I am trying to retrieve User's profile having a valid token. I am able to get the profile with all the info, but with no profile URL
Tried both
User user = twitter.users().showUser(twitter.getId());
and
User user = twitter.verifyCredentials();
Both requests work fine but return null when I call
user.getURL()
What can be a problem? Profile URL seems to be public information, I don't think am supposed to set any specific parameters or obtain permissions, provided I already have the token.
My Twitter4J version is 4.0.6
I think user.getURL() does not return what you think.
According to documentation user.getURL() returns the URL that users provide in their profile. Not the URL of the user account.
You can check this documentation's URL section for more info: https://developer.twitter.com/en/docs/twitter-api/v1/data-dictionary/object-model/user
If you need to generate an URL for the user profile you can try something like this:
User user = twitter.users().showUser(twitter.getId());
String profileURL = "https://twitter.com/" + user.getScreenName()
Related
I've reset the user password and set it as temporary in keycloak.
Is there some REST API to change temporary password to regular when user will log in? It is important not to use keycloak's user interface. I've heard about experimental API but I can't find any of its documentation. Thanks for help
I've heard about experimental API but i can't find any its
documentation.
I think you are referring to this Keycloak Admin API
Assuming that:
I've reset user password and set it to new temporary in keycloak.
is done via endpoint already, then what you can do is to get the ID from that user, which you can get by using the endpoint:
curl -X GET <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>/users/?username=<USER_NAME>
From the JSON response, extract the user ID. Then you call the following endpoint:
PUT <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>/users/<USER_ID>/reset-password
with the request payload:
{"type":"password","value":"<THE_PASSWORD_THAT_YOU_WANT_TO_SET>","temporary":false}
If what you want is to first set the password as temporary, and then when the user logs in for the first time, force the user to set to a new non-temporary password, then you need to call the following endpoint:
PUT <KEYCLOAK_HOST>/auth/admin/realms/<REALM_NAME>/users/<USER_ID>
with the request payload:
{"requiredActions":["UPDATE_PASSWORD"]}
I am developing a solution that needs an token to request a rest API. I want in the beginning of my code to popup a window to user and receive an answer with a token.
I am developing an intention at JetBrains MPS that demands permission from the user to do so. I read this on GitHub: https://github.com/AzureAD/azure-activedirectory-library-for-java/
The problem is that I need to input the username and password as a string, not through a Azure site.
I wish my code could look like this
azureADHelper foo = new azureADHelper()
string userType = "admin"
string companyWebName = "https://stackoverflow.com/"
foo.askUserIdentity(userType, companyWebName)
if (foo.permission == true){
string token = foo.getToken()
}
Azure Active Directory provides several libraries for different platform. For java "ADAL4J" library is used.
I hope the below code screenshot will help to address your issue:
You can check the below sample to configure azure ad in java.
https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect
I am running the official SDK Junit codes, and it works fine. But when I change the account info into mine, exception occur.
Debug says it return http status of 400 when posting to endpoint "/oauth/token",
I have save my private key generated in docusign admin page, into "docusign_private_key.txt"
ApiClient apiClient = new ApiClient (BaseUrl);
//String currentDir = System.getProperty("user.dir");
try
{
// IMPORTANT NOTE:
// the first time you ask for a JWT access token, you should grant access by making the following call
// get DocuSign OAuth authorization url:
//String oauthLoginUrl = apiClient.getJWTUri(IntegratorKey, RedirectURI, OAuthBaseUrl);
// open DocuSign OAuth authorization url in the browser, login and grant access
//Desktop.getDesktop().browse(URI.create(oauthLoginUrl));
// END OF NOTE
byte[] privateKeyBytes = null;
try
{
privateKeyBytes = Files.readAllBytes (Paths.get (privateKeyFullPath) );
}
catch (IOException ioExcp)
{
Assert.assertEquals (null, ioExcp);
}
if (privateKeyBytes == null)
{
return;
}
java.util.List<String> scopes = new ArrayList<String>();
scopes.add (OAuth.Scope_SIGNATURE);
scopes.add (OAuth.Scope_IMPERSONATION);
OAuth.OAuthToken oAuthToken = apiClient.requestJWTUserToken (IntegratorKey, UserId, scopes, privateKeyBytes, 3600);
}
Problem solved.
The SDK JUnit code defines a parameter called "UserId", it should be filled by "API Username" , not "API Account ID" from Admin page.
Thanks for all you kind people.
Per the note in the comments, you need to grant one-time user consent per key for your app to use it, have you done that? If you have Organizations enabled (which is an enterprise feature) then you can do it across the entire account, otherwise you'll need to grant consent manually on a one-by-one (ie user by user) basis.
If granting consent manually (which is what most integrations do) you need to configure your Integrator Key with the Redirect URI you will be passing through code, then redirect your user to the following URL in a web browser (the "-d" part of the URL means this would be for the demo environment):
https://account-d.docusign.com/oauth/auth?
response_type=YOUR_RESPONSE_TYPE
&scope=open_id
&client_id=YOUR_INTEGRATOR_KEY
&state=YOUR_CUSTOM_STATE
&redirect_uri=YOUR_REDIRECT_URI
&admin_consent_scope=YOUR_REQUESTED_SCOPES
If done correctly the user will be taken to the standard DocuSign login page. After successful login they can explicitly grant consent to your app and will then be re-directed back to your app through the Redirect URI param you configured.
Here is a guide that explains how to obtain consent using either method:
https://developers.docusign.com/esign-rest-api/guides/authentication/obtaining-consent
I am new to REST and am trying to figure out an issue with giving access to users to the REST API data
I have an application where Users have limited rights to what they can see based on their user ID.
I do this through something similar to below:
#Component
public class StudentsResource{
#Path("students")
#GET
#Produces(MediaType.APPLICATION_JSON_VALUE)
public Students getStudents(#Context HttpServletRequest request){
final HttpSession session = request.getSession();
User user = (User) session.getAttribute(RestConstants.USER);
if(user == null){
throw new NotLoggedInException(RestConstants.USER_NOT_LOGGED_IN);
}
Students students = new Students();
return students;
}
}
If I login to the application, and then paste the URL for the REST URL into the browser localhost:8080/api/students I get the JSON response of /students. If I don't login to the application first and instead just navigate to the URL localhost:8080/api/students in the browser, I get the error that I am not authorized because I am not logged into the application. (So that works just as I want)
However, if I build a webpage in the app that uses client code to call the API where pressing a button will run:
String restURL = "http://localhost:8080/localhost:8080/api/students";
final RestTemplate rest = new RestTemplate();
Students response = rest.getForObject(restURL,Students.class);
I then login to the app, and run the above code by pressing the button (instead of just navigating to the URL in the browser), I get an error that I am not logged in, so I do not have permission to see the data.
Upon further investigation, I saw that this is because the session that I am getting in my server side code has null for the logged in user when pressing the button on the client side, but it has the correct user when just navigating to the URL in the browser.
Why is this value null when using the client code if I logged in, but it works by navigating to the URL?
How can I get the correct Session data to get the logged in user when using the Client code/button?
You can achieve client/server communication by token based authentication mechanism, basically what you do is after user login into our system, we generate a random UUid and concatenate it with userid,Encode it with Base64 algorithm and send it back to client as a token,
Then from the next request onward the user need to send the token in the header, form the header we can identify which user is accessing the service.
for more information chekout the below link, it is a good blog for all the details regarding Jax-Rs
https://abhirockzz.wordpress.com/
I work on google app project and I am struggling a bit with java oauth library (1.10.1-beta).
I followed closely : http://code.google.com/p/google-oauth-java-client/wiki/OAuth2#Authorization_code_flow
Problem is that I dont know from where I should get userId or userEmail. I know there is userinfo API but I am actually trying to create Credentials, so I cannot access userinfo API AFIAK.
My application work nicely on localhost (because of test#example.com user is always there) but fails miserably when deployed in google engine environment (NullPointerException user.getUserId()).
// we ask for token because we got authCode
GoogleTokenResponse gTokenResponse = userUtils.getFlow().newTokenRequest(authCode).setRedirectUri(userUtils.getRedirectUri()).execute();
//trying to search for user email / id / whatever
User user = UserServiceFactory.getUserService().getCurrentUser();
//user is null -> nullPointerException is thrown
userUtils.getFlow().createAndStoreCredential(gTokenResponse, user.getUserId());
Could you please point out a flaw in my use-case or give me a hint ? I searched a lot in SDK samples,Stackoverflow and here but there is not many implementations.
PS: In method AuthorizationCodeFlow.createAndStoreCredential(...) is userId mandatory only when you use persistent storage for Credentials and yes i am using that so userId cannot be null in my case.
Thanks.
You are doing OAUTH (authorization) before you identified your user (authentication). You must redirect your user to the login page when he is not logged in :
UserServiceFactory.getUserService().getCurrentUser() == null
You do that by redirecting the user to the loginUrl :
String loginUrl = userService.createLoginURL(request.getOriginalRef().toString());
The next time the user arrives at your app, he will be logged in, and you can ask for the userId.