-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API "/api/v1/me/" with JWT token but always reponse "message": "Not authorized" #25876
Comments
Hi @xavier-GitHub76, what version are you running? I can replicate this issue on latest master branch. Steps to reproduce:
curl --request GET \
--url http://localhost:8088/api/v1/me/roles \
--header 'Authorization: Bearer token' \
--header 'X-CSRFToken: token'
|
Thanks for your test. |
Make a request to http://localhost:8000/login with formdata as csrfToken and username and password. This will set a session in the browser which will then be used to call the /me api |
Hi, thanks a lot for your reply. I try your example with postman but I have not the same result.
On your screenshot, you have 10 parameters for the header, I have just 9. |
Hit a GET request to /login endpoint. There you'll get the html document containing csrf_token as a hidden input field. Then make a POST request to /login endpoint with body as FormData containing the csrf_token, username, and password. Hope this works... |
ideally I was thinking of using 100% api endpoint
which would allow me to rely solely on APIs (/api/v1) and manipulate JSON results |
Hello xavier-GitHub76, Could you please advise on the interface you are using for API tests? Thanks, |
Hello @peanut00 |
Many Thanks for your help |
Adding some logging within |
Are people still having issues here? It's not clear to me if this is still a bug, or if there's just general confusion about API use. |
Hello @rusackas, I have done a lot of research (Google, Github, Slack) on the subject but cannot easily use the API. Unfortunately, sometimes providing a JWT token and a CSRF token is sufficient but this is not always the case (like this issue). Providing a session cookie helps get around the problem but I don't understand why it is necessary when the technical identification elements are already provided. By searching in /api/v1/_openapi Thanks for your help |
Were you able to fetch current user info from "/api/v1/me" ?? |
I succed to see a result but by a means that does not seem correct to me. The use of API functions should be based on the provision of a JWT token and a CSRF token, however if I execute /api/v1/me/ with these tokens, I systematically get the return: I manage to identify the user only by providing a cookie (retrieved after using the login page). This is not normal for me because the function returns a result without a JWT token |
@xavier-GitHub76 Thanks for the help. |
Hello,
I try to use api endpoints but I have problem.
I succed to get JWT token with /api/v1/security/login
and I use it with another api endpoint like :
These endpoints seem very simple to use (no parameters to define) but I have always the response :
{
"message": "Not authorized"
}
I don't see why it fails
Thanks for your help
The text was updated successfully, but these errors were encountered: