token returned from get_readonly_token() does not authenticate

[ajbeach2]

My server side generation of read only tokens looks like the following:

from stream_django.client import stream_client
def jwt_response_payload_handler(token, user=None, request=None):
    user_feed_1 = stream_client.feed('user', str(user.id))
    readonly_token = user_feed_1.get_readonly_token()

    return {
        'token': token,
        'stream': str(readonly_token)
    }

JWT_AUTH = {
    'JWT_RESPONSE_PAYLOAD_HANDLER': jwt_response_payload_handler
}

My client side code looks like the following:

function setupStream (token, id) {
  var client = stream.connect('te5vptfdhrss', null, '10287')
  var user1 = client.feed('user', id, token)
  debugger
  function callback (data) {
    console.log(data)
  }

  function failCallback (data) {
    alert('something went wrong, check the console logs')
    console.log(data)
  }
  user1.get({ limit: 5, offset: 0 })
  .then(callback)
  .catch(failCallback)
  // user1.subscribe(callback).then(() => {}, failCallback)
}

I get an error message of the following:

{
    "code": null,
    "detail": "url signature missing or invalid",
    "duration": "10ms",
    "exception": "AuthenticationFailed",
    "status_code": 403
}

HOWEVER: if i change the token to be read/write, the client side code doesn't produce an error.

    readonly_token = user_feed_1.token

[tbarbugli]

can you attach information about the request from JS? (url, get params, headers) as well as the value of user.id server-side?

[ajbeach2]

Request

Request URL:https://api.getstream.io/api/v1.0/feed/user/1/?limit=5&offset=0&api_key=te5vptfdhrss&location=unspecified
Request Method:GET
Status Code:403 Forbidden
Remote Address:54.230.90.148:443

Reponse

HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 126
Connection: keep-alive
Access-Control-Allow-Origin: *
Allow: GET, POST, DELETE, HEAD, OPTIONS
Content-Encoding: gzip
Date: Fri, 06 May 2016 18:03:02 GMT
Server: nginx/1.4.6 (Ubuntu)
Vary: Accept
X-Cache: Error from cloudfront
Via: 1.1 650859fa2cd80d54569500386ec0cbcc.cloudfront.net (CloudFront)
X-Amz-Cf-Id: QGLpLNfj7Lm8zKyPal7EaWJ7UxPb7pY9j48xYid8AHY8tBOXcOZWvg==
Request

Request Headers

GET /api/v1.0/feed/user/1/?limit=5&offset=0&api_key=te5vptfdhrss&location=unspecified HTTP/1.1
Host: api.getstream.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Authorization: user1 b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rpb24iOiJyZWFkIiwicmVzb3VyY2UiOiIqIiwiZmVlZF9pZCI6InVzZXIxIn0.IfVux-ZWZAkWTCzgH0sBibRWhFpB9HEriVYtf-lSRAQ'
stream-auth-type: simple
Origin: http://localhost:8080
X-Stream-Client: stream-javascript-client-browser-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
accept: application/json
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

Query String params

limit:5
offset:0
api_key:te5vptfdhrss
location:unspecified

response body

{"code": null, "detail": "url signature missing or invalid", "duration": "7ms", "exception": "AuthenticationFailed", "status_code": 403}

The user.id server side is 1

[tbarbugli]

you are converting the readonly_token (bytes) into string incorrectly, the result is that you end up with its representation (which is almost the same except for the b'' wrap).

this change should get fix your problem:

str(readonly_token)

with:

readonly_token.decode("utf-8")

[ajbeach2]

Thank you. That fixed my issues. Should this be added to the documentation that it needs to be decoded in this way? Its confusing, because .token doesn't need to be decoded in this way, and .token is automatically serialized to json without decoding in this manner.

[tbarbugli]

next release does that, thank you for reporting this!