I'm trying to add Amplify Authentication to my iOS project but I'm strugling to find hot to setup a custom http header for my signin request.
I was looking for some way to do something similar to: request.addValue("hello", forHTTPHeaderField: "x-myheader") .
The current API does not seem to support this option through the simple Amplify.Auth.signIn(...) method.
Is there a way to configure this somehow?
Related
I have deployed a Google Cloud Function which requires authentication to be executed.
Then, I've scheduled this function using Google Cloud Scheduler, and setting authentication through OIDC token, which basically is an authentication header in the HTTP POST scheduled.
Now, I would like to provide some custom parameter to the Cloud Function as well, using the proper header in Cloud Scheduler, but seems not to work.
I'm afraid that is caused by what stated here, that is, authentication headers are overwritten.
Anyone faced the same issue?
How could be solved?
Thanks
You can use the Headers in Cloud Scheduler to add the headers that you want, except the Authorization header that is set automatically when you activate the OIDC auth.
You can also put some parameter in the body if you want, all depends where you would like to read the data (header or body.)
EDIT 1
I have a Cloud Run "logger" to simply logs the headers/body of requests. And it worked during my tests I have 2 custom headers + the authorization header automatically set. Have a look:
I am trying to utilize the OroCommerce Web API which was introduced to interact with my clients.
The first step of oauth2-token seems to be working well, but he consequent requests to the api's such as customers GET, customerusers GET etc all end up with 401-Unauthorized Error.
I am trying to test the whole flow through the POSTMAN.
I have checked the Web API access is enabled and also verified that the guest users are enabled.
What's strange is the the /api/doc seems to be working well, but when I try to mimic the same via POSTMAN, it always ends up with 401 -Unauthorized Access.
Any idea why it could be failing?
Make sure you included Content-Type and Bearer prefixed Authorization headers in the request built using POSTMAN. Like explained in the OroCommerce documentation.
The authentication with Bearer header also explained in POSTMAN documentation.
We are using Kong in our custom-services deployment system and we developed a new authentication plugin for Kong to suit our specific need.
All of this works well and we tested it doing this:
Register a new API (service)
Make a POST request to enabled the authentication plugin on the new API
While this works, it opens a window of opportunity for hackers to perform unauthenticated requests between 1. and 2. This is not acceptable obviously but I could not find a way to auto-enable the authentication proxy automatically.
Is there a way in Kong to either:
Auto-enable a given set of plugins for all new APIs.
Specify the list of plugins to enable when registering a new API.
Currently there is no way to automatically apply a plugin policy to an API at insertion time. There is another issue that could also help (but currently not implemented): https://github.com/Mashape/kong/issues/1279
Which would allow you to:
Add API, but enabled=false and no requests can be proxied to it.
Add plugins
Enable the API with enabled=true.
As of today, the only way would be:
Add an API with a fake upstream_url that goes nowhere.
Add plugins.
Update the API with a PATCH request to now point it to a correct upstream_url.
Since we updated our project to Swift 2 and Alamofire to version 2.0 we observe the following behavior regarding base auth: When we send a request (no matter what kind of) with authentication set, the request is always sent without authentication header the first time. After the backend answers with status code 401, alamofire adds the authentication header and and resends the request once again. We send the request using the following snipped:
Alamofire.request(request).authenticate(user: Config.serviceAuthUser, password: Config.serviceAuthPassword)
Is there a way to force Alamofire to include the authentiation header in every request? We want to avoid this kind of auth challenge for every request to lower network and server traffic. We had one solution working for iOS8, where we added the auth header in the session config of the shared instance of Alamofires Manager as follows:
Alamofire.Manager.sharedInstance.session.configuration.HTTPAdditionalHeaders = authHeader
But with iOS9 this does not work anymore, since only a copy of the configuration object is returned and modified.
Is there another way to avaoid this auth challenge process and force Alamofire to include the auth header with every request?
Making two requests is how the underlying URL Loading System was designed by Apple. The Alamofire authenticate methods simply allow you to provide the credentials to supply to the challenge if it occurs.
If you want to provide the header directly, the use the headers parameter on the request method. Additionally, you could insert the user:password credentials directly into the URL.
I looked through documentation on Event Notification (http://developers.box.com/webhooks/).
I would like to call an REST API, with basic authentication. Is there a way to do this?
like, customizing the HTTP headers (like adding Authorization:Basic ...) of the HTTP call triggered?
There currently isn't support for passing in special headers. You can, however, use HTTP Basic Auth by specifying it in the URL for event notifications to be sent to e.g.
https://username:password#www.example.com/path