Unauthorized Access after Issuing both basic_auth and token_auth credentials

Question

Unauthorized Access after Issuing both basic_auth and token_auth credentials

collinsmarra opened this issue 2 years ago · comments

Hi, I am running this project and trying to learn some new things. I love how you wrote this project.

So, I tried to run this project and changed APIFAIRY_UI to swagger_ui so that I can test the endpoints locally.
After basic registration with /api/users endpoint, I went and clicked ###Authorize "icon" in swagger ui and entered my basic_auth credentials. I then went to /api/tokens with a POST request to get the tokens for authentication. I went back to Authorize icon in swagger ui to enter token_auth credentials given for /api/tokens endpoint.

I then went back to Users where I tried to access the endpoints that require token based authentication.
But every time I am getting Unauthorized error from flask backend. I could be missing something and I would like to get some help to get HTTP 200 response code.

Much thanks

Miguel Grinberg · Answer 1 · Tue Jan 18 2022 21:53:27 GMT+0800 (China Standard Time)

@collinsmarra I really have no control over how Swagger UI implements auth, so if this is a problem with that specific UI, then I have no way to help.

My recommendation is that you try to send requests with curl or Python, so that we remove the third-party UI from the equation. If you cannot authenticate with curl/Python, then that is definitely a problem, but I doubt this is the case since I'm using this project pretty much every day as a dependency and have no auth issues.

Collins · Answer 2 · Wed Jan 19 2022 14:45:45 GMT+0800 (China Standard Time)

Thanks for responding,

I tried this with curl but I couldn't get a different response code from the endpoints restricted with tokens.

However, I can create the tokens

Miguel Grinberg · Answer 3 · Wed Jan 19 2022 15:27:21 GMT+0800 (China Standard Time)

You have to pass the access token as a string for auth, not a JSON payload containing access and refresh tokens.

-H 'Authorization: Bearer ey...'

Collins · Answer 4 · Wed Jan 19 2022 16:24:04 GMT+0800 (China Standard Time)

Thank you for helping,

@collinsmarra I really have no control over how Swagger UI implements auth, so if this is a problem with that specific UI, then I have no way to help.

My recommendation is that you try to send requests with curl or Python, so that we remove the third-party UI from the equation. If you cannot authenticate with curl/Python, then that is definitely a problem, but I doubt this is the case since I'm using this project pretty much every day as a dependency and have no auth issues.

New Edit
I provided swagger ui with the json payload

{"access_token": "...",
"refresh_token": "..."}

and I had the problem with authenticating.