these url's in my python script using the authentication? How can i authenticate via the script python knowing that i have write access on the repository?
thank you,
You probably need a token. From the bitbucket docs
Creating personal access tokens
To create a personal access token:
Go to Profile picture > Manage account > Personal access tokens.
Click Create a token.
Set the token name, permissions, and expiry.
Related
I have an Azure Webapp running a Docker container (with Python & streamlit). I have secured the access to this webapp by adding a Microsoft SSO allowing only users from my organization to access the application.
On top of this, I would like to get the username or email of the user after the authentication so I can give the users differents levels of access inside the webapp. I have searched through the vast Microsoft documentation but I was not able to find my way through it. Is someone able to put me on the right path to tackle this problem?
For now, I have namely tried to follow the following documentation:
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token hoping that I could access the user email with the authentication token from the Azure directory.
But I am stuck with an error that I was not able to solve:
Error 401: "An error of type 'invalid_resource' occurred during the login process: 'YYYYYYYY: The resource principal named xxxxxxxxxxxx was not found in the tenant named tenant_name. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant."
I am now doubting that what I am trying to achieve is even possible. Any help would be appreciated.
Best, clank
• It is aptly written in the documentation link that you have stated that your application should have admin access and its consent for accessing the APIs in Azure databricks. Thus, as per the error statement that you are encountering, it might be that your application might not have the correct permissions to access the respective resources based on its assigned service principal.
• Also, please take note of the token issued by the Azure AD when queried a test application created wherein when decoded on ‘jwt.io’ clearly states the information regarding the user including its email address. This access token issued using authorization code flow as stated in the documentation link connects to the application created successfully but the application fails to decode the token and use the information of the user in it for allowing the user to access its resources. The application fails to decode the token because required MSAL library redirection and resource files were missing at the location of App redirect URI. Similarly, you are trying to access email address from the issued access token and use it for giving varying levels of access in the application which is not possible as the token even if intercepted in between would not be able to access user information from it since it is encrypted using the SSL key certificate and the base 64 encoding.
• To provide access to your users in varying degrees, please refer the below documentation link which describes how you can leverage dynamic groups and Azure AD conditional access policies for your requirement.
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management
I want to have access to a specific work user's OneDrive. I could register an application in Azure AD and assign one of two types of permission(delegated or application).
Based on the Microsoft Documentation if I register an app with the application-level access it could have access to all users' drive and based on this question in Stackoverflow there is no way to limit this access to a specific drive. So I ignored this approach.
On the other hand, based on the Microsoft Documentation if I want to assign delegate permissions to the defined app I have to manually approve the access list on the consent page. This is not desired for me as I'm looking for a code-base solution which runs behind the scene regular bases.
Is there any solution that I could have access to a specific OneDrive by python code?
If you want to connect with only 1 user's Onedrive you can use ROPC flow which can work in your scenario. But this is not recommended by microsoft because of security concerns. And yes, if you have MFA enabled, you cannot use it.
One of the good recommendations can be to use Graph API for OneDrive.
For example, one of the use case can be to Get current user's OneDrive:
The signed in user's drive (when using delegated authentication) can
be accessed from the me singleton.
If a user's OneDrive is not provisioned but the user has a license to
use OneDrive, this request will automatically provision the user's
drive, when using delegated authentication.
Http Request:
GET /me/drive
Resources that will help you to call Graph API from Python:
https://github.com/microsoftgraph/python-security-rest-sample
Edit:
Further, I have found a way in which you can disable user consent.
To configure user consent settings through the Azure portal:
Sign in to the Azure portal as a Global Administrator.
Select Azure Active Directory > Enterprise applications > Consent and permissions > User consent settings.
Under User consent for applications, select Do not allow User Consent.
Select Save to save your settings.
If you want consent permissions other than this, you can design your own Consent.
I want to create Python project to get data from Google Analytics from a certain page.
I have created new project in Google Console (console.google.developers.com) and got my OAuth 2.0 credentians in JSON format. I'm loosely following this tutorial: Python QuickStart.
I already got redirected to OAuth and selected my account but the script is getting
"User does not have sufficient permissions for this profile".
Will adding access to my user in Google Analytics be enough?
And how to run this project from shell on a remote server? I will not have the ability to just open browser and select Google account in CLI...
"User does not have sufficient permissions for this profile".
The user you are authencating with does not have access to the google analytics account you are trying to access. this would be the profile id that you are using in your code.
make sure that you are authencting your appliction using the same user you are using to log into google analytics
double check the profile id that you are using in your code.
I am new to web programming- I've recently been familiarizing myself with the webapp2 framework. I'm trying to start building a website, and would like users to login to the site with Facebook and I'll need access to their friends list. I've been trying to find a way to do this- I found out about OAUTH2, and I think this may be a way to do this. All the tutorials for python and OAUTH2 that I've found have been using the google API, I'm not sure if it's any different, but I haven't been able to get it to work.
Does anyone have sample code they can post that uses OAUTH2 (or anything else) to get users to sign in through Facebook? Or any good resources that can help me with this?
Your app needs to authorize users with Facebook, since there's where the resources you need are (e.g. friend lists).
This is a classic use of OAuth2 and you don't have a way around it, because FB implements this protocol.
My suggestion is that you look at the Google sample and then adjust it for FB API. The important changes are:
The endpoint URLs (e.g. authorize, token and user profile
The scopes that define the extent of permissions you are requesting (e.g. list of friends)
The user profile (e.g. the information returned by FB on a user: name, e-mail, etc)
This is a very simple sample that does this in Python. It was meant to run in Google App Engine. The only caveat is that it uses our own library to encapsulate the flow. But you can use it to study how the basic protocol works. Run the live demo and turn on dev tools on your browser to see the network activity.
You will notice that OAuth2 is a rather simple protocol, using simple HTTP requests.
I have the django application, which needs refresh some data. This data should be downloaded from my dropbox account (file name and path is the same each time). How can I implement this?
I start with using dropbox api, create application, etc - but this method has one big defect - it needs user go to the generated link and authorize to dropbox account. But I need automatic work, script should be executed by cron each day without userinteraction.
I think about using Selenium to open this link, enter login and password, confirm using application. But I also think this is hard way, should be another way:-)
Or maybe I can simply generate link to file one time and then use it every time I want to download file?
You could use the API and connect with pre-authorized access token which you authorized manually once (as opposed to having the user authorize their own account). You could then download the file from your account, but be sure not to revoke the access token, e.g. via https://www.dropbox.com/account/applications .
If you do just need to download files though, using a shared link may be easier:
https://www.dropbox.com/help/167/en
https://www.dropbox.com/help/201/en
They don't expire, but they can be revoked via https://www.dropbox.com/links .
Or if you prefer to use the Public folder, same idea:
https://www.dropbox.com/help/16/en