I need to return error code 400, when user enter bad credintials for suppress browser's basic auth dialog
But i cannot change response code on server side.
I guess it is possible with some .htaccess rules, but google don't have a answer to my question, i just found solutions for 403 -> 404, but it don't work for me.
How can i do that?
You can send custom error responses but you cannot change the actual error code returned. That would be a very practice.
See https://httpd.apache.org/docs/2.4/custom-error.html
Btw, if you enter bad credentials, you will be taken to the 401 page. You'll only get the auth dialog again if you try to reload the page (or, try to load protected items from the 401 page itself, which of course creates an infinite loop and never allows you to escape the auth dialog).
Related
so i have a webpage with a login section. Login is done with .htaccess and .htpasswd file. That works fine. Now i need to style or customize the "unauthorized" page that results after closing the authentification prompt.
Here is my problem: If I request the page, .htaccess kicks in and wants me to authenticate, resulting in a status code of 401. But if I close the promt, I get the "Unauthorized
This server could not verify that you are authorized..." response with an status code of also 401 back.
Question: Is there a way to differentiate the statuscode 401 of a page pre authentification and after closing the promtp?
You might want to look at the documentation for this.
perhaps also set the 401 document
ErrorDocument 401 "/login.shtml"
The response of Authentication grand code for the request which i pass is 200 Ok. But am getting an html response in that. i couldn't find any code. Can You please help me.?
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature&client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXfeeb89&redirect_uri=https://localhost:44330/callback
This is the request which i send. But not receiving the authentication code. But It shows 200 OK.
In the admin tool, check that your integration key is set to use Authorization Code grant, not Implicit grant.
Also check that you've authorized your exact callback URI for your integration key.
If you're not getting any errors from DocuSign, then authenticate yourself and the your browser will then be redirected to your redirect uri, in this case https://localhost:44330/callback
Using inline form with ErrorDocument 401, how can I get an error message to be displayed when the user fails to login?
Expected features are to still work (e.g. login redirect). No login/logout URLs seen in user's browser. When the user logs out, the message should not be shown when they are 401'd back to the inline login page.
I am currently using an onsubmit function to set a flag in sessionStorage. If the page loads (body onload function) and sees this flag, it will show the error message (e.g. user entered wrong credentials and are back here again). This works fine, until they logout. They are 401'd to the login page and the flag is still there, so they see the error message.
I need to clear the message somehow.
Well, GET vs POST! The initial page load is a GET and the logout is a GET; so, only failed logins would be loading this page with a POST.
Let's activate SSI and use an env var (this is on both login and logout Location directives):
SetEnvIf Request_Method "^GET$" LOGIN-ERROR-CLEAR="1"
Inject some JS to our init to clear the sessionStorage:
<!--#if expr="reqenv('LOGIN-ERROR-CLEAR') == '1'" -->
sessionStorage.removeItem('login-attempted');
<!--#endif -->
Sounds logical...but, it doesn't work. The JS is not injected.
GET /logout -> 307 to "/" (due to AuthFormLogoutLocation "/")
GET / -> 401 with content of /login.html
error message is wrongly shown
All GETs, yet the JS was not injected. What is going on? I am back where I started before using SetEnvIf - there is no difference. It's not doing anything!
Is there a better way to trigger an error message and clear the trigger after successful login or logout? This shouldn't be this hard!
Found out I could use the variables directly in the SSI; so, I removed the SetEnvIfs from my vhost. Also, REQUEST_METHOD is the wrong one to use. REDIRECT_REQUEST_METHOD is the one to look for. In the end, this seems to be working:
<!--#comment This block uses SSI/mod_include. -->
<!--#if expr='v("REDIRECT_REQUEST_METHOD") == "GET"' -->
sessionStorage.removeItem('login-attempted');
<!--#endif -->
I keep getting this same OAuth error when trying to work with the github api. Sometimes it goes away but most of the time it stays. I have tried resetting my secret key, revoking all tokens, clearing safari cache but no luck. This is the error : error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fv3%2Foauth%2F%23redirect-uri-mismatch
All the forums say to fix this error, remove the redirect_uri parameter of my request which I have done.
This is my request: https://github.com/login/oauth/authorize?client_id=myclientid&scope=user,public_repo
Everything shows up and when I click authorize it redirects me back to my application but instead of giving me the code it gives me the error.
Either put http instead of https in your Authorization callback URL
in your GitHub OAuth apps settings.
http://www.example.com/oauth/complete/github/
Another Option
settings.py
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
When I try to access api.quickblox.com/session.xml to create a session, I get a 404 error.
I tried to access it in both browser and c#.
In the browser I get:
The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.
In C# I get
System.WebException: (404) Not Found.
You have to use POST request (not GET) to access to this API
Please read here http://quickblox.com/developers/Authentication_and_Authorization#Requests_and_Responses