/api/auth/tokens and /api/auth/refresh_tokens seem to be broken
dmspils opened this issue · comments
Having just launched a vanilla build of purify, I instantly see a console warning as soon as I launch the app:
Failed to load resource: the server responded with a status of 401 ()- /api/auth/refresh_token:1
The associated refresh_token
cookie is not written either.
Exploring this some more via curl, I cannot execute a command against the api which provides a valid response.
Executing:
curl https://<my_fqdn>/api/auth/token -d username="username" -d password="password" -H "Content-Type: text/plain"
Returns:
{"statusCode":401,"message":"Unauthorized"}
I tested this with your deployed heroku instance and find the same:
curl https://purify-demo.herokuapp.com/api/auth/token -d username="username" -d password="password" -H "Content-Type: text/plain"
Response:
{"statusCode":401,"message":"Unauthorized"}
The only difference between your heroku instance and mine is that the refresh_token
cookie is written and the endpoint does return a 200 on your heroku instance.
Note that in both, username and password are set to the values that do work via the UI so it is not a credential issue.
Send it as JSON:
curl --header "Content-Type: application/json" \
--request POST \
--data '{"username":"xyz","password":"xyz"}' \
https://purify-demo.herokuapp.com/api/auth/token
And you will get the following response:
{"statusCode":401,"message":"Invalid username/password","error":"Unauthorized"}
Regarding refresh_token
cookie, did you set DOMAIN
variable within .env file as described here?
Ahhhh you were right, I had modded .env.custom
but was still calling the default .env.example
from docker-compose.yml
. My bad, it now works, thanks for the help.