I have a client that authenticates to API platform, token is generated and send back to client. Client embed the token in the requests header, but still have a 401 error return from the server : JWT not found. It is in the header thougth (verified with FIrefox)
Have you already had this issue ? (further posts without response).
Is there a possibility Apache or firewall blocks the token ?
How can I find the issue source?
NB: the excat same config was working well on dev server in local. Just clone the git to server and and made acomposer made a composer install. I tried to reinstall lexik, regenrate the .pem.... nothing work
Thank you for your help
Related
I have set up SSO using weblogic on windows and Kerberos, It is working fine for the http pages, however I observed a strange behavior on https pages which requires CONFIDENTIAL setting for the transport, It works fine if I first access a page on http which is not configured as secured in web.xml(Transport-Gurantee as None) and then the https page.
But If I try to hit the https url directly which is configured with Transport-Gurantee as CONFIDENTIAL then it shows the Basic Auth Dialog and a 401 Unauthorized response, Looking at the logs I see that the Server responded with the WWW-Authenticate but browser showed the Basic Auth Dialog in response instead of getting the Authorize token.
Does anyone has any idea on what might be issue here, If there is any problem with the browser settings then it would not have worked irrespective of accessing the http url first.
I can see the following error log in weblogic console
Malformed request "Can not parse URI from http request". Request parsing failed, Code: -1
Found one of the link here
SPNEGO on IBM WebSphere Portal 6.1 with https
For my case it is weblogic 12c , I don't think reinstalling 12c is a valid solution for it
Ok I got it fixed , It turns out to be an issue with the browser configuration , the https://myserver.domain.com was not inside the intranet domain and the control to do that rests with the windows Admin team, once they added it , the https urls are also working fine.
I keep getting 401 Forbidden response testing our IIS based WebAPI calls using my Windows credentials in Postman version 6.0.10. Is there a workaround for this in Postman without using a hack like running Fiddler as a proxy in the background?
Maybe try without the ssl certificate.
https://www.getpostman.com/docs/v6/postman/launching_postman/settings
I had implemented the code to received authorization code as described in this step:
https://developers.google.com/android-publisher/authorization#generating_a_refresh_token
We deployed this code to one server that has "https://..." domain and this works well. We can get the access_token, refresh_token...
But now we need to deploy the same code to a dev server that has no "https".
I created a new OAuth client id with redirect uri using the dev server (no https, the rest /api/v1/... is the same as the previous working server)
Now anytime I tried to go to this url and Allow access
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=http://dev_server/api/v1/...&client_id=dev_server_client_id
I got 401 Unauthorized.
I'm not sure why, but the only difference I can see is "https" vs "http".
Any idea why?
Thank you very much.
Actually I forgot to update the corresponding values in my code
const oauth2Client = new OAuth2(
config.googleApi.clientId,
config.googleApi.clientSecret,
config.googleApi.redirectUri // <= Especially this value
);
These values need to be updated to (beside values on google console).
I am trying to get the response back from API using Postman native app in windows 10.
I am in my company system which uses proxy, so i need to pass proxy credentials for every request which i send from my system.
As per postman documentation, i set proxy settings but still getting 401: Unauthorized error.
Postman Proxy Settings
Other suggestion was to use Basic Authentication while sending a request. It doesn't help either:
Baisc Auth settings for Proxy in postman
I tried all the things in native app but it's not working.
The workaround is to use Chrome extension for Postman.
Please refer the steps below:
1.> Search for Postman Interceptor chrome extension
2.> Install the extension
3.> Launch postman extension
4.> Login using your google account Or register an account in postman.
5.> When you try to login, pop appear in which proxy userid and password needs to be entered.
6.> Once proxy settings has been updated, send the request. You should receive expected response back.
Happy coding :)
Today I faced the problem that (suddenly) the SAP Gateway stopped acceppting CSRF tokens issued by himself.
Checked the network trace, everything is fine. The Client gets a token using GET Method and the HTTP Header
X-CSRF-Token: Fetch
receiving one, followed by an immediate POST request using the received Token and getting a 403 Forbidden status with response Body "CSRF Token could not be verified" (or similar)
By default, the CSRF Protection is only enabled over HTTPS in SAP Netweaver Gateway. How to enable CSRF over HTTP (and why not to do so) is described in the following SAP Note:
1896961 - HTTP/HTTPS Configuration for SAP NetWeaver Gateway
The important bit of the Note:
... set the instance profile parameter login/ticket_only_by_https to 0...