Unauthorized Access after Issuing both basic_auth and token_auth credentials

miguelgrinberg / microblog-api

A modern (as of 2024) Flask API back end.

MIT License

367 stars 99 forks source link

Unauthorized Access after Issuing both basic_auth and token_auth credentials #1

Closed collinsmarra closed 2 years ago

collinsmarra commented 2 years ago

Hi, I am running this project and trying to learn some new things. I love how you wrote this project.

So, I tried to run this project and changed APIFAIRY_UI to swagger_ui so that I can test the endpoints locally. After basic registration with /api/users endpoint, I went and clicked ###Authorize "icon" in swagger ui and entered my basic_auth credentials. I then went to /api/tokens with a POST request to get the tokens for authentication. I went back to Authorize icon in swagger ui to enter token_auth credentials given for /api/tokens endpoint.

I then went back to Users where I tried to access the endpoints that require token based authentication. But every time I am getting Unauthorized error from flask backend. I could be missing something and I would like to get some help to get HTTP 200 response code.

Much thanks

miguelgrinberg commented 2 years ago

@collinsmarra I really have no control over how Swagger UI implements auth, so if this is a problem with that specific UI, then I have no way to help.

My recommendation is that you try to send requests with curl or Python, so that we remove the third-party UI from the equation. If you cannot authenticate with curl/Python, then that is definitely a problem, but I doubt this is the case since I'm using this project pretty much every day as a dependency and have no auth issues.

collinsmarra commented 2 years ago

Thanks for responding,

I tried this with curl but I couldn't get a different response code from the endpoints restricted with tokens.

However, I can create the tokens

miguelgrinberg commented 2 years ago

You have to pass the access token as a string for auth, not a JSON payload containing access and refresh tokens.

-H 'Authorization: Bearer ey...'

collinsmarra commented 2 years ago

Thank you for helping,

@collinsmarra I really have no control over how Swagger UI implements auth, so if this is a problem with that specific UI, then I have no way to help.

My recommendation is that you try to send requests with curl or Python, so that we remove the third-party UI from the equation. If you cannot authenticate with curl/Python, then that is definitely a problem, but I doubt this is the case since I'm using this project pretty much every day as a dependency and have no auth issues.

New Edit I provided swagger ui with the json payload

{"access_token": "...", "refresh_token": "..."}

and I had the problem with authenticating.