Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can i authenticate using curl and get private entries ! #167

Closed
dyaa opened this issue Mar 3, 2015 · 16 comments
Closed

How can i authenticate using curl and get private entries ! #167

dyaa opened this issue Mar 3, 2015 · 16 comments

Comments

@dyaa
Copy link

dyaa commented Mar 3, 2015

I'm Searching over the web about how can i authenticate devise using curl and to get private entries !

Can anybody please help me about that?
@nicolas-besnard
Copy link
Contributor 

curl -XPOST -H 'Content-Type: application/json' -H 'access-token: e3xOfHG-SRkrAWwBS6MgHA' -H 'client: default' -H "uid: [email protected]" localhost:3000/YOUR_ROUTE

@dyaa
Copy link
Author

dyaa commented Mar 3, 2015

i was trying this to get the access-token

curl -XPOST -v -H 'Content-Type: application/json' http://example.com/api/auth/sign_in -d '{"email": "[email protected]", "password": "password" }'

then

curl -XPOST -v -H 'Content-Type: application/json' -H 'access-token: 0t3l9Z8JR3EGdJpV6l5jwQ' -H 'client: default' -H "uid: [email protected]" http://example.com/api/v1/posts/

it gave me < HTTP/1.1 401 Unauthorized

do you think there's a problem with CSRF ?

@nicolas-besnard
Copy link
Contributor

CSRF didn't occur with an API. Have you try to do the request in a rails c ?

@c0mrade
Copy link

c0mrade commented Mar 3, 2015

This works for me :

curl -XPOST -v -H 'Content-Type: application/json' http://lvh.me/api/v1/auth/sign_in -d '{"email": "[email protected]", "password": "tralalal" }

So I get back the response (something like below, only important part) :

< access-token: lW1c60hYkRwAinzUqgLfsQ
< token-type: Bearer
< client: W_xCQuggzNOVeCnNZbjKFw
< expiry: 1426610121
< uid: [email protected]

Then I can validate the token, using the client and token previously obtained from the above request, I do it like this :

curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: lW1c60hYkRwAinzUqgLfsQ' -H 'client: W_xCQuggzNOVeCnNZbjKFw' -H "uid: [email protected]" http://lvh.me/api/v1/auth/validate_token

The result :

{"success":true,"data":{"id":3,"provider":"email","uid":"[email protected]","firstname":null,"lastname":null,"email":"[email protected]"}}

@nicolas-besnard
Copy link
Contributor

So, it's working ?

On Tue, Mar 3, 2015 at 5:38 PM Emir Ibrahimbegovic [email protected]
wrote:

This works for me :
curl -XPOST -v -H 'Content-Type: application/json'
http://lvh.me/api/v1/auth/sign_in -d '{"email": "[email protected]",
"password": "tralalal" }

So I get back the response (something like below, only important part) :

< access-token: lW1c60hYkRwAinzUqgLfsQ
< token-type: Bearer
< client: W_xCQuggzNOVeCnNZbjKFw
< expiry: 1426610121
< uid: [email protected]

Then I can validate the token, using the client and token previously
obtained from the above request, I do it like this :

curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: lW1c60hYkRwAinzUqgLfsQ' -H 'client: W_xCQuggzNOVeCnNZbjKFw' -H "uid: [email protected]" http://lvh.me/api/v1/auth/validate_token


Reply to this email directly or view it on GitHub
#167 (comment)
.

@c0mrade
Copy link

c0mrade commented Mar 3, 2015

@nicolas-besnard I wasn't the one who reported it's not working. I just tried with the latest code devise_token_auth (0.1.32.beta5) and it works for me. Waiting for OP to try the same, and report the result

@nicolas-besnard
Copy link
Contributor

@c0mrade sorry, didn't see it in my mail :)

@dyaa
Copy link
Author

dyaa commented Mar 3, 2015

The curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: lW1c60hYkRwAinzUqgLfsQ' -H 'client: W_xCQuggzNOVeCnNZbjKFw' -H "uid: [email protected]" http://lvh.me/api/v1/auth/validate_token

worked well, final question can you give me an example for XPUT or XDELETE !

Thank you guys.

@nicolas-besnard
Copy link
Contributor

You'll have to use the same curl request. Nothing change whatever your request type.

@dyaa
Copy link
Author

dyaa commented Mar 4, 2015

Sorry but i'm trying

curl -XDELETE -v -H 'Content-Type: application/json' -H 'access-token: o4JDhkzqAqf_lrklCnURCA' -H 'client: KlEK7aLWZmfoeUKGAn1o0Q' -H "uid: [email protected]" http://example.com/api/v1/blogs/test

with the last client and access_token and it giving me 401

@nicolas-besnard
Copy link
Contributor

Did you do this request right after the login ? Because the access-token change for each request.

@c0mrade
Copy link

c0mrade commented Mar 4, 2015

Or you can try this in your initializer:

DeviseTokenAuth.setup do |config|
  config.change_headers_on_each_request = false
end

And your access token won't change for every request.

@c0mrade
Copy link

c0mrade commented Mar 8, 2015

@ACPK Unfortunately no, don't have phone apps just yet, but I think I did saw somebody having issues with it I think (should be somewhere in the open issues).

@nicolas-besnard
Copy link
Contributor

No problem with iOS / Android app here.
On Sun 8 Mar 2015 at 07:24 Emir Ibrahimbegovic [email protected]
wrote:

@ACPK https://github.com/ACPK Unfortunately no, don't have phone apps
just yet, but I think I did saw somebody having issues with it I think
(should be somewhere in the open issues).


Reply to this email directly or view it on GitHub
#167 (comment)
.

@dyaa dyaa closed this as completed Jul 17, 2015
@Asnadatta
Copy link

Thanks @c0mrade your answer worked for me.

@Theni-N-Lingeswaran
Copy link

hi
am lingeswaran form chennai
i just use
curl -XPOST -v -H 'Content-Type: application/json' http://192.168.10.184:3000/api/auth/sign_in -d '{"api_key": "E6BkQNJPE6BzZ601M5ENzxu343FExK" }'

i got correct output
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Status: 200 OK
< Cache-Control: max-age=0, private, must-revalidate
< X-XSS-Protection: 1; mode=block
< access-token: o5IgZro5E6khds_A-pqT5A
< X-Request-Id: ae12f3ff-2826-470d-b130-476acdad2335
< token-type: Bearer
< expiry: 1544269896
< uid: VEYy0GeaEmp3TDvUIkfK0k9xbLtcu7
< client: GgrHfydDnm7qnmiMD2qSZQ
< X-Frame-Options: SAMEORIGIN
< ETag: W/"dc8df0141c437a35f85725b36c98cc10"
< X-Content-Type-Options: nosniff
< X-Runtime: 0.101321
< Date: Thu, 08 Dec 2016 11:51:36 GMT
< X-Powered-By: Phusion Passenger 5.0.30
< Server: nginx/1.10.1 + Phusion Passenger 5.0.30

then i used get method for getting content using

curl -XGET -v -H 'Content-Type: application/json' -H 'access-token: o5IgZro5E6khds_A-pqT5A' -H 'client: GgrHfydDnm7qnmiMD2qSZQ' -H "uid: VEYy0GeaEmp3TDvUIkfK0k9xbLtcu7" http://192.168.10.184:3000/api/products/find_by

but i didn't get output i just got

< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Status: 500 Internal Server Error
< Cache-Control: no-cache
< X-XSS-Protection: 1; mode=block
< X-Request-Id: 686dd0c7-4756-4c8b-8460-f02e27996bf6
< X-Runtime: 0.006672
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< Date: Thu, 08 Dec 2016 11:53:52 GMT
< X-Powered-By: Phusion Passenger 5.0.30
< Server: nginx/1.10.1 + Phusion Passenger 5.0.30
<

  • Connection #0 to host 192.168.10.184 left intact
  • Closing connection #0
    {"errors":[{"status":500,"title":"Internal Server Error","detail":"We're sorry, but something went wrong. Please contact [email protected] to report this problem and we'll take a look at it shortly."}]}

please help me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@c0mrade @nicolas-besnard @dyaa @Asnadatta @Theni-N-Lingeswaran