IBM Watson API Java SDK使用Watson令牌身份验证失败

Question

I use Watson APIs Java SDK and my Authentication was use function setUsernameAndPassword(username, password), but now I want to use Tokens for authentication .

my "Username and Password" Code

mAssistant = new Assistant("2018-02-16");
mAssistant.setUsernameAndPassword(mUserName, mPassword);
InputData input = new InputData.Builder("Hello").build();
MessageOptions options = new MessageOptions.Builder("{workspaceId}")
                                           .input(input)
                                           .build();
MessageResponse response = mAssistant.message(options).execute();
System.out.println(response);

it work fine.

I ues this method to get my token. curl -X GET --user "{username}:{password}" "https://gateway.watsonplatform.net/authorization/api/v1/token?url=https://gateway.watsonplatform.net/conversation/api"

Tokens for authentication
Method-1

mAssistant = new Assistant("2018-02-16");
Map<String, String> map = new HashMap<>();
map.put("X-Watson-Authorization-Token", "{token_string}");
mAssistant.setDefaultHeaders(map);
mAssistant.setSkipAuthentication(true);
InputData input = new InputData.Builder("Hello").build();
MessageOptions options = new MessageOptions.Builder("{workspaceId}")
                                           .input(input)
                                           .build();
MessageResponse response = mAssistant.message(options).execute();
System.out.println(response);

get the error code

E/WatsonService: POST status: 403, error: Forbidden
com.ibm.watson.developer_cloud.service.exception.ForbiddenException: Forbidden
05-07 16:05:57.720 10392-10476/mvi.rcu W/System.err:     at com.ibm.watson.developer_cloud.service.WatsonService.processServiceCall(WatsonService.java:401)
05-07 16:05:57.720 10392-10476/mvi.rcu W/System.err:     at com.ibm.watson.developer_cloud.service.WatsonService$WatsonServiceCall.execute(WatsonService.java:459)

Method-2

mAssistant = new Assistant("2018-02-16");
IamOptions options = new IamOptions.Builder()
                                   .accessToken(token)
                                   .build();
mAssistant.setIamCredentials(options);
mAssistant.setEndPoint("https://gateway.watsonplatform.net/conversation/api");
// do same ... 
// mAssistant.message(options).execute();
// ...

get error message

W/System.err: com.ibm.watson.developer_cloud.service.exception.UnauthorizedException: Unauthorized: Access is denied due to invalid credentials. Tip: Did you set the Endpoint?
W/System.err:     at com.ibm.watson.developer_cloud.service.WatsonService.processServiceCall(WatsonService.java:398)
W/System.err:     at com.ibm.watson.developer_cloud.service.WatsonService$WatsonServiceCall.execute(WatsonService.java:459)

If I want to use Tokens for authentication by Watson APIs Java SDK , what should I do?

Answer 1

EDIT: The below answer works with the token you got before. However, I just noticed that you called the token API using the https://gateway.watsonplatform.net/conversation/api URL. If you instead get a token with https://gateway.watsonplatform.net/assistant/api , your posted code should work fine.

---

Due to the Conversation -> Assistant rename, there seems to be an issue with authorization using the new name. Therefore, once you get your authorization token, you can use the setEndPoint() method to call the Conversation endpoint, like so:

mAssistant = new Assistant("2018-02-16");
Map<String, String> map = new HashMap<>();
map.put("X-Watson-Authorization-Token", "{token_string}");
mAssistant.setDefaultHeaders(map);
mAssistant.setSkipAuthentication(true);

// change here
mAssistant.setEndPoint("https://gateway.watsonplatform.net/conversation/api");

Assistant is just an alias for Conversation internally so your API calls should work the same.

Alternatively, you could just use the Conversation service directly, although at some point that will go away in favor of just the Assistant service.

Answer 2

There is actually an example in the README of the Java SDK : There is a method setIamCredentials() to configure how the Watson service, including Watson Assistant, handles the token-based access. It can manage token refresh for you if you provide the API key, or you pass in the token itself and need to take care of refreshs.

Not tested, but similar to the example for the Discovery service and adapted for you code:

mAssistant = new Assistant("2018-02-16");
IamOptions options = new IamOptions.Builder()
  .apiKey("<iam_api_key>")
  .build();
mAssistant.setIamCredentials(options);

Note that this is using the strategic IBM Cloud IAM (Identity and Access Management) , not the Watson service token. That feature was recently added to the Watson services and I would recommend using it. You can manage the API key using the UI or by bx iam commands.

Answer 3

The below code work fine for me, but I have the question, which method is better ?

Method-1

Get token by url https://gateway.watsonplatform.net/assistant/api

curl -X GET --user {username}:{password} "https://gateway.watsonplatform.net/authorization/api/v1/token?url=https://gateway.watsonplatform.net/assistant/api"

Use token

mAssistant = new Assistant("2018-02-16");
Map<String, String> map = new HashMap<>();
map.put("X-Watson-Authorization-Token", "{token_string}");
mAssistant.setDefaultHeaders(map);
mAssistant.setSkipAuthentication(true);

Method-2

Get token by url https://gateway.watsonplatform.net/conversation/api

curl -X GET --user {username}:{password} "https://gateway.watsonplatform.net/authorization/api/v1/token?url=https://gateway.watsonplatform.net/conversation/api"

Use token

mAssistant = new Assistant("2018-02-16");
Map<String, String> map = new HashMap<>();
map.put("X-Watson-Authorization-Token", "{token_string}");
mAssistant.setDefaultHeaders(map);
mAssistant.setSkipAuthentication(true);
mAssistant.setEndPoint("https://gateway.watsonplatform.net/conversation/api");