I'm trying to connect to my bitbucket using API token generated in Bitbucket but the connection is returning HTTP 401 error when using Python requests module.
I need help to facilitate the completion of a task.
make sure that you use basic authentication and then set your username and use the personal token as password.
Your username still required since the token associated with it
Related
I have followed multiple threads but unable to resolve the issue. With the following endpoint:
https://demo.docusign.net/restapi/v2/login_information
getting 200 and accountId, but when I try to POST with following:
/restapi/v2/accounts/{accountId}/envelopes
I get the following error:
401 - One or both of Username and Password are invalid
You need to obtain a valid access token using OAuth either Auth Code Grant, or JWT. You are either attempting to use an expired token, no token at all, or you are using an older authentication mechanism no longer supported. Please use official documentation by DocuSign.
Note these URLs are for old v2 API, need to use v2.1 API
Recommend you try the Python Quickstart as it configures all you need to make API calls for you.
I am trying to hit microsoft to do list api using python program.
Api : https://graph.microsoft.com/beta/me/todo/lists , which resulted in error : Access is denied due to invalid credentials. But when I tried the api : https://graph.microsoft.com/v1.0/users, I am getting the results properly. The documentation of the api (https://learn.microsoft.com/en-us/graph/api/resources/todo-overview?view=graph-rest-beta) says "Currently, the API supports only permissions delegated by the signed-in user". Currently I am trying to get auth code and then auth token and then hitting the API. To act as signed in user, what method should I follow in python? Please note I am not using a web frame work. When I tried using flask and then hitting the API , it works. Need to know how a browserless console python application can serve the purpose.
Thank youin advance for the help
You are getting an App only token using a client credential flow and it doesn't ask for user credentials. Please check these Authentication flows and according to your requirement you can choose one of these and implement it. In other ways you can test your HTTP call in Graph Explorer by adding permissions there itself. Your call works here because you will login as user.
I am trying to download a file from a SharePoint Online data library via REST API which uses a multi-factor ADFS authentication, so far I found these posts (Post1, Post2) which talk about sending a SAML request to STS to receive a security token from https://login.microsoftonline.com/extSTS.srf, I have found multiple examples online which uses the same method to authenticate their requests. However, when I send the SAML request to the above Microsoft URL, I receive the error below.
AADSTS50126: Error validating credentials due to invalid username or password.
I have appropriate access to the SharePoint data library as I was able to get a valid response to an API request (to check available lists and not for authentication) when using a browser with authenticated session. Any idea on what I might be doing wrong or even if authentication is possible for MFA secured SharePoint library.
There is no official word in any Microsoft Documentation to confirm this. But MFA account + AAD token is not compatible.
You have to use a service account (username/password) without MFA enabled for it. This will work when you invoke the SPO web api using the service account for getting tokens.
When you have a browser session in open state, the token will be available in cookies & you will be able to access the library without issue. The same applies to POSTMAN or SOAP-UI testing.
Because MFA needs user interaction, this is not possible. Refer this github issue: Trouble spo login with an account with multi-factor authentication
We do "Application User" concept in Dynamics CRM for the same approach. Read more
I'm trying to use Basic Authentication in GitHub API. I wrote something like this:
reqURL = "https://api.github.com/repos/user/repo"
pullreqsURL = urllib.request.Request(reqURL)
pullreqsURL.add_header("Authorization", "Basic " + str(base64.urlsafe_b64encode(b'Username:myAuthTokenORpass')) )
pullreqsURL.add_header("Content-Type", "application/json")
pullreqsURL.add_header("Accept", "application/json")
urllib.request.urlopen(pullreqsURL)
However, it keeps throwing HTTPError.
With commented 3rd line it goes well.
Well. I've solved it using personal token instead of user:pass
pullreqsURL.add_header("Authorization", "token >mytoken<" )
It should be possible to authenticate via Basic Authentication with username/password.
Quote from the link:
Via Username and Password
To use Basic Authentication with the GitHub API, simply send the
username and password associated with the account.
However, I don't know Python, so I don't know whether str(base64.urlsafe_b64encode(b'Username:myAuthTokenORpass')) is the proper way to Base64 encode username/password.
As you mentioned personal access tokens, it's also possible to authenticate via Basic Authentication, but with an access token instead of your real password.
This is explained in my first link as well.
Quote:
Via OAuth Tokens
Alternatively, you can use personal access
tokens or OAuth
tokens instead of your password.
curl -u username:token https://api.github.com/user
This approach is useful if your tools only support Basic
Authentication but you want to take advantage of OAuth access token
security features.
I'm using this approach with success in a project of mine.
I'm trying to use python with suds to connect to a microsoft exchange server, but I can't authenticate and download the services.wsdl file.
I have also tried just using urllib2 to try and connect, but that also fails.
I can however authenticate and download the Outlook Web Access page.
I've tried using ntlm auth, but that also gives me a 401 error. Is there are way of checking what type of authenication I need, so I can check if I was using the type of auth in the first place.
Thanks
As specified in RFC 2617, "HTTP Authentication: Basic and Digest Access Authentication", the WWW-Authenticate response header tells you which method of authentication you should use in your request.
You can use https://www.getpostman.com/apps to know the type of authentication. Hit the url once from this, then from the errors you will get to know the type of authentication.