I am trying create users on openfire using a url link but for some reason I'm getting an error.
I've installed the plugins and opened the right port, but I'm getting
RequestNotAuthorised errors.
This is the link I am referring to:
http://www.nkstream.com:9090/plugins/userService/userservice?type=add&secret=bigsecret&username=kafka&password=drowssap&name=franz&email=franz#kafka.com
Go into the Server > Server Settings > User Service and enable the user service. You will also find the secret key there. You will need to replace the "bigscret" in the URL with the secret key found in the area I just specified.
You can use "User Service" plugin: you can find it in the section plugin on your Openfire server.
Once installed:
Server -> Server Settings -> User Service
enable 'user service request' and note 'secret key'.
To create new user you can use PHP directly or using php wrapper for the plugin.
If you want you can use directly cURL from command line, it could be usefull for someone:
URL="http://<your_server>:<your_port>/plugins/userService/userservice"
PARAMETERS="secret=<yourSecretKey>&type=add&username=<user>&password=<psw>&name=<name>&email=<mail>"
curl ${URL}?${PARAMETERS}
If everithing works, you should receive:
<result>ok</result>
You receive
<error>RequestNotAuthorised</error>
because secret must be the FIRST parameter.
I've never used openfire so this is a stab in the dark. Based on the README, RequestNotAuthorised is returned if:
the secret does not match
the requester IP is invalid
Have you set the secret key (bigsecret) in the User Service page in the Openfire admin console?
Is there a setting for allowed IPs where you can specify your IP?
Related
I have a dev URL that is behind HTTP authentication using a simple .htpasswd file - nothing special about that at all, all standard.
I am trying to hit a URL on that domain via cURL but am getting this message of course:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Apache/2.4.29 (Ubuntu) Server
I have added what I believe to be the correct parameter to authorise the url but with no joy. Just the same message. I have echo'd out the username and password and these are exactly as I would enter into the browser prompt.
What is the next step to debug this?
I have solved this by NOT using curl_setopt_array, instead setting each 3 separately. Cannot currently explain why this is different but it works! :(
I am getting the following error when I try to setup notification using gsutil command:
gsutil notification watchbucket https://APPLICATION-ID.appspot.com/cron gs://bucket
Watching bucket gs://APPLICATION-ID.appspot.com/ with application URL https://APPLICATION-ID.appspot.com/cron ...
Watch bucket attempt failed:
AccessDeniedException: 403 Forbidden
You attempted to watch a bucket with an application URL of:
https://APPLICATION-ID.appspot.com/cron
which is not authorized for your project. Please ensure that you are using
Service Account authentication and that the Service Account's project is
authorized for the application URL. Notification endpoint URLs must also be
whitelisted in your Cloud Console project. To do that, the domain must also be
verified using Google Webmaster Tools. For instructions, please see:
https://cloud.google.com/storage/docs/object-change-notification#_Authorization
AccessDeniedException: 403 Forbidden
I have followed all the steps from the url below for Notification Authorization:
https://cloud.google.com/storage/docs/object-change-notification
But I am still getting the above error. What step am I missing ?
Thanks
I have fixed the issue myself. I had missed "https://" while adding the domain name.
Thanks
So I have a Python script that is being run on the server (PHP runs it). However, script has to authenticate user on youtube. When you run it localy it opens the browser, allows to authenticate and asks for permission. Everything works. When I allow users to run it on server, it will try to open the auth screen on server. I need to pass the response to the web browser.
Any ideas?
I use the auth script from the youtube api examples:
# The CLIENT_SECRETS_FILE variable specifies the name of a file that contains
# the OAuth 2.0 information for this application, including its client_id and
# client_secret. You can acquire an OAuth 2.0 client ID and client secret from
# the Google Developers Console at
# https://console.developers.google.com/.
# Please ensure that you have enabled the YouTube Data API for your project.
# For more information about using OAuth2 to access the YouTube Data API, see:
# https://developers.google.com/youtube/v3/guides/authentication
# For more information about the client_secrets.json file format, see:
# https://developers.google.com/api-client-library/python/guide/aaa_client_secrets
CLIENT_SECRETS_FILE = "client_secrets.json"
# This variable defines a message to display if the CLIENT_SECRETS_FILE is
# missing.
MISSING_CLIENT_SECRETS_MESSAGE = """
WARNING: Please configure OAuth 2.0
To make this sample run you will need to populate the client_secrets.json file
found at:
%s
with information from the Developers Console
https://console.developers.google.com/
For more information about the client_secrets.json file format, please visit:
https://developers.google.com/api-client-library/python/guide/aaa_client_secrets
""" % os.path.abspath(os.path.join(os.path.dirname(__file__),
CLIENT_SECRETS_FILE))
# This OAuth 2.0 access scope allows for full read/write access to the
# authenticated user's account.
YOUTUBE_READ_WRITE_SCOPE = "https://www.googleapis.com/auth/youtube"
YOUTUBE_API_SERVICE_NAME = "youtube"
YOUTUBE_API_VERSION = "v3"
flow = flow_from_clientsecrets(CLIENT_SECRETS_FILE,
message=MISSING_CLIENT_SECRETS_MESSAGE,
scope=YOUTUBE_READ_WRITE_SCOPE)
storage = Storage("%s-oauth2.json" % sys.argv[0])
credentials = storage.get()
if credentials is None or credentials.invalid:
flags = argparser.parse_args()
credentials = run_flow(flow, storage, flags)
youtube = build(YOUTUBE_API_SERVICE_NAME, YOUTUBE_API_VERSION,
http=credentials.authorize(httplib2.Http()))
The server side webapp is quiet simple, it allows to choose script variation and couple settings, that's all.
When you are authenticating your user credentials in your server, you need to use Oauth2 (in google's case).
It took me some time understanding it in the beginning as well...
The meaning of OAuth2 is that you redirect the user to a login address provided by google, tell the service "look, after the user logged in, send the token to URL X" (your server). Your server gets some sort of token that represents the user authorizing your "app" to do stuff on his behalf.
Check out https://developers.google.com/api-client-library/python/auth/web-app
Specifically in your case - you'll need to implement the endpoint in the PHP (it needs to "listen" on an address if you get my drift)
If you don't really need user credentials and only need to access youtube API as any authenticated user, it is easier - you need to have your own credentials and do "server to server" explained here:
https://developers.google.com/api-client-library/python/auth/service-accounts
I'm querying the Analytics API via a Service Account.
I have written the code on the dev server and it works without issues.
When running the same code on the production server, it throws this:
Google_AuthException: Error refreshing the OAuth2 token, message: '{
"error" : "invalid_grant" }'
I've tried creating another Service account, and the behavior is the same.
The oAuth IETF draft (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-31) says this about the error:
invalid_grant
The provided authorization grant (e.g. authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.
Here is the code I've written:
$GA_CLIENT_ID = 'XX.apps.googleusercontent.com';
$GA_APP_EMAIL = 'XX#developer.gserviceaccount.com';
$GA_APP_NAME = 'XX';
$GA_KEY_FILE = 'XX';
// create client object and set app name
$client = new Google_Client();
$client->setApplicationName($GA_APP_NAME); // name of your app
// set assertion credentials
$client->setAssertionCredentials(
new Google_AssertionCredentials(
$GA_APP_EMAIL, // email you added to GA
array('https://www.googleapis.com/auth/analytics.readonly'),
file_get_contents($GA_KEY_FILE) // keyfile you downloaded
));
// other settings
$client->setClientId($GA_CLIENT_ID); // from API console
$client->setAccessType('offline_access'); // this may be unnecessary?
// create service and get data
$service = new Google_AnalyticsService($client);
$result = $service->data_ga->get($ids, $startDate, $endDate, $metrics, $optParams);
return $result;
I've also tried a solution suggested here (https://groups.google.com/forum/?fromgroups#!topic/gs-discussion/3y_2XVE2q7U%5B1-25%5D) using authenticatedRequest() instead of Google_AnalyticsService:
$req = new Google_HttpRequest($apiUrl);
$resp = $client::getIo()->authenticatedRequest($req);
$result = json_decode($resp->getResponseBody(), true);
This alternative also works on the dev server, but not on the production one.
I am totally clueless on this one. Has anyone seen this/fixed it?
Thanks!
Apparently the problem was the system time being off. Worked by sync-ing via NTP with:
sudo ntpdate npt.ubuntu.com
sudo ntpdate pool.ntp.org
Edit
As #RafaSashi suggested below, the pool.ntp.org server is more reliable. Use that instead of ntp.ubuntu.com (which was the first working one I tried, thus the initial choice).
The invalid grant can also be caused if you use the wrong "ServiceAccountId". It should be the email associated with the client id in the service account client id in the google apis access page. You'd also have to add this user to the google analytics account that you're planning to access.
This tripped me up because I assumed the email address they were referring to was the email address of my google account, since I used the same google account to get api access as I do for google analytics. I know Vir's already figured his out, just thought I'd add this in case someone else comes across the same question and, like me, their computer seems to be in sync with NTP.
In addition to Valer's answer:
First, you’ll need to install NTP if it isn’t already installed. For Debian or Ubuntu, that would be this command:
sudo apt-get install ntp
For Redhat or CentOS, you’ll need to use this one:
yum install ntp
If the synchronization via npt.ubuntu.com doesn't work try :
sudo ntpdate pool.ntp.org
Resources
http://www.howtogeek.com/tips/how-to-sync-your-linux-server-time-with-network-time-servers-ntp/
https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-12-04
There are two major reasons for invalid_grant error which you have to take care prior to the POST request for Refresh Token and Access Token.
Request header must contain "content-type: application/x-www-form-urlencoded"
Your request payload should be url encoded Form Data, don't send as json object.
RFC 6749 OAuth 2.0 defined invalid_grant as:
The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
I found another good article, here you will find many other reasons for this error.
https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35
Google Playground is best tool which help you how to send request.
https://developers.google.com/oauthplayground
It needs Facebook facepile plugin(http://developers.facebook.com/docs/reference/plugins/facepile). I tried but I am getting this error
(The Facebook Connect cross-domain receiver URL (http://static.ak.fbcdn.net/connect/xd_proxy.php#?=&cb=f223d517566e616&origin=http%3A%2F%2Fpromolife.com.au%2Ff3e13728ba8ec8&relation=parent.parent&transport=postmessage) must have the application's Connect URL (http://www.testsite.com.au/) as a prefix. You can configure the Connect URL in the Application Settings Editor.)
Why do I get this error?
Your connect URL must be the same as the URL you are running the script on & the callback URL. When I say the same I also mean EXACTLY the same in the sense of whether you are using http://yoursite or http://www.yoursite. Double check your app settings to make sure for no typo's in the connect URL also.