JWT authorization only?
papamuziko opened this issue · comments
Hello,
I'm currently testing this Gem for accessing the Smooch API, mainly the post_messages
feature, but I'm realizing only the JWT authorization works.
At the beginning, I was configuring only the Basic Authentication (as described in the Readme):
SmoochApi.configure do |config|
config.username = 'API_KEY_ID'
config.password = 'API_KEY_SECRET'
end
But all my requests failed: SmoochApi::ApiError: Unauthorized
After some debugging, I found that: the request (made by build_request in SmoochApi::ApiClient) had the header Authorization
set to nil
(which now is making sense for the Unauthorized
error). So I looked deeper and this Authorization
header is set by the method update_params_for_auth! which is taking as argument a list of "authorization methods" I guess. And in the method post_message_with_http_info, you can see line 336 this code: auth_names = ['basicAuth', 'jwt']
=> which means: to use/try both authentication methods.
But, in update_params_for_auth!, the authentication method is skipped if not found in the configuration, but this default configuration sets both here - which means, the next unless auth_setting
in update_params_for_auth! is not enough, because only the last value of auth_names
will be used: jwt
It can be fixed by checking if the value of the authentication method is not nil
- like by replacing next unless auth_setting
by `next if auth_setting.nil? || auth_setting[:value].nil?.
Let me know if I'm missing something, and/or if you want me to do a PR for that.
Thank you very much
Thanks for the report, and the detailed investigation! This should be fixed in the latest version 5.24.1