BASIC Authentication error in Cloud APIs


#1

I try to access cloud using POSTMAN(chrome Web Store) for study but I can not get OAUTH2 token in BASIC authentication.
Cloud returns 404.
I write details in following sentece.

Please advise me .

Thnek you.

Kazu


I have tried following sequince.

Configration prameters for POSTMAN. (POSTMAN is HTTP client. It can sent any REST.)
See captured figures in this topic.

Authoization tab

  • Type : Basic Auth
  • Username : foo@bar.jp <- same username to Afero Profile Editor to login
  • Password : foobar <- same password to Afero Profile Editor to login

Headers tab

  • Content-Type : a4plication/x-www-form-urlencoded
  • Accept : application/json
  • Authorization : BASIC xxxxxxxxxxxxxxx <-- "foo@bar.jp:foobar" encoded by BASE64

Send the packet and POSTMAN receive “404 The requested resource is not available.”.

=========

I also try to access cloud using Perl CPAN LWP.(CPAN v2.53.01/cygwin Perlv5.22.2)

— program begin —
use strict;
use warnings;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(POST => ‘https://api.afero.io/oath/token/’);

$req->authorization_basic(‘foo@bar.jp’, ‘foobar’);

my $res = $ua->request($req);
if ($res->is_success) {
print $res->content, “\n”;
} else {
print “ERROR.\n”;
print $res->status_line, “\n”;
}
— program end —

The program returns 404.
If URL is http://api.afero.io/oath/token/ , it receive “500 Can’t connect to api.afero.io:80”.




#3

Hi, Kazu!

Thank you for your question!

I think I can help you - the string you’re using for your Authorization header is incorrect - it’s not base64 “username:password” it’s Base64 “oath client id:oauth secret” which we can conveniently provide for you.

  1. Log in to the Afero Profile Editor (APE). Open a project or create a new empty project. In the upper left part of the screen, click the gear icon and then click “MY ACCOUNT”

Look on that screen for “Client Credentials Basic Auth”

Use that value for your Authentication header in your request.

In Postman, I was able to make the request this way:

URL https://api.afero.io/oauth/token
Headers:
Authorization: Basic N2Y2N…DNi
Content-Type : application/x-www-form-urlencoded

form data:

username: jgeorge@afero.io
password: foobar
grant_type: password

This worked for me. Please try this when you can and let me know if it works for you too.

Thank you!

Joe


#4

Hi Kazu!

I also wanted to let you know that we found a typo in our developer docs - the OAuth URL was incorrect, it was /oath/token instead of /oauth/token and we will post a fix to the documentation shortly.

Cheers,

Joe


#5

Hi, Joe.

Thank you but it not works.

I notice latest Postman which I install overwrite Authentication Field.
See attached figure.

Postman says “The authorization header will be generated and added as a custom header” in Authenticaion tab.

I set “Basic OD*****” to Authentication Header before I click the Sned button but Postman change it to “bm*****” which is encoded from Username(na***@***.jp) and Password(c***) in Authentication tab.
I think cause of error is it.

I don’t know how to disable the function.

I’m not used to Java but I will write BASIC authentication program using Java.

And sorry, it seems that category of this topic is wrong.

Thank you.
Kazu


#6

Hi, Kazu!

For our login, the Authorization header must be a base64 string of the OAuth Client ID and OAuth Client Secret, not the plain username and password. It looks like Postman is generating that header for you from it’s Username and Password fields, so we can make it work!

On the Basic Auth tab, in the Username field, enter the data from OAuth Client ID from the APE account screen. For the Password field, use the OAuth Client Secret from that account screen. Postman will then put the correct Authorization header into your request.

Then in the x-www-form-urlencoded body, add these 3 fields:

username
password
grant_type password

I was able to get an access token through Postman this way just now.

Alternatively, instead of using Postman’s Basic Auth function, you can select “No Auth” and add the Authorization header manually (exactly as it is found on the APE account page). It seems that the “Basic Auth” function of Postman just Base64 encodes that username/password data as a convenience for you.

Please let me know if this works for you, or if you have any more questions we’ll be happy to help!

Joe