I'm creating a project where users need to able to log in to their account and see some data. I'm creating a windows application with unity, so from what I understood from researching, I have to use the firebase RestAPI, not the SDK. I managed to use the realTime database but I'm struggling with the authentication side of things.
I followed this tutorial and used the documentation for signing up users into firebase with the RestAPI. I keep getting a 400 (Bad Request) error. I found this post, where the solution was to use a strong password, but that didn't work.
Since I'm using a not so reliable unity c# package as a client, I tested my code with nodeJs as well. Same error.
My code:
C#
private void SignUpUser(string email, string username, string password)
{
string userData = "{\"email\":\"" + email + "\",\"password\":\"" + password + "\",\"returnSecureToken\":true}";
// Content type is json by default
RestClient.Post<SignResponse>("https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=" + AuthKey, userData).Then(
response =>
{
Debug.Log("Success");
}).Catch(error =>
{
Debug.Log(error);
});
}
Javascript
const axios = require("axios");
axios
.post(
'https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=' + API_KEY,
{
email: "myEmddail#example",
password: "superStrongzi344##",
returnSecureToken: true,
},
{
'Content-Type': 'application/json',
}
)
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});
Part of response:
response:
{ status: 400,
statusText: 'Bad Request',
headers:
{ expires: 'Mon, 01 Jan 1990 00:00:00 GMT',
pragma: 'no-cache',
date: 'Sun, 10 May 2020 21:09:52 GMT',
'cache-control': 'no-cache, no-store, max-age=0, must-revalidate',
vary: 'X-Origin, Referer, Origin,Accept-Encoding',
'content-type': 'application/json; charset=UTF-8',
server: 'ESF',
'x-xss-protection': '0',
'x-frame-options': 'SAMEORIGIN',
'x-content-type-options': 'nosniff',
'alt-svc':
'h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"', 'accept-ranges': 'none',
connection: 'close',
'transfer-encoding': 'chunked' },
config:
{ url:
'https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=API_KEY',
method: 'post',
data:
'{"email":"myEmddail#example","password":"superStrongzi344##","returnSecureToken":true}',
Is there anything I'm missing?
Thanks
Try enabling registering with e-mail in your firebase console. Also the c# library you're using doesn't seem very reliable and might not be well suited for error handling, I would suggest the native System.net.http library that's built in. An example of a request:
using System.Net.Http;
private static readonly HttpClient client = new HttpClient();
var values = new Dictionary<string, string>
{
{ "thing1", "hello" },
{ "thing2", "world" }
};
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync("http://www.example.com/recepticle.aspx", content);
var responseString = await response.Content.ReadAsStringAsync();
Related
I'm getting the following error:
WebPushError: Received unexpected response code
at IncomingMessage.<anonymous> (/Users/sepp/.../node_modules/web-push/src/web-push-lib.js:347:20)
at IncomingMessage.emit (node:events:406:35)
at endReadableNT (node:internal/streams/readable:1331:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
statusCode: 401,
headers: {
'content-type': 'text/plain; charset=utf-8',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '0',
date: 'Wed, 01 Feb 2023 19:57:43 GMT',
'content-length': '40',
'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
connection: 'close'
},
body: 'authorization header must be specified.\n',
endpoint: 'https://fcm.googleapis.com/fcm/send/duj-etc-etc
The code involved is:
import * as webPush from "web-push";
const subDetails = {
endpoint: "https://fcm.googleapis.com/fcm/send/duja6etc-etc",
expirationTime: null,
keys: {
p256dh: "BHtwM-etc-etc",
auth: "aYkx0etc-etc"
}
}
await webPush.sendNotification(subDetails, "test message", );
I found this issue on Github, and there was some debilitation as to whether or not it has to do with the environment. I am running my front-end page and back-end server both locally. There is a 'x-frame-options': 'SAMEORIGIN' header in the response.
As you can see from the code above, I do not have VAPID set up.
If I use console.log(webPush.generateRequestDetails(pushSub.details, args.msg)) to see what the headers and body of the request are, I get the following details, which show that the auth header is not set:
{
method: 'POST',
headers: {
TTL: 2419200,
'Content-Length': 121,
'Content-Type': 'application/octet-stream',
'Content-Encoding': 'aes128gcm'
},
body: <Buffer ....>,
endpoint: 'https://fcm.googleapis.com/fcm/send/duj-etc-etc'
}
Questions
Are there any special requirements for localhost stuff?
What does it take for auth headers to be included?
EDIT: The browser I'm using is Opera GX. I did find a browser support table, which says that opera does not yet support push on desktop. The error still seems to imply something else may be the issue. Testing in Firefox Dev Edition, it works! Unfortunately, in Chrome the same exact error as Opera GX is given.
The issue is two-fold.
Issue #1: Opera GX does not support push notifications on desktop. Check this table for details on your browser.
Issue #2: For any push services which use a https://fcm.googleapis.com/fcm/send/ endpoint, you'll need auth headers. To create them, you'll need a VAPID. Here's how to set that up in web-push:
Create your public and private keys in command line (you many need to do ./node_modules/.bin/web-push instead):
$ web-push generate-vapid-keys --json
Store the private key somewhere safe only your server can get to it. Public key will be needed by both front and back end.
Update your code to generate auth headers and add them to the request
import * as webPush from "web-push";
const subDetails = {
endpoint: "https://fcm.googleapis.com/fcm/send/duja6etc-etc",
expirationTime: null,
keys: {
p256dh: "BHtwM-etc-etc",
auth: "aYkx0etc-etc"
}
}
const VAPID = {
publicKey: "lalalla-etc-etc-put-anywhere",
privateKey: "lCRVkwS-etc-etc-put-somewhere-safe"
}
const parsedUrl = new URL(subDetails.endpoint);
const audience = `${parsedUrl.protocol}//${parsedUrl.hostname}`;
// technically, the audience doesn't change between calls, so this can be cached in a non-minimal example
const vapidHeaders = webPush.getVapidHeaders(
audience,
'mailto: example#web-push-node.org',
VAPID.publicKey,
VAPID.privateKey,
'aes128gcm'
);
await webPush.sendNotification(subDetails, "test msg", {
headers: vapidHeaders
});
The code above should work fine in chrome and firefox. Let me know if this minimal example needs more for some other browser.
I am trying to connect a WebAPI build using .Net core 5
Web API: method
// POST api/<BusController>
//[EnableCors("AllowAllHeaders")]
[HttpPost]
public JsonResult Post([FromBody]BusRequest busRequest)
{
var result = "Response Text";
return new JsonResult(result);
//return result;
}
Angular 13 Code
const busRequest = {
"StartDate" : "02/15/2022",
"EndDate": "02/17/2022",
"BusNo" :null
};
**Approach 1:**
const header = new HttpHeaders();
header.set('Content-Type', 'application/x-www-form-urlencoded;application/json; charset=utf-8');
header.set('Accept','application/json');
const options = {headers: new HttpHeaders({'Content-Type': 'application/x-www-form-urlencoded;application/json; charset=utf-8', 'Accept': 'application/json'}),
observe: 'response' as 'response',
responseType: 'json' as 'json',
body: busRequest};
this.http.request('post', 'http://localhost:55047/api/bus', options).subscribe();
**Approach 2:**
let headers = new HttpHeaders({'Content-Type': 'application/x-www-form-urlencoded;application/json; charset=utf-8', 'Accept': 'application/json'});
this.http.post('http://localhost:55047/api/bus', JSON.stringify(Request), {headers: headers}).subscribe(data => {
console.log(data);
});
But nothing works.
Response is:
tatus: 415
title: "Unsupported Media Type"
traceId: "00-403257012c151a469a0e24b083d61d62-56ac63710daf8c45-00"
type: "https://tools.ietf.org/html/rfc7231#section-6.5.13"
Did anyone faced the similar problem?
I'm running TestCafe for UI automation, using ClientFunctions to trigger API requests (so that I can pass along session cookies).
Currently I have a ClientFunction with fetch which works fine... except we're now testing IE 11 and Fetch is unsupported.
Fetch code:
const fetchRequestClientFunction = ClientFunction((details, endpoint, auth, method) => {
return window
.fetch(endpoint, {
method,
credentials: 'include',
headers: new Headers({
accept: 'application/json',
'Content-Type': 'application/json',
}),
body: JSON.stringify(details),
})
.then(httpResponse => {
if (httpResponse.ok) {
return httpResponse.json();
}
return {
err: true,
errorMessage: `There was an error trying to send the data ${JSON.stringify(
details
)} to the API endpoint ${endpoint}. Status: ${httpResponse.status}; Status text: ${httpResponse.statusText}`,
};
});
});
However when I try to switch it to axios... not so much:
import axios from 'axios';
const axiosRequest = ClientFunction((details, endpoint, auth, method) => {
return axios({
method,
auth,
url: endpoint,
data: details,
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
timeout: 3000,
})
.then(httpResponse => {
if (httpResponse.status < 300) return httpResponse;
return {
err: true,
errorMessage: `There was an error trying to send the data ${JSON.stringify(
details
)} to the API endpoint ${endpoint}. Status: ${httpResponse.status}; Status text: ${httpResponse.statusText}`,
};
});
});
Tried using window.axios, and also passing axios as a dependency. I've also tried making the axios request without the ClientFunction... and despite getting response of 200, the website wasn't updated as expected.
Each time I either get _axios2 is not defined or window.axios is not a function. I would greatly appreciate some guidance here.
TestCafe ClientFunctions allow only serializable objects as dependencies. You need to have axios on the client side to send such a request.
Dears,
I've followed https://stormpath.com/blog/token-authentication-asp-net-core
to authenticate the user for my web apis
I managed to create a successful access-token when calling api/token
My problem is the use of [Authorize], authorize filter didn't get that my user has a valid token, although HeaderAuthorization and HeaderExpries have been set.
function getValues()
{
$.ajax({
url: "http://localhost:48146/api/values",
headers: { 'Authorization': 'Basic ' + accessToken, Expires: tokenExpires },
method: "GET",
context: document.body,
success: function (data) {
alert(data);
}
});
}
Did I passed a wrong header?
Based on the tutorial you followed you should pass a bearer authorization header, not a basic authorization header:
headers: { 'Authorization': 'bearer' + accessToken, Expires: tokenExpires },
I've figured out 2 problems
as #user1336 said in header I had theaders: { 'Authorization': 'bearer' + accessToken, Expires: tokenExpires },
I had to call ConfigureAuth(app) before app.UseMvc(); in Startup.css
I'm trying to create an Angular2 SPA consuming a .NET Core Web API protected using OpenIdDict, with credentials flow. In creating a repro solution for this issue, I have also detailed all my steps in a readme, so hope this post can be useful to newbies like me. Please find the full repro solutions in these repositories:
server-side (.NET Core + OpenIdDict), with detailed instructions to build your own: https://github.com/Myrmex/repro-oidang
client-side (Angular2): https://github.com/Myrmex/repro-angoid
As for the server side, I followed the sample provided by OpenIdDict about this flow (https://github.com/openiddict/openiddict-samples/blob/master/samples/PasswordFlow). Here are the most relevant bits in Startup:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddEntityFrameworkSqlServer()
.AddDbContext<CatalogContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("Catalog")))
.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("Catalog")));
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddOpenIddict<ApplicationDbContext>()
.DisableHttpsRequirement()
.EnableTokenEndpoint("/connect/token")
.EnableLogoutEndpoint("/connect/logout")
.EnableUserinfoEndpoint("/connect/userinfo")
.AllowPasswordFlow()
.AllowRefreshTokenFlow()
.AddEphemeralSigningKey();
services.AddMvc()
.AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver =
new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver();
});
// add my services
// ...
services.AddTransient<IDatabaseInitializer, DatabaseInitializer>();
services.AddSwaggerGen();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env,
ILoggerFactory loggerFactory,
IDatabaseInitializer databaseInitializer)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
loggerFactory.AddNLog();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseCors(builder =>
builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowAnyMethod());
app.UseOAuthValidation();
app.UseOpenIddict();
app.UseMvc();
databaseInitializer.Seed().GetAwaiter().GetResult();
env.ConfigureNLog("nlog.config");
app.UseSwagger();
app.UseSwaggerUi();
}
If I test it with Fiddler, it works fine: the token request gets the token, and I can then include it in the Authorization header to access any protected API, which returns JSON data as expected.
Sample token request:
POST http://localhost:51346/connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password&scope=offline_access profile email roles&resource=http://localhost:4200&username=...&password=...
Sample resource request:
GET http://localhost:51346/api/values
Content-Type: application/json
Authorization: Bearer ...received token here...
Yet, on the client side, whenever I try the same request I get a 401 error; looking at the log, it seems that Angular2 Http service is not sending the required header at all, as I get the error Authentication was skipped because no bearer token was received (see more log entries below).
A service retrieving some resources is like this:
import { Injectable } from '#angular/core';
import { Http, Response } from '#angular/http';
import { Observable } from 'rxjs/Observable';
import { SettingsService } from './settings.service';
import { AuthenticationService } from './authentication.service';
export interface ICategory {
id: string;
name: string;
}
#Injectable()
export class CategoryService {
constructor(
private _http: Http,
private _settings: SettingsService,
private _authService: AuthenticationService) { }
public getCategories(): Observable<ICategory[]> {
let url = this._settings.apiBaseUrl + 'categories';
let options = {
headers: this._authService.createAuthHeaders({
'Content-Type': 'application/json'
})
};
return this._http.get(url, options).map((res: Response) => res.json())
.catch((error: any) => Observable.throw(error.json().error || 'server error'));
}
}
Where the helper createAuthHeaders just gets some properties representing the Header (https://angular.io/docs/ts/latest/api/http/index/Headers-class.html) entries, retrieves the stored token, appends the Authentication entry to the header, and returns it:
public createAuthHeaders(headers?: { [name: string]: any }): Headers {
let auth = new Headers();
if (headers) {
for (let key in headers) {
if (headers.hasOwnProperty(key)) {
auth.append(key, headers[key]);
}
}
}
let tokenResult = this._localStorage.retrieve(this._settings.tokenStorageKey, true);
if (tokenResult) {
auth.append('Authentication', 'Bearer ' + tokenResult.access_token);
}
return auth;
}
Yet, this request gets a 401 response and then Angular throws when trying to mapping the response to a JSON object (Unexpected end of JSON input).
I must add that as soon as the client gets the token, it makes another request with it, to retrieve user info, and this works fine; here is it (see the code after get user info):
public login(name: string, password: string) {
let body = 'grant_type=password&scope=offline_access profile email roles' +
`&resource=${this._settings.appBaseUrl}&username=${name}&password=${password}`;
this._http.post(
this._settings.authBaseUrl + `token`,
body,
{
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded'
})
}).map(res => res.json())
.subscribe(
(token: ITokenResult) => {
if (token.expires_in) {
token.expires_on = this.calculateExpirationDate(+token.expires_in);
}
this._localStorage.store(this._settings.tokenStorageKey, token, true);
// get user info
this._http.get(this._settings.authBaseUrl + 'userinfo', {
headers: new Headers({
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + token.access_token
})
}).map(res => res.json())
.subscribe((info: IUserInfoResult) => {
let user: IUser = {
id: info.name,
email: info.email,
name: info.name,
firstName: info.given_name,
lastName: info.family_name,
role: info.role,
verified: info.email_verified
};
this._localStorage.store(this._settings.userStorageKey, user, true);
this.userChanged.emit(user);
}, error => {
console.log(error);
});
},
error => {
console.log(error);
});
}
Yet, any other request, built using the service above, fails. What's wrong with the headers built with the quoted function?
Here are some log entries on the server side:
2016-11-18 20:41:31.9815|0|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|DEBUG| Authentication was skipped because no bearer token was received.
2016-11-18 20:41:31.9815|0|OpenIddict.Infrastructure.OpenIddictProvider|INFO| The token request validation process was skipped because the client_id parameter was missing or empty.
2016-11-18 20:41:32.0715|0|AspNet.Security.OpenIdConnect.Server.OpenIdConnectServerMiddleware|INFO| No explicit audience was associated with the access token.
2016-11-18 20:41:32.1165|10|AspNet.Security.OpenIdConnect.Server.OpenIdConnectServerMiddleware|INFO| AuthenticationScheme: ASOS signed in.
2016-11-18 20:41:32.1635|3|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|INFO| HttpContext.User merged via AutomaticAuthentication from authenticationScheme: Bearer.
2016-11-18 20:41:57.7430|0|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|DEBUG| Authentication was skipped because no bearer token was received.
2016-11-18 20:41:57.7430|0|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|DEBUG| Authentication was skipped because no bearer token was received.
2016-11-18 20:41:57.8820|12|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|INFO| AuthenticationScheme: Bearer was challenged.
2016-11-18 20:41:57.9305|12|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|INFO| AuthenticationScheme: Bearer was challenged.
2016-11-18 20:41:57.9465|0|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|DEBUG| Authentication was skipped because no bearer token was received.
2016-11-18 20:41:57.9925|12|AspNet.Security.OAuth.Validation.OAuthValidationMiddleware|INFO| AuthenticationScheme: Bearer was challenged.
Your bearer token usage is incorrect.
auth.append('Authentication', 'Bearer ' + tokenResult.access_token) // wrong
auth.append('Authorization', 'Bearer ' + tokenResult.access_token) // right
The header needs to be Authorization. See https://www.rfc-editor.org/rfc/rfc6750#section-2.1