I followed the instructions in https://medium.com/groupon-eng/swagql-582df83f7d19 and was able to generate a GraphQL schema from my Swagger documentation, start an Express node.js server and open GraphiQL locally on my browser.
The problem is, when I try to query any of my endpoints I keep getting the following error:
unable to verify the first certificate
Is there a simple way I can pass my api_key into GraphQL so that my queries are authenticated correctly?
To anyone having the same problem, I was able to bypass the error message by issuing a provider certificate and associating it to my site's binding in iis, then using the new qualified hostname as the Gofer baseUrl in the node.js client app.
Related
I'm trying to create a micro-service on Node to send requests on the Google Compute API via POST (for example here). This micro-service will be hosted on a App Engine application.
If I understand the documentation, I need to generate a JWT token before (with the google-auth-library) and send that token with the request.
I set up the env variable GOOGLE_APPLICATION_CREDENTIALS with the JSON file path of the Service Account used by the App Engine application on my debugger (to get the same authorization on my dev env).
But I can't reproduce the sample hosted on Github gave by the Google Documentation. I get error UnhandledPromiseRejectionWarning: ReferenceError: require is not defined because I'm using Node14 with "type": "module" on the package.json.
I searched but I found no solution on this. Do you have some hint ? Maybe I need to use a different code to generate JWT token or to authentificate these POST requests ?
Thank you
I am tying to connect to a secure api that requires a client ssl certificate and a key. The remote api gave me both of them and I'm able to connect to this api with postman without any issues.
Now, I have a node.js server hosted on Heroku and I need to send the client certificate and key with each request.
My question is how do I host this client certificate and key safely? In some kind of a folder (doesn't sound safe)? do I need heroku to host them for me for security reasons?
For the sake of the question I already host them in a regular folder and can perform my requests easily.
I'm new to SSl but do implementing this suggested solution is what I need?
https://devcenter.heroku.com/articles/ssl#manually-upload-certificates.
This Heroku docs talk about making the server a secure endpoint for users so it isn't relevant for me as my understanding goes- https://devcenter.heroku.com/articles/ssl-endpoint#ssl-file-types.
I got my answer by getting help from the Heroku support and by understanding better how to work with client certificate.
Eventually I have used environment variables to store the key and the certificate as a string.
Heroku support environment variables through their CLI and server setting.
Most answers online talking about receiving the certificate, my issue was where to store them to be sent to a remote secure API.
I hope somebody, will be able to use this answer.
I have an nodejs api which gives a valid response in postman/browser. Tried to add the api in WSO2 api manager and followed the steps in the tutorials to succesfully publish the api in API Manager. But when created an product and using an auth token to call the created API getting the failed to fetch error as below:
Have tried enabling cors which didnt solve the issue. The api from the apim store isnt hitting the node server api.
Copy and run that URL in a browser tab and accept the certificate. Then try again. It should work.
I am developing a nodejs app deployed as a azure website. I am using JWT tokens for authentication using jws. This uses node crypto module underneath.
I created a self-signed RSA256 certificate and have uploaded these files with my app. The app creates the jwt token using the private key without a problem. But when it validates jwt token from a client request, it fails throwing the following exception;
Exception Details:
System.IdentityModel.SignatureVerificationFailedException: IDX10503:
Signature validation failed. Keys tried:
'System.IdentityModel.Tokens.X509AsymmetricSecurityKey
System.IdentityModel.Tokens.X509AsymmetricSecurityKey
Azure uses iisnode, for iis-node integration. When I run this locally on a windows 2008 R2 server, my application verifies the token without any issues.
I ran a test javascript file via command line node, through visual studio online editor, to test token creation and verification. This test worked fine, which indicates the actual host is capable of handling the decryption.
My questions;
1) Has anyone used JWT on a azure node JS app?
2) Have you come across this exception?
Thanks in advance.
Finally solve this. I had to do two things to solve this.
Disable the azure AD authentication I had on for the site.
Remove password protection for RSS private key. The certificate is used only in the backend. So this is fine.
Im trying the run the code from node examples/simple_express3.js which is given in the link at my project at Github.
Can anyone explain me what http://localhost:8081/secret is trying to do?
How can I connect to my own Authentication server when the client is accessing http://localhost:8081/login