12-12-2021 01:59 PM - edited 12-12-2021 02:37 PM
Trying this for the first time:
1- I created My Apps & Keys
2- Setup everything in Postman.
3- This is basically my code:
import requests url = "https://cloudsso2.cisco.com/as/token.oauth2" payload='response_type=code&grant_type=client_credentials&client_id=THIS IS THE KEY&client_secret=THIS IS THE SECRET' headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'PF=xxxxxxxx } response = requests.request("POST", url, headers=headers, data=payload) print(response.text)
I get the following error:
{ "error_description": "Invalid client or client credentials.", "error": "invalid_client" }
What am I missing here; isn't "KEY" = client_id? Or is that a different value?
Quick update: I deleted it app, recreated it and now I'm getting this:
{ "error": "unauthorized_client" }
Thank you.
12-12-2021 03:10 PM
Hi there,
You need to pass the client_id and client_secret in the header. The request should look like:
response = requests.post(url, verify=False, data={"grant_type": "client_credentials"}, headers={"Content-Type": "application/x-www-form-urlencoded"}, params={"client_id": API_TOKEN_CLIENT_ID, "client_secret": API_TOKEN_CLIENT_PASS})
I wrote a blog post here which may help: http://cs7networks.co.uk/2019/07/12/interacting-with-cisco-apis/
cheers,
Seb.
12-13-2021 05:48 AM
Still not working, tried to follow your blog instructions but keep getting 'unauthorized_client' or some other message. That is what I thought that these should be sent in the header but Cisco docs confused me a bit. Any ways I tried sending everything in the header and same results:
import requests url = "https://cloudsso.cisco.com/as/token.oauth2" payload = {} headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'PF=lKxxxxxxx', 'grant_type': 'client_credentials', 'client_id': 'xxxxxxxxxxxxx', 'client_secret': 'vvvvvvvvvvvvvv' } response = requests.post(url, headers=headers, data=payload) print(response.text)
I get this:
{"error_description":"grant_type is required","error":"invalid_request"}
12-13-2021 06:30 AM
What API are you trying to access? If it is sometyhing on the Cisco API Console, have to registered for access?
cheers,
Seb.
12-13-2021 06:47 AM
Cisco PSIRT openVuln API: Cisco PSIRT openVuln API
But I haven't really gotten that far yet. I can't even generate a token using the script. Little more progress:
InsecureRequestWarning: Unverified HTTPS request is being made to host 'cloudsso.cisco.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings warnings.warn(
12-13-2021 07:54 AM
The PSIRT openVuln API used to be available to everyone, but at some point cisco restricted access. It doesn't even show up when I browse for it under available APIs, but thankfully I still have access. I would check if you can access the API before you go any further.
You can suppress that warning with the following:
requests.packages.urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
cheers,
Seb.
12-13-2021 07:56 AM
Thanks, I will try that. I need to go through all that token generation process just to get information on EoL stuff?
12-13-2021 08:22 AM
Sadly yes. When you get it working it is a sweet solution. An alternative I have considered (but not got very far on) is to hoover up the details https://tools.cisco.com/security/center/publicationListing.x
Here it is: https://github.com/sebrupik/endlessninth/blob/master/cvrf_scape.py ... feel free to make a pull request!!
cheers,
Seb.
12-13-2021 10:29 AM
Whew man this is rough. I have worked with few other vendor APIs and they are just so much easier. Just generating an API token is a night mare with Cisco.
So I have been able to get rid of the "verification error" and back to "unauthorized_client".
import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(InsecureRequestWarning) url = 'https://cloudsso.cisco.com/as/token.oauth2' CLIENT_ID = '22222222222' CLIENT_PASS = '33333333333333' headers = {"Content-Type": "application/x-www-form-urlencoded" } payload = {"client_id": CLIENT_ID, "client_secret": CLIENT_PASS, "grant_type": "client_credentials" } response = requests.post(url,headers=headers, data=payload) print(response.text)
I see the payload data includes all the required values and I have the client_id and client_secret from under My Apps and Keys. What am I doing wrong?
{"error":"unauthorized_client"}
12-14-2021 02:10 AM
The client id and client secret must be passed as parameters:
payload = {"grant_type": "client_credentials"}
headers_d = {"Content-Type": "application/x-www-form-urlencoded"}
params_d = {"client_id": CLIENT_ID,
"client_secret": CLIENT_PASS}
response = requests.post(url, verify=False, data=payload, headers=headers_d, params=params_d)
cheers,
Seb
10-10-2023 01:00 AM
Did you find an answer for this question?
"What am I missing here; isn't "KEY" = client_id? Or is that a different value?"
I don't quite understand where to get the client id from.
10-11-2023 06:20 AM
@emares Register your application and obtain your client credentials, your client ID and client secret.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide