I'm developing a Flask RESTFULL API with flask_jwt_extended library as extension for authorization.
Now, I have two usuals resources for register an user and for login, that works perfectly. With login resource an user can give their email and password and get back a token. From Postman this token works as expected using Bearer Token mode.
However, I need to make some requests directly from Python3 terminal. Until now, I was using a simple name-password authentication in my requests, so an example of a request would be:
import requests as rs
rs.get('http://localhost:5000/api/samples', auth = ('user', 'pass'))
Now, using jwt tokens, I'm trying the following:
import requests as rs
# xxxxxx is a really long string got previously with login resource
rs.get('http://localhost:5000/api/samples', auth = ("xxxxxx"))
but this approach give to me:
TypeError: 'str' object is not callable
In other posts I've checked that this type of authorization is made through headers, so I've also tried:
import requests as rs
# xxxxxx is a really long string got previously with login resource
rs.get('http://localhost:5000/api/samples', headers = {'Authorization': 'access_token xxxxxx'})
and the error here is an instantly 401 http response.
Hope someone could help me!
Thanks you in advance!
If someone comes here looking for an answer: you just need to add a header just like the following
headers = {'Authorization': 'Bearer {token}'}
Source: https://reqbin.com/req/python/5k564bhv/get-request-bearer-token-authorization-header-example
Related
def get_token():
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
data = {'client_id': 'XXX', 'client_secret': 'XXX', 'grant_type': 'client_credentials', 'scope': 'data:read'}
response = requests.post('https://developer.api.autodesk.com/authentication/v1/authenticate', headers=headers, data=data)
return response.json()['access_token']
print('Bearer ' + get_token())
response_form_templates = requests.get('https://developer.api.autodesk.com/construction/forms/v1/projects/:projectId/form-templates', headers={'Authorization': 'Bearer ' + get_token()})
print(response_form_templates.json())
print(response_form_templates)
I'm trying to use python requests to simply get back the form-templates and all I'm getting back is a 401 response and a message saying "Authorization failed". The few print statements in there are from my trying to debug what's going wrong, but with my client_id and client_secret in there, it gives me those errors.
Any idea as to what could be wrong would be really helpful, thanks.
Btw. we don't have an official Forge SDK for Python yet but there's a simple, unofficial one here: https://github.com/petrbroz/forge-sdk-python that you could perhaps use as a reference when building the HTTP requests yourself. For example, here's how the SDK retrieves the 2-legged access token: https://github.com/petrbroz/forge-sdk-python/blob/develop/src/autodesk_forge_sdk/auth.py#L147-L178.
You are using a 2-legged token instead of a 3-legged token. As you can see from the image below, you require a 3-legged token when you want to retrieve form templates.
Use this link and see how you can get a 3-legged token.
I am trying to get new access tokens before they expire using reconnect api endpoint, but the api call to https://appcenter.intuit.com/api/v1/Connection/Reconnect is being redirected to https://quickbooks.intuit.com/learn-support/en-us/do-more-with-quickbooks/third-party-app-security-requirements-updating-soon/01/428295, rather the expected response. Am i missing something here? Appreciate the help.
According to Intuit's documentation, you're using the wrong URL:
https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0#refresh-the-token
Did you try using the correct URL?
From the docs:
To refresh an access token, your application sends an HTTPS POST request to
Intuit’s authorization server
(https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer)
that includes the following parameters:
I'm using python3 to send a request to the Twitter Search API. I'm testing these requests in Postman, and then using the code snippit generator to copy and paste into my editor to run like so:
url = "https://api.twitter.com/1.1/search/tweets.json?q=twitter"
payload={}
headers = {
'Authorization': 'OAuth oauth_consumer_key="",oauth_token="",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1613517432",oauth_nonce="x",oauth_version="1.0",oauth_body_hash="",oauth_signature=""',
'Cookie': 'personalization_id=""; lang=en; guest_id='
}
twitter_response = requests.request("GET", url, headers=headers, data=payload)
The requests work just fine in Postman. But in my script, the request only works when the query parameter for the URL is "nasa". If I change it to anything else, I get error 32 Could not authenticate.
Is there some quirk about Python I don't know about when it comes to the Twitter Search API? Any guidance would be helpful here.
Sounds like you’re copying and pasting the OAuth headers from the Twitter Dev docs instead of calculating them with every new query. I think the docs use NASA as an example search query.
I was able to find a way around this by using the Tweepy API wrapper, which solved my OAuth issues. The headers weren't getting formatted properly for the request.
I am trying to send an auth header along with an axios POST request from inside a Vue application. I currently am getting a 401 from my back end with an auth header that works when I do a curl.
I've tried splitting it up into variables and putting it in but that did not work and resulted in the same error (401).
This is just the axios code I am trying to get to work. I have checked with console.log and all values I am trying to send exist, though I don't know how to check the axios headers before sending.
axios.defaults.headers.common["Authorization"] = JWTtoken;
axios.post(updateURL, {
token: result.token
});
The backend code can't be changed easily for testing so need to figure out why not sending from the front end
I'd like it to send the correct header along with my request so I don't get a 401 status code.
I think you need this..
axios.defaults.headers.common["Authorization"] = "Bearer " + JWTtoken;
axios.post(updateURL, {
token: result.token
});
Notice that I add Bearer in the Authorization. It is how JWT was meant to be used according to their introduction.
However, if the answer is wrong. Help us by providing more information about your response in Developer Console as #RuChernChong suggest. Any error logs would be helpful as well.
Another way by using Axios globals to set for example X-Auth-Token encoding from JWT.io directly like this:
axios.defaults.headers.common["X-Auth-Token"] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
I am trying to get data from Uni Stats API by sending a get request. Following is my code:
import requests
dt = requests.get(url='https://API_TOKEN#data.unistats.ac.uk/api/v4/KIS/Institution/10007856.json')
print(dt)
Whenever I run this code it returns me <401 Response> but If I try the same url https://API_TOKEN#data.unistats.ac.uk/api/v4/KIS/Institution/10007856.json in the Postman software it returns correct data in json format.
So I wanted to know how can I send a get request with requests which can return correct data?
requests.get('https://data.unistats.ac.uk/api/v4/KIS/Institution/10007856.json', auth=('user', 'pass'))
401 is an authorization error, provide authorisation to the request.get method.
Depending on your user agent, you may be able to include the access token in the url as in the following examples:
https://accesstoken#data.unistats.ac.uk/api/v4/KIS/Institution/{ukprn}/Course/{kisCourseId}
Emphasis added.