In API Blueprint, how do I avoid using the same request Authorization header block over and over for every endpoint?
+ Request (application/json)
+ Headers
```
Authorization: Bearer ***
```
Related
I am using HTTPoison to send request to the Paypal api. Here is the paypal documentation for using its api for logging in: https://developer.paypal.com/docs/log-in-with-paypal/integrate/
When I get the code, and try to exchange it for an access token, I get this error: "{\"error\":\"invalid_client\",\"error_description\":\"Client Authentication failed\"}",
Here is how HTTPoison.post!/3 post request:
url = "https://api-m.sandbox.paypal.com/v1/oauth2/token"
headers = [
Authorization: "Basic #{ClientID}:#{Secret}"
]
body = "grant_type=authorization_code&code=#{code}"
HTTPoison.post!(url, body, headers)
This shows the a status_code: 401 and {\"error\":\"invalid_client\",\"error_description\":\"Client Authentication failed\"}", error.. How can this issue be solved?
HTTP Basic Authentication requires the value to be base-64 encoded. Try doing that:
Authorization: "Basic " <> Base.encode64("#{ClientID}:#{Secret}")
I have a Vue frontend, an Auth0 and Fastify backend. CORS is configured as follows:
fastify.register(require('fastify-cors'), {
origin: 'http://localhost:8080',
methods: 'GET,PUT,POST,DELETE,OPTIONS,HEAD',
allowedHeaders: 'Origin, X-Requested-With, Content-Type, Accept',
})
Frontend headers configuration:
this.$auth.getTokenSilently().then(token => {
this.headers = {
Authorization: `Bearer ${token}` // send the access token through the 'Authorization' header
};
The problem is common:
Access to XMLHttpRequest at 'http://127.0.0.1:3000/dir' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I've read a lot about CORS, know this is a browser side problem (Insomnia sends requests perfectly). Actually, I do not have clear understanding of what else I should allow and how. Basically I need only standart GET, PUT, POST, DELETE requests allowed. Could you please point out the exact configuration problems in my code?
First 401 was caused by OPTIONS request without autentication token. Actually it should be seamlessly processed by a fastify-cors. But due to an incorrect order of initialisation of on-request hooks (first - mine to autenticate, using fastify-auth0-verify, second - implicit hook from fastify-cors), it never invoked. So you need a precise order of hooks explicit and implicit initialization: first - cors, then second - authentication.
The second problem, 401 on the following POST, happened because of incorrect usage of an axios request params on the frontend Vue side. Headers like { Authorization: 'Bearer SomeVeryLongSecretXYZ'}were passed as, for instance, ...post(url, data, this.headers), but there must be {headers : this.headers}.
Final configuration for CORS:
fastify.register(require('fastify-cors'), {
origin: '*',
methods: 'GET,PUT,POST,DELETE,OPTIONS',
})
I'm trying to set a JWT token authentication on a VueJS client and PHP API (using Zend and firebase).
I manage to log an user in with the creation of a JWT token stored in LocalStorage. Now I would like to send back this token to the API (so as to the API decode the JWT and return associated infos). I try to set the "Authorisation: Bearer + token" in the header from VueJS using axios but I always have a problem.
Here is a code snippet :
function getInfos() {
return axios({
method: 'get',
url: MYURL,
headers: {
Authorization: 'Bearer ' + localStorage.getItem('user')
}
})
.catch(handleResponse)
}
First I got this error :
Access to XMLHttpRequest at 'MYURL' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Then I don't have any Authorization in header when I want it in my PHP API :
header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Headers: *');
$request = new Request();
I know that I probably have to use
axios.defaults.headers.post or maybe axios.interceptors but I'm a beginner so I have no idea how to use it properly..
I hope someone will be able to help me ! Thank you
I think * doesn't work when setting custom headers you have to Type in header('Access-Control-Allow-Headers: Authorization') atleast that's an issue i had
Generating the request to list the vpc details with IAM token which is kept in authorization header - The request has been generated from React App -
https://urls.cloud.ibm.com/v1/vpcs?version=2019-08-06&generation=1
Configuration
config = {
headers: {
"Authorization": "Bearer lmtmlmlm",
"Access-Control-Allow-Origin": "*"
}
}
The request was failed during the pre-flight request, it seems that the browser request headers are asking the server for permissions to make the actual request.
Can you suggest to overcome the problem.
The instructions here worked well for me: https://cloud.ibm.com/docs/vpc-on-classic?topic=vpc-on-classic-creating-a-vpc-using-the-rest-apis
I noticed you used the url: https://urls.cloud.ibm.com while these docs suggested https://us-south.iaas.cloud.ibm.com
rias_endpoint="https://us-south.iaas.cloud.ibm.com"
iam_token='Bearer zzzrandomstuff...eyJraWQiOiIyMDE5MDUxMyIsImFsZyI6IlJTMjU2In'
version="2019-05-31"
curl -X GET "$rias_endpoint/v1/vpcs?version=$version&generation=1" -H "Authorization: $iam_token"
Working with Django REST Framework JWT at server side and AngularJs and Restangular at client side, when I set username and password in header:
RestangularProvider.setDefaultHeaders({'Authorization': 'Basic ' +$base64.encode('username:password')});
it works correctly.
But when I set token as part of header :
RestangularProvider.setDefaultHeaders({Authorization:'Bearer '+ StorageService.get("access_token")});
I get 401 (UNAUTHORIZED) error.
My viewset:
class BookViewSet(DefaultsMixin, viewsets.ModelViewSet):
queryset = Book.objects.all()
permission_classes = (permissions.IsAuthenticated,)
serializer_class = BookSerializer
Setting:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication'
),
}
Request Headers (part)
Request Headers
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Authorization:Bearer"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRqYW5hdGkxMUBnbWFpbC5jb20iLCJleHAiOjE0NDc2NzYxNDcsInVzZXJfaWQiOjEwOSwidXNlcm5hbWUiOiJwcDEiLCJvcmlnX2lhdCI6MTQ0NzY3MzE0N30.ImkGmK9_TNU5lCvcGzgNi-1XS_Q4c_AxHSnJOcjn6O8"
...
Thanks for your help!
I assume this is the JWT token type. In that case you should use the following format in your header:
Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InRqYW5hdGkxMUBnbWFpbC5jb20iLCJleHAiOjE0NDc2NzYxNDcsInVzZXJfaWQiOjEwOSwidXNlcm5hbWUiOiJwcDEiLCJvcmlnX2lhdCI6MTQ0NzY3MzE0N30.ImkGmK9_TNU5lCvcGzgNi-1XS_Q4c_AxHSnJOcjn6O8
In my case, the token was not being sent.