search

realm / realm-object-server

Tracking of issues related to the Realm Object Server and other general issues not related to the specific SDK's
https://realm.io
293 stars 42 forks source link

Authentication issue: The provided credentials are invalid or the user does not exist #437

Open lacklock opened 4 years ago

lacklock commented 4 years ago

Goals

using correct ACCESS_TOKEN.TOKEN to query data

Expected Results

Success

Actual Results

Access token request

POST /auth HTTP/1.1
Content-Type: application/json; charset=utf-8
Cookie: INGRESSCOOKIE=a286c04f69f21a6977d4c309021183b3
Host: mobile-log.us1a.cloud.realm.io
Connection: close
User-Agent: Paw/3.1.9 (Macintosh; OS X/10.15.3) GCDHTTPRequest
Content-Length: 765

{"app_id":"io.realm.Auth","provider":"realm","data":RefreshToken ,"path":"/default"}

image

Schema request

https://mobile-log.us1a.cloud.realm.io/graphql/schema/default

GET /graphql/schema/default HTTP/1.1
Authorization:  Token
Cookie: INGRESSCOOKIE=a286c04f69f21a6977d4c309021183b3
Host: mobile-log.us1a.cloud.realm.io
Connection: close
User-Agent: Paw/3.1.9 (Macintosh; OS X/10.15.3) GCDHTTPRequest

Response

HTTP/1.1 401 Unauthorized
Date: Tue, 17 Mar 2020 09:08:57 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 250
Connection: close
Access-Control-Allow-Origin: *
ETag: W/"fa-epKhMUPW/YtdPagazS+IuqIjNmc"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization

{"type":"https://docs.realm.io/server/troubleshoot/errors#invalid-credentials",
"title":"The provided credentials are invalid or the user does not exist.",
"status":401,"
detail":"The access token doesn't grant access to the requested path.","code":611}

Steps to Reproduce

I want to using graphQL execute query. I have a admin account user. I want to query from the default realm, path is /default .

Post body is: { "app_id":"", "provider":"realm", "data":"REFRESH_TOKEN.TOKEN", "path":"/default" }

But when using the response token put in the Authorization header send request, it will response 401:

{"type":"https://docs.realm.io/server/troubleshoot/errors#invalid-credentials","title":"The provided credentials are invalid or the user does not exist.","status":401,"detail":"The access token doesn't grant access to the requested path.","code":611}

nirinchev commented 4 years ago

Please post all requests you're making as well as the responses you're getting (feel free to obscure the credentials).

nirinchev commented 4 years ago

You're sending the request to the wrong endpoint. The route after /graphql is interpreted as the Realm path, so you're trying to query a Realm called /schema/default with a token that grants you access to /default. If you're trying to get the schema of your Realm, the correct way to do it is via the regular GraphQL query API. You can issue a GraphQL request like:

query {
  __schema {
    types {
      name
      fields {
        name
      }
    }
  }
}

That still needs to be sent to /graphql/default like all other queries/mutations affecting that Realm.

lacklock commented 4 years ago

image

Using query schema on other realm instance is working. But query on /default realm is always reponse 503.

"{\"type\":\"https://docs.realm.io/server/troubleshoot/errors#service-unavailable\",
\"title\":\"The requested service is temporarily unavailable.\",
\"status\":503,\"code\":802}"
lacklock commented 4 years ago

Why doc says schema endpoint path is /graphql/schema/:path, I thought it means post to endpoint could get schema. image

nirinchev commented 4 years ago

The docs seem to be outdated.