I am successfully using a curl request to authenticate a user on my Django project with Django-social-auth using a Facebook token to return a token for my personal site. Quite simply, I have a Facebook token and I am converting it to a Django token in return, but I am only accomplishing this feat using a CURL request. The framework I am using comes from Philip Garnero (1).
The CURL request - curl -X POST -d "grant_type=convert_token&client_id=&client_secret=&backend=facebook&token=" http://localhost:8000/auth/convert-token
The confusion comes when I am trying to do this using an AJAX request.
Is there something wrong with the way my ajax is setup? Do I need to get a csrf token to begin with before I can convert my facebook token to a authenticated Django token?
Update: I am getting a 400 error unsupported_grant_type while running my ajax request through a proxy. The request is the same request I have successfully executing in both a curl command and a Postman command.
Ajax Request:
$http({
url: "proxy/url/...",
async: false,
crossDomain: true,
method: "POST",
data: {
"client_id": "...",
"client_secret": "...",
"grant_type": "password",
"username": "...",
"password": "..."
},
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}).success(function(data, status, headers, config) {
console.log(data);
}).error(function(data, status, headers, config) {
console.log("error status = " + status);
console.log(angular.toJson(data));
});
(1) - https://github.com/PhilipGarnero/django-rest-framework-social-oauth2
I figured out the issue, but I cant point to the specific thing I did in order to get it working. I will instead write down everything I did in order to get a working system. My particular example was for an ionic app that used facebook authentication and converted the token to a django csrf token which I used to track users.
My setup: Django, Django rest-framework Social Oauth2 (Philip Garnero's setup), Django social auth, angular js, cordova facebook plugin, ionic (3rd party app that acts as the frontend) and finally a configured proxy service.
Steps: Number one, make sure to have a rest api system installed. I used Philip Garnero's api (1). Once I got the installable package from Garnero in place I had to configure an ionic proxy service. I used Ionic's tutorial to get it in place (2). That document is worth reading to understand the gist of cross domain requests. Finally, what I couldn't find without testing and researching around were the correct headers to attach to the ajax request. I ended up solving it using a very useful tool called Postman.
Here is a dumb example of that "confusingly difficult" request:
$http.post(Url, queryStringData,
{headers: {
'Accept': '*/*',
"cache-control": "no-cache",
'Content-Type': 'application/x-www-form-urlencoded'
}
}).success(function(data, status, headers, config) {
console.log(data.access_token);
}).error(function(data, status, headers, config) {
console.log("error status = " + status);
console.log(angular.toJson(data));
});
Please comment if you have questions. I will do my best to clean up the original post and may consider a tutorial if others are having the same issues. I spent 5 hours trying to crack this one.
(1)- https://github.com/PhilipGarnero/django-rest-framework-social-oauth2
(2)- http://blog.ionic.io/handling-cors-issues-in-ionic/
Related
I am using Web Api C# as backend for my application. I have enable CORS globally in the project.
config.EnableCors();
The frontend is developed in Reactjs. All the methods work in development mode but when I deployed the application in IIS, the post method does not work. I receive the following error message.
"Request failed with status code 405" Method not allowed"
Below is the api calling code.
axios(
{
method: 'POST',
url: URL,
data : JSON.stringify({partyid:'1234567'}),
headers: { 'content-type': 'application/json' }
}
I'm trying to make wordpress as a backend to my angularjs app, so I'm using the plugin rest-api with the jwt-auth
so when trying to login I get the following error
XMLHttpRequest cannot load http://localhost/back/wp-json/jwt-auth/v1/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://imider.ma' is therefore not allowed access. The response had HTTP status code 500.
I know i have to add CROS access, but I'm not familiar with wordpress, so any help?
https://docs.google.com/document/d/17zgUHZrvL5KVG2yKQE8NWgxNZn6V08xr65DBox5WVZ0/edit?usp=sharing
here is my tutorial of how to access the api
then you can use this to get the token
$http({
method:'post',
url:'',
data: {
username: '',
password: ''
}
}).then(function(results){
console.log(results);
})
then you can use this
$http({
method:'get',
url:'',
headers: { 'Authorization': 'Bearer <myTokenId>' }
}).then(function(results){
console.log(results);
})
I created a video detailing the process of installing and setting up the plugin. If you follow the steps I outlined there you should be good.
https://youtu.be/Mp7T7x1oxDk
The idea is that you also need to modify .htaccess and wp-config.php to make the plugin work with the existing API endpoints as well.
Just by installing the plugin and adding a SECRET_KEY, used to sign the token will make the JWT setup work but it will not allow you to use the tokens generated through that API with the existing REST API endpoints.
I have an angularjs application which is consuming a WebAPI created using WCF.
Angularjs application is making call to a WebAPI to fetch client details.
When i run both the projects (angularjs and WCF project) on my local machine. Everything works fine.
After deploying the project on development server I am facing issue while testing my angularjs application in chrome. Chrome fails to load the client details.
I checked the requests made by angularjs application using fiddler. I found that there are two calls made my angularjs application to webAPI, even though in code there is only one call in code,
Following is the code used in angular app
return $http({
method: "GET",
withCredentials: true,
url: $rootScope.models.ServiceURL + "/ServicerClient?clientName=" + searchTextSmallLetters,
dataType: "json",
headers: {
'Content-Type': 'application/json; charset=utf-8'
}
});
First request logged in Fiddler :
GET /PXTRAService.svc/ServicerClient?clientName=volvo HTTP/1.1
First request retunrs following error :
HTTP/1.1 401 Unauthorized
Next request logged in Fiddler has Security section in request header:
GET /PXTRAService.svc/ServicerClient?clientName=volvo HTTP/1.1
Second request retunrs the expected result.
Same scenario is occuring in IE, but IE angular application redeners the fetched results correctly.
Is there any way to fix this issue in chrome?
I'm writing an angularjs 1.5.0 application.
In this application i need to use $http to fetch image data to a blob.
i used the following code in my angular js controller:
$http({
url : 'https://myalcoholist-tuxin-com.s3.amazonaws.com/my-images/thumb_0000000001.jpg',
method : 'GET',
params : {},
headers : {
'Content-Type' : undefined,
},
responseType: "blob"
}).success(function(data, status, headers, config) {
}).error(function(data, status, headers, config) {
});
my website is at https://myalcoholist.com
I enabled cors in my s3 bucket using Bucket Explorer with the following parameters:
AllowedOrigin https://myalcoholist.com
AllowedHeader *
AllowedMethod GET
before settings the cors , i would get a preflight request error. after enabling cors I get
GET https://myalcoholist-tuxin-com.s3.amazonaws.com/my-images/thumb_0000000001.jpg 400 (Bad Request)
the pre-flight request, the OPTIONS method is sent and succeeds.
Request URL:https://myalcoholist-tuxin-com.s3.amazonaws.com/my-images/thumb_0000000001.jpg
Request Method:OPTIONS
Status Code:200 OK
Remote Address:54.231.114.146:443
but then the GET Request fails.
I tried to put an image on https://myalcoholist.com and then to try to get it with $http request and I got no errors. it seems that only trying to download from amazon's s3 is causing problems and I have no idea why!
the ACL is set for read. and browsing that file in the browser works.
any information regarding the issue would be greatly appreciated.
I am developing a small application use angularJS. The html pages are local file which will not deploy on web server. I defined a service module which will call the remote webapi to get the json data, however my success callback not be invoked.
$http({ method: 'GET', url: remoteServiceUri }).
success(function (data, status) {
var response = data;
}).
error(function (data, status) {
var error = data;
});
it always call into the error method. how can I resolve this issue please?
I can confirm that the service api work fine, as I tried deploy the page and webapi on the same site, in this case, it works.
is this caused by the cross domain or any configuration required?
Thanks.
You need to configure your remote web service to handle the preflight OPTIONS request.
Your web service must add the following headers to the response of the preflight OPTIONS request as well as the actual request:
{
"Access-Control-Allow-Origin": "*",
"Access-Control-Expose-Headers": "Content-Type",
"Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS",
"Access-Control-Allow-Headers": "Content-Type"
}
You can find details about what which headers are required, and what do they mean here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
If you are using Apache, you could use proxypass to redirect requests. This way your angular app talks "locally" with your apache server, and it will pass the request to a different domain.
For example, in your httpd.conf set:
ProxyPass /foo http://foo.example.com/bar
In your angular app call
$http({ method: 'GET', url: "/foo/action" }).then(...);
Your apache will translate "/foo/action" to "http://foo.example.com/bar/action".
Bye bye cross domain issues!
For more info, see apache proxy module