I am doing a login via api using postman. But I noticed that it also accepts the query parameters when using POST method. I am not sure if this is the default way the Request works in Laravel so I would like to get some idea on how can I avoid on getting the data if it's being passed as query parameters. Basically I only want to process the login via api if the data is coming from the post body.
Thanks!
You can access only the parameters from query string by:
$request->query();
Similarly, you can access only the parameters from body by:
$request->post();
Related
I have an Appsnyc query which I would like to test via clients like Insomnia or Postman as I want to check what header parameters work when trying to access the appsync via client side code
The Appsync query has IAM authentication.
In header parameter, what should be given to execute the query. I understand ACCESS_KEY; SECRET_KEY and SESSION_KEY should be given but not sure about exact parameter key name?
Can you please help on this? Searched lot of documents but execution only using API KEY is given mostly.
For example: to test API KEY secured appsync, one has to give something like "x-api-key" under header parameter.
What works correctly for IAM secured query?
I used Laravel-8 for rest api. The route is shown below:
localhost:8888/myapp/server/api/v1/admin/role
It is a GET Request.
When I send it on POSTMAN, I got this error:
401Unauthorized
{
"message": "Unauthenticated."
}
In my route I have:
'middleware' => ['auth:api']]
The reason is because I don't know how to add the Login details. email: akwetey#gmail.com, password: mypass
How do I achieve this?
Thanks
This person walks you through the process nicely and should get you setup.
https://coding-lesson.com/api-authentication-with-laravel-passport/
Basically you need to:
Get to your login api, probably something like: localhost:8888/myapp/server/api/v1/login
Create a POST request to the login API, select the Body tab and define key values for you Email and Password
Then run the request and copy the AccessToken value from the results
Now with your API above, select the Authorization tab, choose Bearer Token as the Type and paste in your AccessToken value for the Token field
You should also go to your Headers table and define Accept and Content-Type keys, both with values of: application/json
Of course you'll want to then change all this to use variables after you get it right, so you don't have to keep repeating this with all your new API calls.
To fetch data behind protected routes you need to provide a token that will verify that the user who made the call is authenticated.
Then you have to provide the token in Authorization section of postman.
I assume you know the difference between Post and Get. Laravel works a little different then regular PHP, let me tell you how.
In order to access the protected routes you'll have to first access the token from login route. By sending the required data in .
Once that's done it'll return the token which can be used to access the protected routes under admin or auth middleware.
In your case you're accessing localhost:8888/myapp/server/api/v1/admin/role which is a protected route under admin middleware. You'll have to first access token and then send token with the get request to fetch the required data.
Short version
Do we need GuzzleHttp to redirect to local POST route? Can't we do this directly using redirect()?
Long version
Following this Laravel tutorial about using Passport authentication, the presenter talks about a way of hiding client_id to increase security (check at around 11:45 in the video).
The idea is to expose a new wrapper route that accepts only username and password fields and then the controller injects client_id on the server-side and makes a new call to Passport's original login route. This call is made using GuzzleHttp client. Response of the call is then returned by the wrapper route to the caller.
My question is: Do we really need to install and use Guzzle? Can't we redirect to Passport's login route using redirect() or some other built-in Laravel function?
You need Guzzle to make a HTTP request so that you can modify the response before sending it.
You will not be able to hide any data using redirect() because it will just tell the browser (client) to use the passport route directly.
To avoid making the HTTP a call you could get your route to run the code that the passport route runs and then modify the response that is generated. Making a local HTTP call should not be a problem though.
I have used postman to test request with Twitter API (https://api.twitter.com/1.1/statuses/user_timeline.json), but it gives me
{"errors":[{"code":215,"message":"Bad Authentication data."}]}
My header is:
Authorization:OAuth oauth_consumer_key="MLcGSZNPmn2un5DKbtgnYi8JY",oauth_token="%20751004957898342400-YYpLg5dayAHVkaG47H9NVVkZiE7Z2bc",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1468092744",oauth_nonce="ABCDEFGHIJKLMNOPQRSTUVWXYZ123456",oauth_version="1.0",oauth_signature="fkf0NE2PmDLQZY%2BzMa7gQmA72kU%3D"
and postman auth setting is:
How can I solve this?
Remove the space in
oauth_token="%20751004957898342400-YYpLg5dayAHVkaG47H9NVVkZiE7Z2bc"
it should be
oauth_token="751004957898342400-YYpLg5dayAHVkaG47H9NVVkZiE7Z2bc"
while sending request to twitter
Make sure that you are providing the query parameters which are required.
I received the same error, 215 Bad Authentication Data when I was not providing the only required query parameter, the search string q, in the GetUsers call. But since I did not intend to search for any specific user, I resorted to the Streaming APIs.
Hy.
Im continuing a spring web flow, using execution key. (an order paypal payment)
and would need to read query strings from get. &TokenID and &PayerID
this is how the URL looks like where Paypal redirects user after confirming payment:
/sampleflow?execution=e1s1&_eventId=approved&token=EC5D7416956W8431713&PayerID=TN2RE8ZTH67JN
if eventID is approved, my flow redirects to a payment confirmed state. This part is working.
I just need to get the query string parameters somehow.
Any way to do this?
I'm assuming you are trying to access the request parameters in the flow definition xml file. You can access the params using the EL variable requestParameters.
<evaluate expression="someService.doSomething(requestParameters.TokenID, requestParameters.PayerID)" />
http://docs.spring.io/spring-webflow/docs/2.3.x/reference/html/el.html#el-variable-requestParameters
The link above didn't work for me, but I was able to find the relevant page at this address:
4.4.6. requestParameters