eclipse-edc / MinimumViableDataspace

Guidance on documentation, scripts and integration steps on using the EDC project results
Apache License 2.0
61 stars 169 forks source link

Missing header entries in Postman collection #347

Closed nikschul closed 2 months ago

nikschul commented 2 months ago

Bug Report

Describe the Bug

Some requests inside the Postman collection are missing the required X-Api-Key header entry and therefore get a 401 Unauthorized response.

Expected Behavior

A 200 OK response.

image

Observed Behavior

A response with 401 Unauthorized on requests "Get Cached Catalogs", "Initiate Transfer" or "Get Transfer Process".

image

Steps to Reproduce

Steps to reproduce the behavior:

  1. Execute the REST requests "Get Cached Catalogs", "Initiate Transfer" or "Get Transfer Process" from step 7) of the README.md

Context Information

Detailed Description

Possible Implementation

The requests "Get Cached Catalogs", "Initiate Transfer" und "Get Transfer Process" don't have any headers at all. Adding the header X-Api-Key: password fixed the problem. The request "Initiate Negotiation" is missing the header Content-Type: application/json which would also be meaningful as the request body contains a JSON like the other requests, but is not strictly necessary.

nikschul commented 2 months ago

I could provide a fix for the issue by opening a PR.

paullatzelsperger commented 2 months ago

The "Authorization" configuration is done on collection level, which is was causes the X-API-Key header to be added to all requests. I saw that some requests also have the X-Api-Key header defined explicitly, which is incorrect, because it overrides the collection-level config.

I think authorization should be defined at collection level, not individually per request.

Similarly, the Content-Type header could be configured with a collection-level pre-request script.