I am trying to send an auth header along with an axios POST request from inside a Vue application. I currently am getting a 401 from my back end with an auth header that works when I do a curl.
I've tried splitting it up into variables and putting it in but that did not work and resulted in the same error (401).
This is just the axios code I am trying to get to work. I have checked with console.log and all values I am trying to send exist, though I don't know how to check the axios headers before sending.
axios.defaults.headers.common["Authorization"] = JWTtoken;
axios.post(updateURL, {
token: result.token
});
The backend code can't be changed easily for testing so need to figure out why not sending from the front end
I'd like it to send the correct header along with my request so I don't get a 401 status code.
I think you need this..
axios.defaults.headers.common["Authorization"] = "Bearer " + JWTtoken;
axios.post(updateURL, {
token: result.token
});
Notice that I add Bearer in the Authorization. It is how JWT was meant to be used according to their introduction.
However, if the answer is wrong. Help us by providing more information about your response in Developer Console as #RuChernChong suggest. Any error logs would be helpful as well.
Another way by using Axios globals to set for example X-Auth-Token encoding from JWT.io directly like this:
axios.defaults.headers.common["X-Auth-Token"] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
Related
I'm developing a Flask RESTFULL API with flask_jwt_extended library as extension for authorization.
Now, I have two usuals resources for register an user and for login, that works perfectly. With login resource an user can give their email and password and get back a token. From Postman this token works as expected using Bearer Token mode.
However, I need to make some requests directly from Python3 terminal. Until now, I was using a simple name-password authentication in my requests, so an example of a request would be:
import requests as rs
rs.get('http://localhost:5000/api/samples', auth = ('user', 'pass'))
Now, using jwt tokens, I'm trying the following:
import requests as rs
# xxxxxx is a really long string got previously with login resource
rs.get('http://localhost:5000/api/samples', auth = ("xxxxxx"))
but this approach give to me:
TypeError: 'str' object is not callable
In other posts I've checked that this type of authorization is made through headers, so I've also tried:
import requests as rs
# xxxxxx is a really long string got previously with login resource
rs.get('http://localhost:5000/api/samples', headers = {'Authorization': 'access_token xxxxxx'})
and the error here is an instantly 401 http response.
Hope someone could help me!
Thanks you in advance!
If someone comes here looking for an answer: you just need to add a header just like the following
headers = {'Authorization': 'Bearer {token}'}
Source: https://reqbin.com/req/python/5k564bhv/get-request-bearer-token-authorization-header-example
I am trying to get data of below url using sync-request module.
https://api.github.com/repos/rethinkdb/rethinkdb/stargazers
I get the data when i call it in browser or through postman.
But i am getting 403 forbidden error when calling it using sync-request in my node api.
My code looks like this.
var request = require("sync-request");
var response = request('GET', 'https://api.github.com/repos/rethinkdb/rethinkdb/stargazers', {
headers: {},
json: true
});
I am able to fetch data of many other api's but not this one. Please help.
Response body already contains the explanation:
Request forbidden by administrative rules. Please make sure your request has a User-Agent header (http://developer.github.com/v3/#user-agent-required). Check https://developer.github.com for other possible causes.
It will work like:
var response = request('GET', 'https://api.github.com/repos/rethinkdb/rethinkdb/stargazers', {
headers: { 'User-Agent': 'Request' },
json: true
});
The use of sync-request is strongly discouraged because synchronousness is achieved via a hack and may block the process for a long time.
For sequential execution request-promise can be used together with async..await.
Try to use an access token along with the GitHub API call
like this
[https://api.github.com/repos/rethinkdb/rethinkdb/stargazers?access_token=f33d1f112b7883456c990028539a22143243aea9]
As you say the API works in the browser it should not be an issue.
When you use too many calls through the GitHub API they they give the following message
{
"message": "API rate limit exceeded for 192.248.24.50. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)",
"documentation_url": "https://developer.github.com/v3/#rate-limiting"
}
To overcome this issue you can use an access token using an access token you can to access the private repositories in your account as well .
Here is the link for to get an access token [https://github.com/settings/developers]
I am so confused,
all the Firebase authentication tutorial online are teaching how to login in frontend,
of course you can get the token and send it to server for verification if its a post request,
but what about normal get request like a page request? I have installed firebase-admin already but i didnt find any method for getting current user........
i am using node and express
for example
app.get('/', function(req, res) {
const idToken = (where can i get the token??)
console.log(idToken);
res.render('index.ejs');
});
You still have to arrange for the auth token to be sent in the HTTP request. You can do that with a header in the request. Sample code showing exactly this case can be found in the official samples. This will work for any HTTP method, and is a lot better than trying to use a POST body.
The sample uses the Authorization header to transmit the token and verifyIdToken() to make sure it's valid.
I'm trying to validate a webhook via facebook. So facebook hits my url my-url/facebook/receive within my route in nodejs i'd do res.send(req.query['hub.challenge']); to send an http response.
I'm using KoaJS. From what i understand, Koajs merges the request and response object into ctx but when reading through the docs I can't find anything along the lines of ctx.send or similar to send a http response.
Can anyone give me some direction or links.
Thanks.
To send the body of a response, you can simply do ctx.response.body = 'Hello'. There are many aliases attached to ctx, so you don't necessarily have to reference the response or request yourself. Doing ctx.body = 'Hello' would be the same as the code above.
If you wanted to set headers, you would use the ctx.set() method. For example: ctx.set('Content-Type', 'text/plain').
To access the query parameters, you would use ctx.request.query['some-key'] (or simply the alias ctx.query['some-key']).
All of the different request/response methods are documented pretty well at the Koa website along with a list of aliases attached to ctx. I highly recommend you give it a read.
Trying to write some mocha tests for my restify server. Some of the services require an Authorization header.
I am trying to set it this way:
var client = restify.createJsonClient({
version: '1.0.0',
url: 'http://localhost:9000',
headers: {Authorization:'Bearer ' + global.access_token}
});
but inspecting the request headers shows its not getting set, and my test is failing because of invalid credentials.
reading here, i believe i have the headers option.
http://restifyjs.com/#jsonclient
global.access_token is being set correctly.
Can someone help with some options on how to set that header?
Thanks
The header was getting set. there was a _headers node higher up in the stack and i could see that the Authorization header was getting set, but as the value:
'Bearer undefined'
So for some reason when the restify client was getting created it can not get the value from global, although its getting set in my test 01-test.
In the body of the 02-test, i can console the value and see it.
So either.
The value isn't set by the time the next test starts.
The value can't be retrieved in the restify client setup
Either way, I solved it by actually writing the token synchronously to a tmp file and reading it subsequent tests. Seems hacky, but maybe something else will come to mind.