Getting “Authorization has been denied for this request.” when attempting to create a channel in Teams - azure-ad-graph-api

I am getting this rather unhelpful error and it seems to occur for a large variety of things based on the SO posts. So here I am.
I went here https://apps.dev.microsoft.com, logged in and created a new App. I generated a secret and stored it for later on a post-it note... I granted "Group.ReadWrite.All" under "Delegate" as the create channel API doc says I should. I left everything else in the App as default.
I then do a token request like so:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" \
"https://login.microsoftonline.com/$TENANT/oauth2/v2.0/token" \
-d "client_id=$APP_ID" -d "scope=https%3A%2F%2Fgraph.microsoft.com%2F.default" \
-d "client_secret=$PASSWORD" -d "grant_type=client_credentials"
which gives me this mess:
{"token_type":"Bearer","expires_in":3600,"ext_expires_in":0,"access_token":"BIG_LONG_TOKEN"}
I then take that token and stuff it into my Authorization header and make the call to create the channel:
curl "https://graph.microsoft.com/beta/groups/$TENANT/channels" \
-H "Content-type: application/json" \
-H "Authorization: Bearer $BIG_LONG_TOKEN" \
-d '{
"displayName": "mynewchannel",
"description": "Channel Description"
}'
But this results in tears and this:
{
"error": {
"code": "",
"message": "Authorization has been denied for this request.",
"innerError": {
"request-id": "c572f6df-7537-4a53-aefc-fcc8c71e2037",
"date": "2018-04-17T23:46:50"
}
}
}
I am not sure what I'm missing, but hopefully it's obvious to someone else...
EDIT: Interestingly, if I set TOKEN to garbage, I get a more helpful answer, but this indicates my TOKEN is at least mostly ok and it is more of a authorization rather than an authentication issue
TOKEN=garbage
curl -X GET "https://graph.microsoft.com/beta/groups/$TENANT/channels" -H "Content-type: application/json" -H "Authorization: Bearer $TOKEN"
Results in
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 80049217",
"innerError": {
"request-id": "166cb22b-c135-45e9-9f23-0e73bc68475d",
"date": "2018-04-18T00:20:47"
}
}
}

Related

How do I add users to value-based custom audience via API

The following is my request:
curl -X POST https://graph.facebook.com/v2.11/{customer_audience_id}}/users -d '{"payload": {"data": [["test#mail.com"]], "schema": ["EMAIL"]}}' -H "Content-Type: application/json" -H "Authorization: Bearer {ACCESS_TOKEN}
And the Response is:
{"error":{"message":"(#100) Weighted Custom Audience requires weight attribute.","type":"OAuthException","code":100,"fbtrace_id":"123123123"}}
If add one field 'WEIGHT' into the request:
curl -X POST https://graph.facebook.com/v2.11/{customer_audience_id}}/users -d '{"payload": {"data": [["test#mail.com", 100]], "schema": ["EMAIL", "WEIGHT"]}}' -H "Content-Type: application/json" -H "Authorization: Bearer {ACCESS_TOKEN}
The response becomes:
{"error":{"message":"(#100) Raw PII type is invalid, it should be one of EXTERN_ID,EMAIL,PHONE,GEN,DOBY,DOBM,DOBD,LN,FN,FI,CT,ST,ZIP,MADID,COUNTRY,PARTIALPHONE,PHONEID,STREETNAME,STREETNUM,STREETTYPE,STREET2ROW,STREETADDRESS,APPUID,PAGEUID,F5FIRST,F5LAST,EMAIL_MD5,PHONE_MD5","type":"OAuthException","code":100,"fbtrace_id":"123123123"}}
Seems like the weight variable is not even in the list of supported parameters. My question is: Is it possible to add users into value-based custom audience through API? I cannot find any references on the documentation page.

Firebase - invalid token on device on iOS app

I try to implement firebase in my iOS app.
I can't get pushes on my device.
For debug I tried to use curl request:
curl --header "Content-Type: application/json" \
--header "Authorization: key=<my key here>" \
https://fcm.googleapis.com/fcm/send \
-d '{"notification": {"body": "Hello from curl via FCM!", "sound": "default"},
"priority": "high",
"to": "<my token here>"}'
If I try to use token that I get, launching app on real device I got following: error:"InvalidRegistration"
If I use token from my Android colleague (or even token I got from launch app on simulator device) I succeed and got something like message id in response.
How to fix that?
Your payload seems to be incorrect, try following command in terminal and adjust it as per your requirement:
curl -X POST -H "Authorization: key=<my key here>" -H "Content-Type: application/json" -d '{
" data ": {
"title": "Notification title",
" body ": {
"name": "Body text",
}
},
"to": "<my token here>"
}' "https://fcm.googleapis.com/fcm/send"

Bluemix - Machine Learning - Authorization header has not been provided

I am trying to deploy an online model and following the instructions I first get the token
curl --basic --user username:password https://ibm-watson-ml.mybluemix.net/v3/identity/token
Which works fine, but then when I try to get the instance details with this command:
curl -X GET --header "Content-Type: application/json" --header "Accept: application/json" --header "Authorization: Bearer $token" https://ibm-watson-ml.mybluemix.net/v3/wml_instances/{instance_id}
I got this error:
{
"code": "missing_authorization_header",
"message": "Authorization header has not been provided.",
"target": {
"type": "header",
"name": "Authorization"
}
}
I already tried all different syntax I know plus the ones I found google searching but none help, does anyone know how to fix this?
Thanks in advance
Check that you parsed the response from the identify/token call and only added the token to the Authorization': 'Bearer ' + token part ?

Thingsboard REST api always responds with status 401

First I got a token using curl command as shown here. Then used this token to authorize swagger and tried some endpoints, but all of them responded with
{
"status": 401,
"message": "Authentication failed",
"errorCode": 10,
"timestamp": 1490619586352
}
On server side I get this exception:
2017-03-27 13:31:16,149 [http-nio-0.0.0.0-8080-exec-9] ERROR o.t.s.s.s.m.token.RawAccessJwtToken - Invalid JWT Token io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: ��!L��ȉ
I also tried this with curl, with the same results, using this syntax:
curl -X GET --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'X-Authorization: MY_TOKEN' 'http://MY_SERVER:MY_PORT/api/tenants?limit=3'
where I changed MY_TOKEN, MY_SERVER and MY_PORT appropriately for my server.
It seems that a parameter(Bearer) was missing from one of the headers. It should be --header 'X-Authorization: Bearer MY_TOKEN'. When I added it the responses were as expected. So the complete command for curl is:
curl -X GET --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'X-Authorization: Bearer MY_TOKEN' 'http://MY_SERVER:MY_PORT/api/tenants?limit=3'

Cannot create user via OKTA API

I'm trying to add a user to an app using Okta's api. Here's my request:
POST /api/v1/apps/0oagjhAEEQZFXXLMFVSQ/users/00ugfzFQBXZJFRJCTAUX
Accept: application/json
Content-Type: application/json
Authorization: SSWS <apikey>
Why am I getting this error?
{
"errorCode": "E0000003",
"errorSummary": "The request body was not well-formed: Could not read JSON: No content to map to Object due to end of input; nested exception is java.io.EOFException: No content to map to Object due to end of input",
"errorLink": "E0000003",
"errorId": "oaeqgZFFjUXS2qcagR7-PIBYA",
"errorCauses": []
}
You may also do a POST to the /apps resource with the user context in the message body.
curl -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: SSWS {{OKTA_APIKEY}" -H "Cache-Control: no-cache" -H "Postman-Token: 8e59ab19-81e7-2a54-4bd5-df2bbb564059" -d '{
"id": "userId",
"scope": "USER",
"credentials": {
"userName": "user#example.com"
}
} ' {{OKTA_URL}}
The request should be an HTTP PUT and have an empty JSON collection as the body.
Here is an example curl request
$ curl -X PUT -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: SSWS ${OKTA_APIKEY}" -H "Cache-Control: no-cache" -d "{ }" ${OKTA_URL}/api/v1/apps/0oagjhAEEQZFXXLMFVSQ/users/00ugfzFQBXZJFRJCTAUX
Note that this example assumes the existence of two environment variables. If you want to run this curl command yourself, you must set those environment variables first. Here is an example of how to do that, make sure to replace the example values with the actual values for your Okta instance.
$ export OKTA_URL="https://example.okta.com"
$ export OKTA_APIKEY="01abCdefghIjkLMNOPqRsTUVW2xYZabcD3456efGhi"

Resources