I'm currently trying to integrate the notify_push functionality into the NextcloudServices App for Android. Using the username/password authentication works fine. However, I do have some issues obtaining a token using the pre-authorization mechanism. In detail, sending an authenticated request to the pre_auth endpoint (/apps/notify_push/pre_auth) via the Nextcloud singlesignon API fails with the http status code 412 and the error message "CSRF check failed".
As shown in the code example, I would expect to POST an authenticated request to the endpoint obtained from the capability-endpoint to receive the token that I can then use to create the websocket connection.
import com.nextcloud.android.sso.aidl.NextcloudRequest;
import com.nextcloud.android.sso.api.NextcloudAPI;
Map<String, List<String>> header = new HashMap<>();
LinkedList<String> values = new LinkedList<>();
values.add("application/json");
header.put("Accept", values);
header.put("Content-Type", values);
NextcloudRequest request = new NextcloudRequest.Builder().setMethod("POST")
.setUrl(Uri.encode("/apps/notify_push/pre_auth", "/"))
.setHeader(header)
.build();
API.performNetworkRequest(request);
It would be great if you could help me on how the pre_auth mechanism is supposed to work to obtain the required token. The notes for developers simply state that I should make an authenticated request to the endpoint to obtain the token.
Hello.
I'm currently trying to integrate the notify_push functionality into the NextcloudServices App for Android. Using the username/password authentication works fine. However, I do have some issues obtaining a token using the pre-authorization mechanism. In detail, sending an authenticated request to the pre_auth endpoint (/apps/notify_push/pre_auth) via the Nextcloud singlesignon API fails with the http status code 412 and the error message "CSRF check failed".
As shown in the code example, I would expect to POST an authenticated request to the endpoint obtained from the capability-endpoint to receive the token that I can then use to create the websocket connection.
It would be great if you could help me on how the pre_auth mechanism is supposed to work to obtain the required token. The notes for developers simply state that I should make an authenticated request to the endpoint to obtain the token.
Best, freeflyk.