-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
List students doesn't work with Basic Auth #179
Comments
If you use the |
Welcome to LifterLMS @GeekJosh! I've reviewed this and using a clean local machine I am able to make requests to Since you have two reports of issues where the requests work with header authorization but not basic authorization my assumption here is that your server is suffering from an issue that occurs on some servers where basic authentication is not available to PHP. This can be due to webserver or php configurations and this is the reason why we have header authentication available -- as an alternative when basic authentication isn't working. Furthermore, based on how our authentication methods work, it's not possible (or at least very nearly impossible) for an endpoint to only work with header authentication or basic authentication. There's no logic built into the controllers themselves to look for keys, that all happens during authentication (before the controller is invoked). By this I mean that the controllers don't check for your keys, the rest api initialization does (when WP itself runs hooks to determine if there's an authenticated user). My guess is that any request you're making is not going to work with Basic Auth and that only header authentication is going to work for you. Can you let me know if I'm wrong about this and that you are able to make some requests with basic auth (but others with only header auth). It's also possible that you've passed the credentials incorrectly in your requests. Depending on the language you're using, you'll need to build your credential string differently, here's a good example if you're using WordPress (and PHP): https://johnblackbourn.com/wordpress-http-api-basicauth/ I In node the easiest way would be to use Node's There's a native curl example in our API docs: https://developer.lifterlms.com/rest-api/#section/Authentication/Basic-Authentication If you're not sure you've done it right, post up an example (redacting real keys, of course) and I'll have a closer look and let you know if I can spot an issue. |
Thank you for the comprehensive reply. I've been using Postman to test
endpoints and ultimately they're being used in a .NET application using the
standard HttpClient.
Unfortunately, it is only these two endpoints (so far) that basic auth
doesn't work for. All endpoints work using the custom headers so it's not
really causing me an issue, just seems odd that only specific endpoints
fail, and with different errors too.
I'd expect the 401 error I'm getting from this endpoint if authentication
failed (in fact it was because I got that 401 that I started looking at
authentication as the cause), but getting a 404 as in my other report
(#178) is very strange.
…On Thu, 2 Jul 2020, 18:42 Thomas Patrick Levy, ***@***.***> wrote:
Welcome to LifterLMS @GeekJosh <https://github.com/GeekJosh>!
I've reviewed this and using a clean local machine I am able to make
requests to GET /students using basic auth without issue (also, I've
reviewed your other issue, #178
<#178>, and found the
same result -- that it works as expected with basic auth).
Since you have two reports of issues where the requests work with header
authorization but not basic authorization my assumption here is that your
server is suffering from an issue that occurs on some servers where basic
authentication is not available to PHP. This can be due to webserver or php
configurations and this is the reason why we have header authentication
available -- as an alternative when basic authentication isn't working.
Furthermore, based on how our authentication methods work, it's not
possible (or at least very nearly impossible) for an endpoint to only work
with header authentication or basic authentication.
There's no logic built into the controllers themselves to look for keys,
that all happens during authentication (before the controller is invoked).
By this I mean that the controllers don't check for your keys, the rest api
initialization does (when WP itself runs hooks to determine if there's an
authenticated user).
My guess is that *any* request you're making is not going to work with
Basic Auth and that *only* header authentication is going to work for
you. Can you let me know if I'm wrong about this and that you *are able
to make some requests* with basic auth (but others with only header auth).
It's also possible that you've passed the credentials incorrectly in your
requests.
Depending on the language you're using, you'll need to build your
credential string differently, here's a good example if you're using
WordPress (and PHP):
https://johnblackbourn.com/wordpress-http-api-basicauth/ I
In node the easiest way would be to use Node's URL object, our node api
wrapper has a simple example:
https://github.com/gocodebox/llms-api-node/blob/d0131f2b6902fd0af292937cadfb8f5b10b8b092/lib/Request.js#L50-L53
There's a native curl example in our API docs:
https://developer.lifterlms.com/rest-api/#section/Authentication/Basic-Authentication
If you're not sure you've done it right, post up an example (redacting
real keys, of course) and I'll have a closer look and let you know if I can
spot an issue.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#179 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAMEGMRJOORZE4WLJCWQAATRZTBIRANCNFSM4OO47D2A>
.
|
@GeekJosh could you export your Postman request (redact the keys) and post that so I can import and see what you're doing please? |
@GeekJosh could you check in with me on this one please? |
Sorry for the delay, PostMan export:
|
@GeekJosh thanks and no worries on the delay! I've replaced the redacted urls with my local test site and the redacted keys with working read/write keys owned by an admin WP user and I'm seeing the same result (200 response) with both header and basic auth. This seems to really indicate an issue with your server more than anything else. Are you absolutely certain that other endpoints are working with basic auth? Try the If you're still seeing issues here (that basic auth does work on these requests but it doesn't on Thanks, |
@GeekJosh bumping for requested information! |
Closing due to inactivity |
Reproduction Steps
Perform a GET request on the
/students
endpoint using basic authenticationExpected Behavior
A collection of students is returned
Actual Behavior
A 401 unauthorized response is received
Error Messages / Logs
System Information
System Report
The text was updated successfully, but these errors were encountered: