search

dunglas / vulcain

🔨 Fast and idiomatic client-driven REST APIs.
https://vulcain.rocks
GNU Affero General Public License v3.0
3.5k stars 106 forks source link

Stateless authorization on preload requests #117

Open SherinBloemendaal opened 11 months ago

SherinBloemendaal commented 11 months ago

Hello,

I could not find any documentation about stateless authorization, for example when using the lexik-jwt-authentication-bundle in combination with API-platform. We are getting a 401 Unauthorized on the preload responses, is this expected behaviour or not?

My code:

const bookResp = await fetch("/api/books", {
        "headers": {
            "accept": "application/ld+json",
            "accept-language": "en,nl;q=0.9",
            "authorization": "Bearer " + token,
            "preload": "\"/hydra:member/*/author\"",
            "fields": "\"/hydra:member/*/author/name\"",
        },
        "referrer": "https://localhost/api",
        "referrerPolicy": "strict-origin-when-cross-origin",
        "method": "GET",
        "credentials": "include"
    });
    const bookJSON = await bookResp.json();
    console.log(bookJSON)

    for (const book of bookJSON['hydra:member']) {
        const author = await fetch(book.author, {
            "headers": {
                "accept": "application/ld+json",
                "authorization": "Bearer " + token,
            },
            "method": "GET",
            "referrer": "https://localhost/api",
            "referrerPolicy": "strict-origin-when-cross-origin",
            "method": "GET",
            "credentials": "include"
        });
        console.log(await author.json());
    }