I am using pagekite.net for tunneling localhost to run my Django app
Now my tunnel url is something like "myapp.pagekite.me".
Now, when I simply run it in browser, its working. But its not working when I simply perform a GET request in python code.
import requests
requests.get("http://myapp.pagekite.me")
>>>401
Assuming that the 401 in your sample refers to an HTTP Response Code:
401 is Unauthorized
If you sent credentials they are either incorrect, or of insufficient privilege.
If you didn't send credentials, you are required to authenticate. Have a look for the WWW-Authenticate header in the response.
Related
I have set up an API using configured with auth protected endpoints as described in this excellent tutorial
https://blog.miguelgrinberg.com/post/restful-authentication-with-flask
My end user, however, wants to authenticate by passing a JSON and then remain authenticated until the session expires.
The current method of authentication uses headers, as in the tutorial
$ curl -u miguel:python -i -X GET http://127.0.0.1:5000/api/resource
HTTP/1.0 200 OK
Content-Type: application/json
Content-Length: 30
Server: Werkzeug/0.9.4 Python/2.7.3
Date: Thu, 28 Nov 2013 20:02:25 GMT
{
"data": "Hello, miguel!"
}
The users want to send the following instead
curl -L -X POST 'https://api.org/auth/?json={"client_id":"CLIENT ID","client_secret":"CLIENT SECRET","grant_type":"password"}' -H 'Content-Type: application/json'
There is clearly a way to authenticate once and remain authenticated because flask-restx endpoints display the attached image when you try to use an #auth.login_required decorated endpoint. Does anyone know what code this manual login code triggers and whether I can replicate the process by passing data received into an endpoint via JSON?
I have considered an internal redirect or curl-request but this seems unnecessarily clunky
manual login via API
The username/password prompt in your image is implemented by web browsers when the server uses the Basic Authentication method. If your client is not a web browser, then there is no user interface to request username and password, you have to implement that yourself.
Your assertion that "there is clearly a way" to authenticate and remain authenticated for the duration of the session is incorrect. The HTTP protocol is stateless, which means that every request stands on its own. You think that session authentication is possible because in some situations the data that you as a client are not providing is automatically inserted by the web browser or HTTP client. Examples:
When you log in to a website and then the website remembers who you are as you navigate from page to page, the browser is inserting a session cookie into all the requests that the client sends. The server writes information about the client in the session, so that it can recover it every time a request from the client is received.
When you use the username/password Basic Authentication solution that you referenced in your question, the browser saves the username and password that you entered, and inserts an Authorization header with them into all successive requests sent during the session. From the side of the server, every request comes with a username and a password and needs to be verified from scratch.
Finally, the JSON example that you show appears to be based on the OAuth protocol. This is a fairly extensive solution with many different flows. The one that you use in your example is the Password grant, in which the client passes username and password and receives an access token in exchange. This access token must be provided in all successive requests you make.
If your client application runs in the browser, then the two options that you have for the browser to help out with the authentication are:
Use session cookies. With Flask, this can be done with the Flask-Login extension.
Use Basic Authentication, to let the browser prompt the user for credentials, which are then automatically sent in successive requests. This is fully supported by the Flask-HTTPAuth.
I am trying to develop login with vk.com feature for our website. And testing it locally. In app I have given
http://127.0.0.1/
as base domain. In website during authorization it is requesting url:
https://oauth.vk.com/authorize?client_id=XXXX&redirect_uri=http://127.0.0.1/vk/login/check/&state=trackid=XXXX..
In callback url, I am calling
https://oauth.vk.com/access_token?client_id=XXXX&client_secret=YYYY&redirect_uri=redirect_uri=http://127.0.0.1/vk/login/check/aaa/bbbb&code=
But its not loading VK website for logging in. It shows error
{"error":"invalid_request","error_description":"redirect_uri has wrong
domain, check application settings"}.
Dont know whats wrong. Any help?
Earlier when testing to request code and accesstoken manually, I had given domain in app as https://www.example.com and used https://www.example.com as redirect url when requesting code and access token. At that time it had worked.
Now how can I test it when our website is running locally? Please help
You should open your 8000 port and put to "redirect_uri" your ip. But it's not exactly work, because u should have your own host
go to your app setting in VK set your redirect-uri http://127.0.0.1:5000/anything (port is important/use Port that you are using according to server hosting service). then try it.
I am not able to send request payload to my POST service from WSO2.
On rest console, my service is working.
From WSO2 server I am able to do curl to my server with successful response.
here is my API configuration
Payload to send:
{"query":"Hi I am a POST query parameter"}
My server is receiving {} as request payload. It expect RAW body in JSON (as above) in payload. I have tried all combinations for Parameter Type, but still not able to send payload to my server from WSO2.
How can I do this?
EDIT 1
I have tried all possible ways of sending data including following.
Am I doing something wrong here???
and
From both I get error that my payload is empty or incorrect!!
Edit 2
I am able to connect with Java based services but not with Python based services.
Do I need any special settings on my python server?
enable wirelogs and check following
payload is coming into the API manager (swagger -> AM )
Payload is going out from api manager (AM -> backend)
Also check the request headers coming in and going out and compare them with the stuff from curl request (successful request)
I am using Flask and I am afraid Flask can not deal with this issue currently.
I could reproduce this issue, the message send to back-end correctly, but Python only handle message until timeout.
Python Flask cannot receive post request from WSO2
The work-round may be using Java or Python get method.
I solved this problem by using apache to proxy this request.
I think this is related with wsgi.
Processing chunked encoded HTTP POST requests in python (or generic CGI under apache)
ProxyPass / http://localhost:8001/
ProxyPassReverse / http://localhost:8001/
How can you set the username and password in the http header for a SOAP request message using python's zeep? I believe that is why i am getting a connection refused error but cannot figure out where the http header details can be set. I even tried just running python -mzeep on the wsdl file (vs creating a client and calling a web service method) but it still cannot connect.
Zeep uses the requests library for http requests. The request session is available as client.transport.session.
So doing something like client.transport.session.headers.update({}) should work. See http://docs.python-requests.org/en/master/user/advanced/#session-objects
this one works just fine
client.transport.session.headers.update({'yourHeader': 'yourValue'})
I have an app which amounts to a Python script, running on the user's phone, and a JS client, running in the user's browser. The Python script sends messages to App Engine as HTTP requests. The server then pushes the messages to the JS client.
The problem is authentication: The server can easily use Google Accounts to authenticate anything coming from the JS client as being sent by a particular user, but I do not know how to get the Python script to make HTTP requests which will also authenticate.
Any ideas?
According to its homepage, httplib2 has support for Google Account authentication, maybe that may help you?
Can you use OAUth to authenticate with Google, then use the OAuth token to ensure the messages are legitimate?