dosubot[bot]
commented
3 weeks ago To resolve the 403 Forbidden error when creating a custom tool with Open API Spec and adding authentication with a Bearer token in Dify version 0.7.0, ensure that you correctly configure the authentication settings. Here is how you can set it up:
-
Set the Authorization Method:
- Go to the
authMethodsection. - Choose the
bearertype underauthHeaderPrefix.
- Go to the
-
Configure the Authorization Header:
- Set the
keytoAuthorization(or a custom value if required). - Set the
valuetoBearer <your_token>.
- Set the
Here is an example configuration:
const customToolConfig = {
authMethod: {
title: 'Authorization method',
type: 'Authorization type',
keyTooltip: 'Http Header Key, You can leave it with "Authorization" if you have no idea what it is or set it to a custom value',
types: {
none: 'None',
api_key: 'API Key',
apiKeyPlaceholder: 'HTTP header name for API Key',
apiValuePlaceholder: 'Enter API Key',
},
key: 'Authorization',
value: 'Bearer <your_token>',
},
authHeaderPrefix: {
title: 'Auth Type',
types: {
basic: 'Basic',
bearer: 'Bearer',
custom: 'Custom',
},
},
};Ensure that the token you are using is valid and has the necessary permissions to access the resources you are trying to reach. Additionally, make sure that the OpenAPI schema is correctly defined and that the endpoint you are trying to access is correctly specified in the tool configuration [1][2].
To continue talking to Dosu, mention @dosu.
crazywoola
andsty
myrulezzz
Self Checks
Dify version
0.7.0
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
Create a custom tool with Open API Spec and adding authendication Basic, Header is Authorization and key is added as Bearer {base64key}== and i alway get forbidden 403 error. I have try the same setup from postman with the same key and is working. Am i missing something?
✔️ Expected Behavior
When testing the endpoint it should return a response
❌ Actual Behavior
Reached maximum retries (3) for URL if i go to dify api logs i see error 2024-08-19 12:33:57,697.697 WARNING [Dummy-36] [ssrf_proxy.py:45] - Request to URL https://xxxxxxx:8110/api/checkAddressCoverage/getAddressInfoByPostalCode failed on attempt 2: 403 Forbidden