I have a problem with implementing csrf token in postman. I puted script and added enviroment. That is what I found on internet, but it is no working, why?
This is the error that I got.
Related
I have uploaded an image from the postman with form-data using passport token. but it gave me an error.
How can I solve this problem. I have tried all solutions but it can't work.
Header with Bearer Token and Route with auth:api middleware.
It's resolved by changing the PHP version. it's not working with the host when the PHP version is <= 7.3.15, its only works with IP. when updating the greater PHP version it's working in both(IP and host).
I'm creating a SPA using NextJS and I have a Laravel backend for my API. To authenticate my SPA I'm using laravel sanctum.
My API is on api.domain.com and my app is on domain.com
I've set these environment variables which are relevant to this issue:
SESSION_DRIVER=cookie
SESSION_DOMAIN=.domain.com
SANCTUM_STATEFUL_DOMAINS="domain.com"
When I log in I make a request to /sanctum/csrf-cookie to get my CSRF cookie, and I can see in my following requests I am sending the X-XSRF-TOKEN header with the value from the cookie.
I'm wondering if anyone else has had a similar issue with CSRF mismatches when using sanctum on different subdomains?
OK what ended up fixing my issue is changing the name of my session cookie to something without an underscore, very weird!
I am using drf + ReactJs to do social login am able to integrate google login and facebook login using django allauth package , but when I tried to integrate linkedin login getting error :
invalid redirect uri
TO be more precise am getting this error
allauth.socialaccount.providers.oauth2.client.OAuth2Error: Error retrieving access token: b'{"error":"invalid_redirect_uri","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"}
----few updates after tying out few fixes -----
Tried fetching the access token from backend and login the user using a seprate api it showed the redirect uri issue.
Tried directly calling the linkedin token url from postman and now I get Invalid request error.
First method worked after few tryouts but now getting incorrect value error.
Tried fetching code with scope as r_liteprofile but now getting 403 forbidden
{'serviceErrorCode': 100, 'message': 'Not enough permissions to access: GET /me', 'status': 403}
I tried changing url to backend and frontend both showing same error. Can anyone get me how to fix this issue ?
I am not sure what all additional details needed for sorting this out, Please let me know if any needed.
Finally able to find the solution
the issue was with the code generated from the sdk used to implement linkedin login in reactjs, which has only scope
r_emailaddress
r_liteprofile
Adding additional scope
w_member_social
And regarding redirect uri issue
we are suppose to use the same redirect uri in both frontend and backend
made things working , posting this here since it will help someone in future facing same problem.
thank you all
is anyone in here knows how to access the url below using angular 5? I want to access the url and retrieved the response cookies of it. Tried it over and over again but it seems like the cookies is not being retrieved. Thanks in advance.
http://localhost:3000/auth/jwt/callback?query=
I tried using postman and I successfully get the access_token. I have no idea how to do the same in typescript.
I'm learning how to develop a website using go and I've decided to try Goji. Everything is working fine except when I'm trying to use CSRF (goji-csrf) on a file upload I keep getting Forbidden - CSRF token invalid but when I removed enctype="multipart/form-data" in the template the csrf middleware is working fine.
Thanks for the answer in advance guys.