I have http patch request with Bearer Token Authorization. But the Http Request get a Unauthorized error from the Server, when making the exact same Request(console.log(url + token) and then copy it from the console) in Postman, it works.
What could be the Problem ?
this.getToken().subscribe((data: FormData) => {
const httpOptions = {
headers: new HttpHeaders({
'Authorization': ('Bearer ' + data['access_token'])
})
}
console.log("URL with " + httpOptions.headers.get("Authorization"));
this.http.patch("URL",httpOptions).subscribe((articledata: Article)=>
{
console.log(articledata);
})
});
So this should work, since copying the output and using it in Postman works, but i get a 401 Unauthorized.
For Anyone that needs it, i used http.patch wrong, the headers are the 3rd parameter after url and body.
Related
In a bit of a pickle at the moment , I could do a postman request like that and I get my data response back :
URL : https://hiddenurlforexample.com
Authorization : Bearer XXXXXXXX-XXXX-XXXX-XXXX
When I do it on Axios on my website though I get a 401 CORS error. Any idea what the difference is ? This is how my axios request looks like :
axios
.request({
url: 'test/url',
method: 'get',
baseURL: 'https://hiddenurlforexample.com',
headers: {
"Access-Control-Allow-Origin" : "*",
"Content-type": "Application/json",
"Authorization": "Bearer XXXXXXXX-XXXX-XXXX-XXXX"
}
})
.then(response => {
console.log(response.data)
})
.catch(function (error) {
console.log(error)
})
I am a Frontend Developer, I have been told that there was nothing to do in the backend .
What Chris G said, and next to that Postman ignores the CORS validation because it is a dev tool.
Your backend server should return the correct CORS headers. While developing you could go with a wildcard for the CORS headers but it's highly recommended to add the specific domain you're calling the backend from (i.e. the domain of your website).
Also note that the CORS headers are returned via an OPTIONS call, again, your backend should support that. What backend are you running?
I'm in the process of attempting to verify a JWT access_token against OneLogin's api as described here. My code is as follows:
const client_id = MY_CLIENT_ID
const client_secret = MY_CLIENT_SECRET
const token = MY_ONE_LOGIN_JWT_ACCESS_TOKEN
axios
.post(
"https://my-endpoint-dev.onelogin.com/oidc/2/token/introspection",
{ token, client_id, client_secret, token_type_hint: "access_token" },
{
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
}
)
.then((response) => {
console.log("response");
console.log(response);
})
.catch((err) => {
console.log("err");
console.log(err);
});
The endpoint appears to work fine, in fact when the JWT has become expired it gives me an error stating as such and I need to update the token I'm passing along. However, whenever I make a standard request as shown above with valid credentials and tokens I get the following error response:
{error: "invalid_request", error_description: "no client authentication mechanism provided"}
There's no documentation on the provided page that describes what is wrong with the request when that error is received. From the documentation, so far as I can tell, my request is formatted correctly.
I have verified that the Token Endpoint in OneLogin is set to POST, so my assumption that the client_secret should be in the body is documented as correct (though I did try it as Basic just to verify):
I've attempted searching for a solution, but the only thing close I've found advises that the Content-Type header may not be supplied. I've made sure to add that to the list of headers and have verified it shows up in the request, but still the error persists.
Any thoughts to what I may be missing here?
EDIT:
Attempted to do a cURL request and received a 200 response back with the same information. Leading me to believe it's something with the axios call that I have incorrect.
I get this message when I don't provide either the client_id or the client_secret. Hopefully you can validate that you are actually sending both in your request. Maybe you can try the request via postman to double check.
I ran into the same issue and finally figured out you have to turn the data into a query string: https://axios-http.com/docs/urlencoded
For example:
import qs from 'qs';
const data = { 'bar': 123 };
const options = {
method: 'POST',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
data: qs.stringify(data),
url,
};
axios(options);
I'm trying to post an image to my API.
Logging in works great and authentication works on that part.
Then when I try to authenticate for the POST request, using JWT bearer token that's returned from my identity server I get a 401 unauthorized.
Using the same id_token in postman and posting the same image works and gives me a ``200 success` along with storing the posted image.
Is there something wrong with the way I'm setting up the fetch?
const data = new FormData()
console.log(user)
event.preventDefault()
data.append("file", image, user.profile.unique_name.slice + ".png")
fetch(devUrl, {
method: 'POST',
headers: {
'Authorization': `Bearer ${user.id_token}`
},
body: data
})
.then(response => {
if (response.status === 200) {
setSuccessUpload(true)
}
})
UPDATE:
I'm incompetent and it turns out I was using id_token and not access_token like you should..
How can I send authorization credentials using fetch?
It worked using postman but on Chrome I keep receiving this message:
Request cannot be constructed from a URL that includes credentials
You can't define user:pass#host in the URL. Just set the Authorization http Header:
var headers = new Headers();
headers.append('Authorization', 'Basic ' + btoa(username + ':' + password));
fetch('https://host.com', {headers: headers})
Maybe you can use some extension like Modify Headers and include in it your credentials data like you are including un postman.
I am trying to query kibana to retrieve logs with the help of token received from authentication
Scenario: 1) Get a bearer token from a site by passing email and password
2) Use the above bearer token to query kibana host _msearch with body to get the json response (POST request returns a 302 and autoforwards to the content page)
The above works in postman and when i try to emulate the same in nodejs using the request library i get the status 302 and when i set the followAllRedirects:true flag i get redirected to the login page rather than the page with the contents.
Can you let me know where i am going wrong
var options = {
url: kibanaEndpoint,
headers: {
'Authorization': 'bearer token',
'kbn-xsrf': 'reporting',
'Content-type': 'application/x-ndjson',
},
body: jsonModified,
followAllRedirects:true
}
request.post(options, function (err, response, body) {
if (err) {
console.dir(err)
return
}
console.log(response.statusCode);
console.log(body);
})