When using HUAWEI CLOUD online service APIs and online reasoning, authentication and authentication problems are often encountered. In authentication and authentication, it is often necessary to pass the general request of Token authentication.
You may encounter the following prompts:
{
"error_msg": "Incorrect IAM authentication information: x-auth-token not found",
"error_code": "APIG.0301",
"request_id": "0c134e4ce525caf33622234ae5f9e58"
}
or it could be:
{
"error_msg": "Incorrect IAM authentication information: decrypt token fail",
"error_code": "APIG.0301",
"request_id": "f2d47b88162ceb45ddf2b40eca276fc"
}
This kind of prompt is mostly because the sent request does not carry Token or the Token expires or is wrong.
Token is an access token issued by the system to an IAM user, carrying information such as the user's identity and permissions. When calling the interface of IAM and other cloud services, you can use the IAM user token obtained by this interface for authentication.
Token can be obtained by calling the Get User Token interface. This article records the solution to obtain the user's Token through interface service calls. Huawei Cloud is used as an example when recording, and the principles and solutions of other platforms are similar.
1. User authorization
1.1. Create an IAM user
In cloud services, IAM users represent specific entities and are used to manage and control access rights to cloud service resources. IAM (Identity and Access Management) is an authentication and access control service used to manage permissions between different users and resources in cloud services. IAM users are used as independent identities in cloud services and can be associated with security credentials (such as username and password, access keys, etc.).
First, we create an IAM user, click the user name in the upper right corner - unified identity authentication, enter the user management console
click create user:
enter the user name and password of the user to be created, open the access method of programming access and console access, and other options Keep the default selection.
1.2. Add the IAM user to the user group
Create a user group, include the newly created user in the user group, and authorize the user group
Here, for convenience, we directly include it in the admin user group:
2. Get Token
2.1. Send a request to obtain Token
After creating the IAM user and granting the correct permissions, you can get the Token later.
Here, Postman is used to obtain the Token through the Huawei interface. The url of the interface is: https://iam.myhuaweicloud.com/v3/auth/tokens?nocatalog=true, and the body uses the json format. The content is as follows, where domain.name is the name of the account to which the IAM user belongs (namely the main account name), and domain.name.name is the IAM user name (just set), domain.name.password is the IAM user password (just set)
{
"auth": {
"identity": {
"methods": [
"password"
],
"password": {
"user": {
"domain": {
"name": "你的用户名" //IAM用户所属帐号名
},
"name": "你的IAM用户名", //IAM用户名
"password": "你的IAM用户密码" //IAM用户密码
}
}
},
"scope": {
"project": {
"name": "cn-north-1" //项目名称
}
}
}
}
After the request is set, it is as follows:
Click Send, wait for a while and return a status code of 201, and a return similar to the following is successful.
2.2. Get Token
After getting a normal return in 2.1, open the returned Headers, and the X-Subject-Token column is the Token value of the account:
3. Token use
Copy the Token value obtained in the previous step.
When calling other interfaces, add "X-Auth-Token" in the request message header, and its value is Token. For example, if the Token value is "ABCDEFJ...", then add "X-Auth-Token: ABCDEFJ..." to the header of the request message when calling the interface.
For example, if you want to access an online service interface for image classification, after entering the url and request body, you need to add X-Auth-Token to the Headers: the Token value just obtained
In this way, you can successfully access the online service interface that requires Token verification.
It should be noted that the Token is generally valid for several hours. In actual projects, it is necessary to design a program to refresh the Token in time.