How can I authenticate by rest api oauth2

kfawcett · March 7, 2023, 5:23pm

Your first image is only showing the Response Headers. Please show the Request Headers which appear below the Response Headers.

umeshhodwala · March 7, 2023, 5:26pm

This is response in SC:

{“api”:{“status”:200,“headers”:{“server”:“openresty”,“date”:“Tue, 07 Mar 2023 17:22:18 GMT”,“content-type”:“application/json;charset=UTF-8”,“transfer-encoding”:“chunked”,“connection”:“close”,“vary”:“Origin, Access-Control-Request-Method, Access-Control-Request-Headers”,“x-frame-options”:“DENY”,“x-content-type-options”:“nosniff”,“x-xss-protection”:“1; mode=block”,“set-cookie”:[“JSESSIONID=3BE50B15AC6CFE373C3B0D865F0F6659; Path=/; HttpOnly”],“cache-control”:“no-store”,“pragma”:“no-cache”,“x-resolver-ip”:“103.217.220.249”,“strict-transport-security”:“max-age=15811200”},“data”:{“access_token”:“9R0Z7PaZd-uU4BFlW1jXU2q4ZP0”,“token_type”:“bearer”,“refresh_token”:“Q9VXYhxTqZ9mUek6NNgBOkZGTC0”,“expires_in”:43199,“scope”:“api”,“OAuth2.SESSION_ID”:“3BE50B15AC6CFE373C3B0D865F0F6659”}},

kfawcett · March 7, 2023, 5:28pm

I don’t think you are sending your Client ID and Client Secret in Authorization Header. That is probably why you’re getting a 401 unauthorized response.

kfawcett · March 7, 2023, 5:31pm

Also, what do you see in the Payload tab?

umeshhodwala · March 7, 2023, 5:32pm

It is set - 'Basic '+var1.value.encodeBase64()

where var1.value is client_id:secret

kfawcett · March 7, 2023, 5:33pm

It doesn’t seem to be working because we do not see the value in the Request Header’s Authorization.

umeshhodwala · March 8, 2023, 8:25am

Formatters were not ok, I defined formatters by this post and it is working-

However now i am getting 500 errors

I think the problem is how to pass grant_type etc in data. I checked with following variations-
grant_type=password
username=admin
password=admin

or body =grant_type=password&username=admin&password=admin

or Form data_type is not available in AC api action as in SC api action (where it is working)
regards

kfawcett · March 8, 2023, 1:39pm

This may be another bug in the AC API Action. @George can you confirm?

Your headers say that you’re sending this as application/x-www-form-urlencoded

But the Payload is formatting it as multipart/form-data, although it looks malformed because you shouldn’t see anything other than the key:value pairs unless you click “view source”.

Correctly formed data for multipart/form-data would look like this.

Since you’re sending as application/x-www-form-urlencodedyour payload should look like this, but it doesn’t for some reason.

grant_type=password&username:admin&password:admin

I’m curious if the SC API Action is honoring the application/x-www-form-urlencoded header you set or if it’s sending everything as multipart/form-data to your API.

umeshhodwala · March 8, 2023, 1:53pm

If I give grant_Type, username, password separately then the pay load is as below (This is how i am giving data in SC API action and its working) -

regards

kfawcett · March 8, 2023, 2:01pm

That still doesn’t appear properly formatted. What does it look like in Wappler?

umeshhodwala · March 8, 2023, 2:02pm

kfawcett · March 8, 2023, 2:10pm

What happens if you use an AC API form and put all of the fields inside of the form?

<form is="dmx-api-form" id="apiform1" method="post">
    <input name="grant_type" value="password">
    <input name="username" value="admin">
    <input name="password" value="admin">
</form>

umeshhodwala · March 8, 2023, 2:30pm

Same as in API Action, same error and same payload

kfawcett · March 8, 2023, 2:42pm

Are you still adding application/x-www-form-urlencoded? If so, can you remove it and see if that makes a difference?

kfawcett · March 8, 2023, 2:52pm

This is the weird part that I think is not being formatted properly by Wappler.

I think the “grant_type” should appear after name like this.
Content-Disposition: form-data; name="grant_type"

umeshhodwala · March 8, 2023, 4:32pm

Thanks @kfawcett, after removing content-type both api action and api form are working.

kfawcett · March 9, 2023, 1:51pm

So Wappler AC APIs do not work properly? They ignore the content-type being set and try to send everything as form-data.

patrick · March 9, 2023, 1:32pm

It depends on the Data Type that is set, Auto will convert the data to FormData, JSON will become a JSON object and Text will send use raw text. It will set the corresponding Content Type header which is needed.

If you overwrite the Content Type header you should use the Text data type and then set the body you want to send in the Text Data.

So if you want urlencoded you add the Content-Type header and set it to application/x-www-form-urlencoded. Set Data Type to Text and set Text Data to grant_type=password&username=admin&password=admin.

kfawcett · March 9, 2023, 3:48pm

It appears that Text Data is not dynamic.

patrick · March 9, 2023, 5:05pm

Seems we indeed don’t have a way to add dynamic text data. You can do it in codeview by prefixing the data attribute with dmx-bind:.

dmx-bind:data="grant_type=password&username={{username}}&password={{password}}"