Bearer token auth 401 from angular application but not from Postman - angularjs

I have an API running asp.net core using jwt bearer token authentication. The authentication scheme seems to be working perfectly when I hit the API through Postman providing the Authorization header with my requests.
When I hit the API from my angular application, I get a 200 on the pre-flight request and then a 401 on the actual request.
The WWW-Authenticate message says:
Bearer error="invalid_token", error_description="The token is expired"
However, when I copy the bearer token out from my request from the angular application, and use that same token in a request from Postman, it works fine and I get my data back.
I'm sure I'm doing something stupid. But sometimes it will work just fine from the angular app, then sometimes when I run it, it will not work at all.
Any ideas are appreciated.

I had same problem and I solved it.
When I pass token from angular localStorage to Headers it added double quotation and so this was incorrect.
I changed this Authorization: Bearer "token " to
Authorization: Bearer token without double quotation and everything is fine now.

Related

How to use bearer token auth for POST request to ADO in Postman?

Here I'm trying post request send to ADO using Postman
I tried with Basic token in Postman to send post request, It worked with PAT like below:
I wanted to try without giving username and PAT in postman so, I generated bearer token by sending client ID & Secret to the below url
https://login.microsoft.com...//
I got bearer token as response, and pasted it in Bearer token box:
When I pasted that token in post man to send post request to ADO it is showing 401(unauthorized)
This is URL: https://dev.azure.com/{pipeline_name}/{organization_name}/_release?_a=releases&view=mine&definitionId=x
Please guide me where am I doing wrong while sending the request.
I think the core issue is that ADO does not accept Bearer Token but need to pass it as OAuth 2.0 token. Change the Authorization to Oauth2.0 and on the right side pane under Available tokens, put the value that you generated for token and test.
Screenshot attached for reference.

Do I need to check JWT expiration on client side?

I'm developing website like classified ads with Django REST framework, react and redux. I have a question about authentication with JWT.
I want to use djangorestframework_simplejwt for authenticate and I've checked a few tutorial. I saw that many tutorial are checking access token on client side like below
export function isAccessTokenExpired(state) {
if (state.access && state.access.exp) {
return 1000 * state.access.exp - (new Date()).getTime() < 5000
}
return true
}
and refresh token as well.
But I don't know why. Because just request new access token with refresh token every time we got HTTP 401 Unauthorized error with expired access token.
The workflow that I thought is
Send server a request with access token to get page which only
authenticated user can see.
If access token is expired, frontend
will get HTTP 401 Unauthorized error.
Send server a request with
refresh token to get new access token, then frontend will store it
to localStorage.
Send a request again.
Is this bad way?
My apologies with my poor English...
You shouldnt be checking the JWT on the client side. A JWT is basically a token that the server has given you that is "assumed" valid. When you send the token back, the server will tell you if the token is not valid in the form of Http Status Code 401 - Unauthorized

Laravel Passport works with PostMan but not APP?

I have a route that needs a token. When I make my Axios call inside of the react app, it returns 401. However, when I grab the parsed header inside of the Network tab it shows:
Bearer ${correctToken}
I grab that entire string, Bearer ${token} and throw it into PostMan and I get the correct object, no 401.
I have tried all the fixes and am now on page 3 of google, the dark abyss.
Any idea how to fix this?

Is there a way to use oauth for GAE using postman

We're using postman to test our service APIs running on GAE. In order to authentication, we have to add a header value 'X-Auth' and copy the oauth authentication token used for our login (retrieved from google javascript library). We have to do this a lot because the token is rather short lived, so it's a real pain/bottleneck for our developers.
I've been looking into using the postman oauth authentication and even got it working... sort of. I successfully configured the oauth and logged myself in, granting the permissions, etc and received a token. However postman wants to put this token into the header not as 'X-Auth' but as 'Bearer' and for whatever reason, authentication is failing. Perhaps it's because the header name is wrong, perhaps I'm also getting the wrong token value.
So: Has anyone had success using postman with oauth on GAE?
PS, here's the 'code' Postman is generating :
GET /api/XXX/ST_W HTTP/1.1
Host: admin.mycompany.com:8080
Accept-Encoding: application/json
Authorization: Bearer ya29.GmDtA-o7ahRzDFl_kMQZD8n7Y3b38TUg58u3kon6t64JifRhOWNBBd8nsuSJ5-OcZW76xC8j3l9EN39D7Z0860qm1S6IwwwdX0AAvXmQwJZg_mXKQH1r9YZOLmgA95dq9_M
Cache-Control: no-cache
Postman-Token: a2182695-9b56-1834-5312-3885f2d77426

How to refresh token using Satellizer and interceptors?

I'm using Satellizer for my angular app, however when the token expires it does not include the Authorization header anymore to the $http requests resulting to incorrect http error status returned.
How do I handle this and refresh my token? I have already done the interception when $http error occurs, my problem is mostly with the refreshing.
I am using Laravel 5.2 and tymon/jwt-auth for my backend.

Resources