Closed omarcinkonis closed 4 months ago
On it
Strange, it's working as expected. Did you try decoding the API_KEY using base64 decode to check if decoding produces a valid cookie string?
It seems that I was testing with an old version, therefore my key was not encoded. I suppose keys are encoded during login now? Or is the user supposed to use base64 encode while creating Rettiwt? I wonder - what is the benefit of encoding the data?
I suppose keys are encoded during login now?
Yes, the API_KEY returned is now always encoded as base64
is the user supposed to use base64 encode while creating Rettiwt?
No the doesn't need to to any encoding/decoding. The key is generated as base64 encoded and the encoded key is automatically decoded by Rettiwt when used.
what is the benefit of encoding the data?
Tbf, it just makes it pretty. A full cookie string, along with all it's semicolons and other symbols is often confusing. So encoding it as base64 takes away that confusion and gives a concise string which we can call as API_KEY.
Got it. Maybe it would make sense to catch this error and specifically state the problem so that it would be easier to find the solution for users who upgrade the version.
For now I guess the first step is to pin this thread so that whoever faces this issue, gets to know the real deal.
Problem
Making requests results in this error:
Console shows: Invalid cookie header encountered. Header: '['
Solution
Rettiwt apiKey must be encoded using base64. Do not use web encoders to avoid exposing your key.