i have a string token and post to header in other tab, but when send request its notice that : Resolved [org.springframework.web.HttpMediaTypeNotAcceptableException: Could not parse 'Accept' header {token} does not contain '/'
i can give infor from token before but after add header, it a exception
Related
I'm using a SpringBoot 2 (2.7.0) application (including Spring security 5.7.1) to secure REST endpoints with Keycloak for authentication and authorization. Everything works fine but the only thing which bothers me is when I don't set the bearer token I get a HTTP 400 response. The response itself is correct but the body of the response contains HTML (Keycloak login page).
Is there a way to avoid that the body of the response contains the login page? I would like to set a custom response body.
That is an expected default behavior. If you want to instead get relevant 4xx error instead, you can try setting the the "bearer-only" in your "keycloak.json" file so that it would not redirect API calls (i.e. AJAX calls from browser) to the login page:
{
...
"bearer-only": true
}
I am having problems in submitting POST request to secured Laravel API routes via Postman. My GET requests work fine, but my POST cant go through the security even though I have provided an api token.
So my question is: How properly to send POST request to secured Laravel API routes from Postman?
Add this is the request header.
[enter image description here][1]accept: application/json
content-type: application/json
authorization: "your_token"
Found the solution:
Set your Authorization to API Key:
Next, in headers section you need to add X-Requested-With field:
When i send Authorization Header from rest client(postman), also from browser, to back end springboot(2.0.3v) AuthorizationService (without API Gateway), the 'Authorization' Header will be exists and every flow works fine.
But when i send the same Header through API Gateway, The 'Authorization' Header will be missed. This header will be present in all filters of API Gate way. But it will be missed in backend(AuthorizationService)'s filter.
Kindly help what might be cause? any filter is intercepting to avoid Authorization Header? I have also registered CORS Filter with Access-Control-Allow-Origin to "" and Access-Control-Allow-Headers to "".
API gateway has a lambda proxy integrated when you are integrating lambda function with it, if ur wrapping a http url to it, you need to pass the header in Method integration section and also enable CORS by clicking on resource and manually adding the headers with custom name and enabling cors might help.
I want to customise OAuth Endpoint URI's.
I want to sent parameters in post body instead of query params.
now my request is like -
example.com/oauth/token?grant_type=password&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&username={USERNAME}&password={PASSWORD}
But I want it like this.
example.com/oauth/token
Request body -
{
grant_type=password,
client_id={CLIENT_ID},
client_secret={CLIENT_SECRET},
username={USERNAME},
password={PASSWORD}
}
How should I do it?
The token endpoint of a properly-implemented authorization server does NOT accept GET requests because RFC 6749, "3.2. Token Endpoint" says as follows:
The client MUST use the HTTP "POST" method when making access token requests.
So, your authorization server's token endpoint should reject GET requests.
RFC 6749, "4.3. Resource Owner Password Credentials Grant" says that request parameters of a token request using Resource Owner Password Credentials flow should be embedded in the request body in the format of "application/x-www-form-urlencoded". The following is an excerpt from "4.3.2. Access Token Request".
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
Therefore, you don't have to customize your authorization server. If the server is implemented correctly, its token endpoint accepts POST requests.
The token endpoint created by spring-oauth2 already deals with POST as well.
It would be hard to customize it to accept a JSON request body, because the TokenEndpoint class expects all the params as #RequestParam params.
However, if your concern is about security (as HTTPs does not secure query parameters) you indeed can send the request parameters through post. It is just a matter of sending the request in the form "form-data" or "x-www-form-urlencoded". These are 2 ways of sending arbitrary key-value parameters in the request body, in a way that appears to the server as they are regular request parameters. So it is a matter of making your client using this.
Also, note that in spring-oauth2 it is possible to disable the GET endpoint, this way forcing your clients to use POST with one of the ways above.
I'm using Tymon\JWTAuth with laravel
and I'm sending the requests like this
www.example.com/test?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjUzNywiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0Ojg4ODhcL3YyXC9zZWxmXC9hdXRoZW50aWNhdGUiLCJpYXQiOjE0NzE0MzI0ODMsImV4cCI6MTQ3MTQ3NTY4MywibmJmIjoxNDcxNDMyNDgzLCJqdGkiOiI4ZDVlZGE4MmE2MTZlMzM5NjgwMmFmZTk5NWI3N2Q1MCJ9.-t0El5nJj_pgNzpgtLy8EVLUsf9dp8RTLhWA3cK_Vmw
I want to move this token to header is that possible ?
Yes. You can send the token with header.
From the documentation:
To make authenticated requests via http using the built in methods, you will need to set an authorization header as follows:
Authorization: Bearer {yourtokenhere}