Access token doesn't work passed in header

Question

Access token doesn't work passed in header

slinlee opened this issue 4 years ago · 12 comments

The deployment only seems to use the API key if it's passed as a URL param. Can we switch it to use a header token?

Originally posted by @slinlee in #27 (comment)

Answer 1 · 2021-03-12T21:53:03.000Z

curl -X 'POST'
  'https://stock.devpathmind.com:8000/predict_raw/' \
  -H 'accept: application/json'
  -H 'access_token: 1234567asdfgh'
  -H 'Content-Type: application/json'
  -d '{
  "obs": [
    0,1,2
  ]
}'

Answer 2 · 2021-03-12T22:00:05.000Z

@xneyder do we maybe strip headers when redirecting the request?

Answer 3 · 2021-03-12T22:05:01.000Z

@slinlee I've done most of my testing locally with header tokens, fwiw. should all be supported

Answer 4 · 2021-03-12T23:31:45.000Z

@slinlee I've done most of my testing locally with header tokens, fwiw. should all be supported

Yeah that's what I thought. I suspect something is lost when we redirect the request.

Answer 5 · 2021-03-22T19:33:06.000Z

Here are more details:

Putting the access token in the URL works for the zinc factory:

curl -X 'POST' \
  'https://zinc-factory.devpathmind.com/predict/?access_token=1234567asdfgh' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "minute": 0,
  "hour": 0,
  "day": 0,
  "month": 0,
  "price": 0
}'

But this command with the access token in the header fails:

curl -X 'POST' \
  'https://zinc-factory.devpathmind.com/predict/' \
  -H 'accept: application/json' \
  -H 'access_token: 1234567asdfgh' \
  -H 'Content-Type: application/json' \
  -d '{
  "minute": 0,
  "hour": 0,
  "day": 0,
  "month": 0,
  "price": 0
}'

Answer 6 · 2021-06-16T22:28:12.000Z

@xneyder was this ever resolved?

Answer 7 · 2021-06-16T22:42:05.000Z

Yes it was fixed with the ingress configuration we did.

Answer 8 · 2021-06-16T22:55:06.000Z

Thanks! closing this now.

Answer 9 · 2021-06-16T22:55:40.000Z

Closed in PathmindAI/pathmind-webapp#2971

Answer 10 · 2021-06-21T23:09:47.000Z

Here is a more recent example

curl -X 'POST' \
                                                     'https://api.dev.devpathmind.com/policy/id6969/predict/' \
                                                     -H 'accept: application/json' \
                                                     -H 'access_token: a90c01ad-8239-432c-9ebc-c79a79c41a07' \
                                                     -H 'Content-Type: application/json' \
                                                     -d '{
                                                     "callCenters": [
                                                       0
                                                     ],
                                                     "hour": 0,
                                                     "currentCall": [
                                                       0
                                                     ],
                                                     "links": [
                                                       0
                                                     ],
                                                     "minute": 0
                                                   }'

Answer 11 · 2021-06-22T02:42:28.000Z

Please user access-token instead of access_token, dash instead od underscore.

curl -v -X 'POST' \  ✔
'https://api.dev.devpathmind.com/policy/id6969/predict/'
-H 'accept: application/json'
-H 'access-token: a90c01ad-8239-432c-9ebc-c79a79c41a07'
-H 'Content-Type: application/json'
-d '{
"callCenters": [
0
],
"hour": 0,
"currentCall": [
0
],
"links": [
0
],
"minute": 0
}'

Answer 12 · 2021-06-24T21:58:58.000Z

Underscores are not recommended as header names. I'm going to switch to use access-token for the var name.

See: https://stackoverflow.com/questions/22856136/why-do-http-servers-forbid-underscores-in-http-header-names