cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

596
Views
20
Helpful
11
Replies
Highlighted
Beginner

PSIRT OpenVuln API authentication issue

I am trying to use the openvulnquery python script and I am getting a 401. I also have been trying to use curl as shown in the documentation (https://community.cisco.com/t5/services-documents/accessing-the-cisco-psirt-openvuln-api-using-curl/ta-p/3652897) to test the credentials and this is not working either. I have registered two apps in the API console with client credentials. The python script is passing the credentials. 

Is this service working for others? I am pretty sure I have this all setup correctly. Just not sure what is wrong. Any pointers? 

11 REPLIES 11
VIP Advisor

Re: PSIRT OpenVuln API authentication issue

Hi there,

A quick test shows it is currently working in postman.

 

Can you share your python code which deals with creating the OpenVulnQueryClient object which manages the API connection.

 

You may also want to read this:

https://configif.wordpress.com/2019/07/12/interacting-with-cisco-apis/

 

cheers,

Seb.

Beginner

Re: PSIRT OpenVuln API authentication issue

Here is the curl I am using: (venv)chris.young@prdch3nix01 /home/networkteam/intermapper> curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=fx7ynshh8j4ud3f9zxpXXXXX" -d "client_secret=Y3ZA7BxmWsYsqsZNrcUXXXXX" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2
{"error_description":"Invalid client or client credentials","error":"invalid_client"} <- I obfuscated the client_id and secret. this is what I get

 

For python code - I am using the provided openvulnquery code from github and I have created a credentials.json file with the credentials and passed them as an argument. I also tried editing the config.py - neither worked. 

 

(venv)chris.young@prdch3nix01 /home/networkteam/intermapper> openVulnQuery --config credentials.json --all
Traceback (most recent call last):
File "/home/networkteam/intermapper/venv/bin/openVulnQuery", line 11, in <module>
sys.exit(main())
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/openVulnQuery/_library/main.py", line 58, in main
client = query_client.OpenVulnQueryClient(**client_cfg)
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/openVulnQuery/_library/query_client.py", line 73, in __init__
client_id, client_secret, request_token_url=self.auth_url)
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/openVulnQuery/_library/authorization.py", line 22, in get_oauth_token
r.raise_for_status()
File "/home/networkteam/intermapper/venv/lib/python3.4/site-packages/requests/models.py", line 909, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://cloudsso.cisco.com/as/token.oauth2?client_secret=Y3ZA7BxmWsYsqsZNrcUXXXXX&client_id=fx7ynshh8j4ud3f9zxpXXXXX

Beginner

Re: PSIRT OpenVuln API authentication issue

cat credentials.json
{
"CLIENT_ID": "fx7ynshh8j4ud3f9zxpXXXXX",
"CLIENT_SECRET": "Y3ZA7BxmWsYsqsZNrcUXXXXX"
}

Beginner

Re: PSIRT OpenVuln API authentication issue

Two different registered apps, two sets of credentials. Same result. 

openvuln-creds1.PNGopenvuln-creds2.PNG

Beginner

Re: PSIRT OpenVuln API authentication issue

API Console app settings

 

openvuln-app-settings.PNGopen-vuln-registration.PNG

VIP Advisor

Re: PSIRT OpenVuln API authentication issue

Hi Chris,

I've got to hand it to you, your testing certainly is thorough!

 

I have just tried to create a new application at apiconsole.cisco.com for the PSIRT API, but the API is no longer available to me....thankfully I still have my old application registered so have retained access.

 

I can only suggest that you raise a support ticket with cisco as this appears to be some backend issue.

@Omar Santos can you shed any light on the status of the PSIRT API?

 

cheers,

Seb.

Beginner

Re: PSIRT OpenVuln API authentication issue

Seb,

 

 I tested with your python script too!

Cisco Employee

Re: PSIRT OpenVuln API authentication issue

Hi @chris.young ,

 

I think that I have reproduced this problem and reported it to the API development team. They are looking into this now. I am expecting a resolution/answer today. I will provide an update here (once I get one) and I will contact you directly now to troubleshoot further.

 

Thanks!

Omar

Beginner

Re: PSIRT OpenVuln API authentication issue

@Omar Santos  - thanks for your assistance!

 

Cisco Employee

Re: PSIRT OpenVuln API authentication issue

I worked with the development team for both the PSIRT OpenVuln API and the Services API. We thought that we were able to reproduce your problem, but we are successful after many new registration of applications/client creds. Can you please try one more time to get new client credentials and or send me a direct message so that I can give you a couple to test?

Beginner

Re: PSIRT OpenVuln API authentication issue

@Omar Santos 

 

Either something was fixed or third times the charm on registering apps. 

The first two registrations did not work. The new one I created today worked!

 

Thanks @Omar Santos and @Seb Rupik for your assistance.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here