Need help with setting bearer token in the header.

Stiffstream / restinio

Cross-platform, efficient, customizable, and robust asynchronous HTTP(S)/WebSocket server C++ library with the right balance between performance and ease of use

Other

1.13k stars 92 forks source link

Need help with setting bearer token in the header. #152

Closed faizol closed 2 years ago

faizol commented 2 years ago

Hi,

I'm trying to set jwt token but I'm not sure if the method below is the right way to get the token from the header.

I'm setting the token like this;

        req->create_response()
            .append_header_date_field()
            .append_header(restinio::http_field::authorization,"Bearer "+newtoken)
            .....

and trying to read it like this;

    using namespace restinio::http_field_parsers::bearer_auth;
    const auto auth_params = try_extract_params(*req, restinio::http_field::authorization);
    if(auth_params) {
        const std::string & token = auth_params->token;
        std::cout << "token : " << token << std::endl;
    }

Is that the right way to get the token?

Thanks.

eao197 commented 2 years ago

Hi! Yes, it looks like the right way.

faizol commented 2 years ago

Hi,

Thanks for the reply. I can't seems to get to extract the Bearer token coz auth_params.has_value() always returns false. The auth Bearer was set and has value when I checked it using http Header Live addon on Firefox.

Any pointers on how should I proceed to get the Bearer token?

Thank you very much.

eao197 commented 2 years ago

I don't use bearer auth by myself, tools for working with this type of auth were contributed by @prince-chrismc , maybe he can help here.

Anyway, try_parse_params returns expected<params_t, extraction_error_t>. If you can't get the params_t then you can examine extraction_error_t instance. Maybe it provides some useful information.

faizol commented 2 years ago

Thank you very much. I think I have found my problem. The token should be refreshed when navigating from one page to another as the token is not persistent, right? So if the previous page doesn't set the token in the header, then it won't be read by the next page. But I will contact @prince-chrismc to confirm what I mentioned above is the problem.

Another question. What's the best way to redirect a page to another page from within restinio? What I do now is to embed javascript in a body response.

Thank you again for your time, cheers.

faizol commented 2 years ago

I'll close this for now, thank you again.

eao197 commented 2 years ago

What's the best way to redirect a page to another page from within restinio?

What do you mean under "redirect a page"? The use of HTTP Status Code 30x, like 301 "Moved Permanently"?

prince-chrismc commented 2 years ago

Some note how I implemented the client workflow,

a GET endpoint which sends the user to the "form submission"
- returns 301 to the auth service (fills in callback uri)
- backend gets a token on the users behalf
All other endpoints use the code in https://github.com/Stiffstream/restinio/issues/152#issue-991363698
- I use https://github.com/Thalhammer/jwt-cpp for working with JWT (shameless plug)
- Plus I have special application logic

prince-chrismc commented 2 years ago

The token should be refreshed when navigating from one page to another as the token is not persistent, right? So if the previous page doesn't set the token in the header, then it won't be read by the next page

According to best practices, you should save the JWT securely in the application... which has a short expiration and you only need to refresh at the half life =)