I'm using AdonisJS to develop my backend API. As the project is growing big and belongs to a private company, I need to add a Bearer Token Authorization whenever calling an API endpoint. Just like this:
headers: {
Authorization: `Bearer ${token}`
}
Is there a way to achieve this in AdonisJS 5?
add auth middleware on route
example :
Route.get('posts', 'PostsController.index').middleware(["auth:jwt"])
Related
I am trying to use authentication with RestAssured.
Here is my code that does not work:
public static void authenticate(){
RestAssured.baseURI = "https://randomUrl/login";
RequestSpecification request = RestAssured.given().auth().basic("user#google.com", "password123");
Response response = request.get();
System.out.println(response.asString());}
A big reason for which this does not work is that I am missing certain things because when i look at the actual request in postman, there is more info in the tabs there as follows:
Authorization: Basic Auth:
Username:"client"
Password:"pass"
Headers:
Authorization: Basic Y2xpZW50OnBhc3N3b3Jk
Content-Type: application/x-www-form-urlencoded
Body:
username:"user#google.com"
password:"password123"
grant_type:"password"
My question is what are the missing pieces in my code and how do integrate them so that the authorization works?
Thank you
REST Assured doesn't send the credentials when using basic auth unless it's challenged by the server. If the server doesn't challenge, it won't send it. I this is the case you can use preemptive basic auth:
RestAssured.given().auth().preemptive().basic("user#google.com", "password123")
I hope below code can help you to resolve authentication issue
given().relaxedHTTPSValidation().auth().preemptive().basic("username", "token(in base 64 encryption")
I am trying to get a list of my accounts using
GET:https://api.xero.com/api.xro/2.0/Accounts with my access token.
The response is 401 / Unauthorized
My app has these scopes:
accounting.transactions
accounting.transactions.read
accounting.settings
accounting.settings.read
accounting.contacts
accounting.contacts.read
accounting.settings.read should be adequate according to the Scopes documentation
I am using the same PHP code used to GET:/Invoices which works fine, with headers:
Accept: application/json
authorization: Bearer $access_token
I am using a Custom Connection, as we have a machine-to-machine setup with no interface.
The App configuration screen, and available scopes are shown here:
I'm exploring the REST API of ArcGIS and I'm able to generate a accesstoken. But for further requests, for instance /MapServer/0?f=pjson I get 499 - Token Required.
I need to put that token I have in a header, but which one?
The tutorial for obtaining the token describes how to get it, but not what to do with it for rest of the calls.
Try setting either this header:
X-Esri-Authorization: Bearer <token>
Or this header:
Authorization: Bearer <token>
Details: https://enterprise.arcgis.com/en/server/latest/administer/windows/about-arcgis-tokens.htm
I'm trying to interact with Keycloak via its REST API. I have the master realm and the default admin user, and a test realm. Firstly, I get an access token for the admin account and test realm:
let data = {
grant_type : 'password',
client_id : 'test-realm',
username : 'admin',
password : 'admin'
};
let headers = {
'Content-Type': 'application/x-www-form-urlencoded'
};
axios.post(
'https://someurl.com:8080/auth/realms/master/protocol/openid-connect/token',
qs.stringify(data),
headers
)
That works ok. Then I try to make a call to create a user (or do anything else) and I get a 401 unauthorized error:
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Bearer ${accessToken}`
};
data = {
rep: {
email: "test#email.com",
username: "test#email.com"
},
path: 'test-realm'
};
axios.post('https://someurl.com:8080/auth/admin/realms/test-realm/users',
qs.stringify(data),
headers
)
Is that not the correct way to include the token? Is the access token the one you use for authenticating other API calls? Shouldn't the admin account's token work for authenticating calls to other clients with the master realm? Would it be some setting in the master realm that I have to change in the admin console? Any help appreciated.
I got a 401 error because I generated the offline token by using http://localhost:8080 and then I tried to request the api by using http://keycloak:8080 which is not allowed. Unfortunately the log doesn't tell you that.
To debug JWT tokens I recommend https://jwt.io/
Is that not the correct way to include the token?
This is a correct way.
You just do something incorrectly.
Please, refer for an example from keycloak-request-token Node.js module:
https://github.com/keycloak/keycloak-request-token/blob/master/index.js#L43
You use
client_id : 'test-realm'
but there is
client_id: 'admin-cli'
there.
Also, to create a user, you should use
'Content-Type': 'application/json'
You can refer for Node.js examples of Keycloak REST API here:
https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/lib/adminClient.js
Examples of other useful stuff like:
custom login
storing Keycloak token in the cookies
centralized permission middleware
can be found in the same project: keycloak-nodejs-example
I fixed it by enabling the below "Service Accounts Enabled" button under Settings for admin-cli
I had this issue and solved it by making sure that there is no more than 1 minute between the first and the second API request. So, if you are doing this manually (2 curl requests), the token may expire and you may get error 401. Nevertheless, you should use admin-cli as mentioned above.
I came this issue recently and after struggling for a while i figured. using a realm name containing white spaces will trigger 401 unauthorized error when interacting with via SDKs or API.
IN SUMMARY:
change: realm name
to: realm-name
I am new to React Native and Stripe API and have been trying to integrate the two for my payments module. So initially when I used the code as node.js docs described I'm getting an error because of HTTP module that is not available in React Native.
Until I encountered this blog describing a workaround using the Fetch API instead of the usual Stripe implementation. But when I run my code I am getting a 401 error which means Unauthorized or the key is invalid. Considering that my implementation and key is correct, what could be causing this error? Here's a sample code:
fetch('https://api.stripe.com/v1/customers', {
method: 'post',
headers: {
'Accept': 'application/json',
'Authorization': 'Bearer MY_TEST_KEY'
},
body: JSON.stringify({
firstName: 'John',
lastName: 'Doe'
})
})
Thanks in advance!
Unfortunately, it's not possible to do any of this in your mobile application as those calls require your Secret API key. You should never have the Secret API key in your mobile application otherwise an attacker could get his hands on it and then create charges, refunds or transfers on your behalf.
What you need to do here is create a card token first in your mobile application. You then send it to your server where you will create the charge or the customer using your Secret key.