I am trying to login using swagger-ui and connexion.
To do this, I go through the login, get a token. I substitute this token in the header. I'm authorizing (it seems like it was successful as say swagger-ui), but when I try to make a request, I get an error
AttributeError: 'NoneType' object has no attribute 'get'.
Looking at the source code - this method is here - https://github.com/zalando/connexion/blob/master/connexion/security/security_handler_factory.py#L339
Apparently, this is due to the fact that auth_funcs = []
Although there is a title in the request itself. If you test through postman, everything is fine too.
openapi.yml
paths:
/articles/catalog/article/<article_id>/note/add:
post:
security:
- bearerAuth: []
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
Related
I'm trying to get the OAuth Token to get auth access to some of the FedEx APIs ( like Track API for tracking shipments ), but I get a
401 (NOT.AUTHORIZED.ERROR -> "The given client credentials were not valid. Please modify your request and try again") error.
(At the moment, I'm using Postman to try and test the APIs.)
Here is the url I'm using, found provided by FedEx:
https://apis-sandbox.fedex.com/oauth/token
I've followed ( to my understanding ) how the body and headers should be set:
Headers: Content-Type: application/x-www-form-urlencoded
Body: x-www-form-urlencoded (Postman option):
grant_type: client_crendentials
client_id: ***PROJECT_API_KEY
client_secret: ***PROJECT_SECRET KEY
After sending, I only get the error message above. I checked / doubled-checked my API keys, but I can't seem to get it to go through.
Any ideas?
postman settings:
POST - URL https://apis-sandbox.fedex.com/oauth/token
Headers - Content-Type: application/x-www-form-urlencoded
Body - x-www-form-urlencoded:
grant_type: client_credentials
client_id: *******
client_secret: *******
(information gotten from https://developer.fedex.com/api/en-us/catalog/authorization/v1/docs.html)
The sandbox API credentials are not immediately usable when creating a new account. It took >1 hour for me to get a registration complete email from FedEx after which the sandbox credentials became valid.
I am trying to build an application using VueJS and Django. I am also using Graphene-Django library, as the project utilize GraphQL.
Now, The authentication works fine and i get a JWT Token back.
But when i use the token for other queries that need authentication, i got this error in Vue:
"Error decoding signature"
and the Django Log also returns this:
graphql.error.located_error.GraphQLLocatedError: Error decoding signature
jwt.exceptions.DecodeError: Not enough segments
ValueError: not enough values to unpack (expected 2, got 1)
the bizarre thing is that the same query when executed in Postman just works fine.
As i mentioned in the title is use Axios for my requests, here's an example of a request:
axios({
method: "POST",
headers: { Authorization: "JWT " + localStorage.getItem("token") },
data: {
query: `{
dailyAppoint (today: "${today}") {
id
dateTime
}
}`
}
});
Note: It uses 'JWT' not 'Bearer' because somehow 'Bearer' didn't work for me.
Ok, couple of questions, does you API work without Vue.js from curl. Generate token, check API from curl.
If it does, then check the Headers sent from the request, from Network Inspector, mozilla dev tools/chrome devtools. And update your Post with those RAW Headers.
This particular error arises when your public key is unable to decode the string[token] signed by your private key. Which ultimately means the access token has been tampered with. It could also mean you're sending values like 'unkown'-- JS state initialization error.
Check the RAW headers of the request. It'll help.
Use a request interceptor to set the Authorization header:
axios.interceptors.request.use(config => {
if (localStorage.getItem("token") != null)
config.headers["Authorization"] = "JWT " + localStorage.getItem("token");
return config;
});
I am using an auth API using JWT and it works great.
This API is being used to authorize users for my web app. For this to work, I store JWT access_tokens as cookie manually with Flask.
I secure my resource with #JWT_required decorator and if I try to access a secure resource with a valid token everything works fine.
However, if the access token is missing or invalid/expired I get a JSON saying:
{
"message": "Missing cookie \"access_token_cookie\""
}
This is obvious the right message but rather then showing a JSON I want to redirect to the appropriate statuscode error page that is provided by Flask - in this case 401.
I have tried adding error handling for Flask and JWT Manager
Custom decorator, although I have played only poorly with this as I believe there has to be solution within FLASK-JWT-extended
#app.route('/dashbord')
#jwt_required
def dashbord():
return render_template('dashbord.html', title='Home')
My goal is to redirect to appropriate error page 404, 403, 401 if anything is wrong with the access token.
THE SOLUTION:
#jwt.unauthorized_loader
def my_invalid_token_callback(expired_token):
return render_template('401.html', title='Home')
Here's the solution Benjo posted at the bottom of his question:
#jwt.unauthorized_loader
def my_invalid_token_callback(expired_token):
return render_template('401.html', title='Home')
Here is the documentation for changing the results for invalid tokens: https://flask-jwt-extended.readthedocs.io/en/stable/changing_default_behavior.html#changing-callback-functions
I'm running a flask api and I want to write some tavern tests for it. I use a basic base64 encode for the username and password that I send in the header when making requests which works fine on the API but I can't seem to get it to work for tavern.
stages:
- name: login
request:
url: url
method: GET
headers:
Authorization: Basic aGVsbG9zdGFja292ZXJmbG93
accept: application/json
response:
My api keeps refusing the authorization and without the Basic tag it doesn't recognize the format. Here is the flask authorization logic:
try:
api_key = base64.b64decode(api_key)
username, password = api_key.split(':')
if password == users[username]:
user = User(username)
return user
except TypeError:
current_app.login_manager.unauthorized()
All help/suggestions are appreciated
There's documentation on this feature here: https://taverntesting.github.io/documentation#http-basic-auth
We are using swagger for api documentation.
I'm facing an issue on tryit out. Basically the rest endpoints which we indent to call from swagger requires
Cookie(ex: cookie : token=xxxxx;) and User-Agent(User-Agent:custom values;) parameters.
But when I try to set this parameter
Cookie is not send as part of the request.
User-Agent is being overridden by browser values. I tried on firefox and chrome both.
I did tried search online but didn't find suitable answer solve my issue, There were suggestion to set
useJQuery: true and withCredentials: true to set the cookies, but non worked fine.
Any suggestion on this?
As presented on their website:
In OpenAPI 3.0 terms, cookie authentication is an API key that is sent
in: cookie. For example, authentication via a cookie named JSESSIONID
is defined as follows:
openapi: 3.0.0
...
# 1) Define the cookie name
components:
securitySchemes:
cookieAuth: # arbitrary name for the security scheme; will be used in the "security" key later
type: apiKey
in: cookie
name: JSESSIONID # cookie name
And then at the endpoint level:
paths:
/users:
get:
security:
- cookieAuth: [] # note the arbitrary name defined earlier
description: Returns a list of users.
responses:
'200':
description: OK
For swagger: "2.0" you can define cookie authentication like this:
securityDefinitions:
cookieAuth:
type: apiKey
name:
Cookie # this is actually the Cookie header which will be sent by curl -H
in: cookie
Referencing it at the endpoint is done the same way as for OpenAPI 3.