Can anyone explain to me how to get a username and password from a request header in ruby?
While communicating with another system, before I was sending the user name and password and now I have changed the user name and password in both the system. But still, I'm getting #<Net::HTTPUnauthorized 401 Unauthorized readbody=true> error
maybe this one request.headers
E.g
request.headers['username']
Simplest way to do so is to access request.headers
request.headers[:password]
# or
request.headers['password']
If you're unsure about the headers you're sending/receiving you can always do
raise request.headers.inspect
Related
I am trying to add kakao login to my magento store but while calling I am getting this error after login
So I check the error https://developers.kakao.com/docs/latest/en/kakaologin/trouble-shooting against KOE006 which says 'You used an unregistered Redirect URI when requesting an authorization code.'. So I verified my redirect URI at [My Application] > [Kakao Login] which was correct.
Can you please let me know it's reason and solution?
My mistake I was using the key Native app key. Rather correct key is REST API key. I hope it will help you and save your time.
I have an asp.net web API. I implemented a token authentication that I am trying to validate user name and password from the database. I am new to JWT so I need your advice.
Here are my questions;
Should I encrypt username and password in my database?
The client sends the username and password in the request body, Should the client send them in the header? And should they be encrypted?
Best Regards.
You should absolutely encrypt your password in the database. Even better if you hash it with "salt" (hashing will let you implement the log in logic, but the original password will be unrecoverable even if you know the hash).
Sending the password in the request body is fine if the connection is protected by TLS (HTTPS). There's no gain in putting it in the headers.
Usernames are often stored in plain text.
P.S. Your question has nothing specific to JWT, it is just general password management.
I have used postman to test request with Twitter API (https://api.twitter.com/1.1/statuses/user_timeline.json), but it gives me
{"errors":[{"code":215,"message":"Bad Authentication data."}]}
My header is:
Authorization:OAuth oauth_consumer_key="MLcGSZNPmn2un5DKbtgnYi8JY",oauth_token="%20751004957898342400-YYpLg5dayAHVkaG47H9NVVkZiE7Z2bc",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1468092744",oauth_nonce="ABCDEFGHIJKLMNOPQRSTUVWXYZ123456",oauth_version="1.0",oauth_signature="fkf0NE2PmDLQZY%2BzMa7gQmA72kU%3D"
and postman auth setting is:
How can I solve this?
Remove the space in
oauth_token="%20751004957898342400-YYpLg5dayAHVkaG47H9NVVkZiE7Z2bc"
it should be
oauth_token="751004957898342400-YYpLg5dayAHVkaG47H9NVVkZiE7Z2bc"
while sending request to twitter
Make sure that you are providing the query parameters which are required.
I received the same error, 215 Bad Authentication Data when I was not providing the only required query parameter, the search string q, in the GetUsers call. But since I did not intend to search for any specific user, I resorted to the Streaming APIs.
Is there any way to tell on the client side if a users credentials are invalid? When I intentionally break a users credentials (change username), they are getting an generic error 101 (kPFErrorObjectNotFound). How can I prompt a user to resolve a a legitimate account issue?
I get the security implications of oversharing with error codes, but even a general "something is wrong with authentication" would help. Maybe there's no harm is prompting after error 101, but I'm not when else that error is used.
You could add a cloud function that you call and it checks if it has a user. If the user is correctly logged in then the passed token is converted into a user for the cloud code to access. Your cloud code can then return a simple response code which indicates if the login is valid or not.
I have read the page on implementing OAuth that Twitter have written. I've registered my app, it will only access my account, so I skip all the request token stuff. I have, from the "Your apps" page:
consumer token
consumer token secret
access token
access token secret
I write some ruby code and test its output against Beginner’s Guide to OAuth (suggested reading in the Twitter docs). I get the same output, i.e. the signature, the base string and the Authorization headers are identical.
However, when I connect to the Twitter Rest API and try the verify credentials command the response is invariably "Incorrect signature".
I try using different code (very similar to mine) from a gist by erikeldridge on github but it doesn't work either. Instead of connecting via cURL (using the curb library) I use Net/Http - same error response is returned.
I change over to using the OAuth gem. It uses Net/Http to connect. Same error response comes back.
Verify credentials isn't the only command I've tried to use in the API, but they all give the same error, whether it's GET or POST, requires extra params or not. I've been using the Search API successfully using the curb library without problems so I don't think it's the connection method.
What might I do to fix this?
Ruby 1.9.2; cURL 7.21.2; oauth 0.4.4; curb 0.7.8; json 1.4.6; OSX 10.6.5;
Even though your application is only accessing your data, you can't simply 'skip the request token stuff'. The request token is integral to the OAuthentication process.
Summarised, the 3 main parts of the OAuth process are as follows:
Get Request Token Key and Request Token Secret
Use Request Token to authorise application to access your data. This will provided the user(you) with a PIN
Use the PIN to exchange the Request Token and Secret for an Access Token and Secret.
A more detailed OAuthentication flow can be found here.
It's fixed - I regenerated the Consumer key and secret on the Twitter site and it started working. I've no idea why the previous set didn't work - the code was solid (works all the time now) and the details were correct. Perhaps they (Twitter) could provide more detailed error messages? But I'm happy :)