Poor documentation of shared key feature

Question

Poor documentation of shared key feature

Closed this issue 4 years ago · 3 comments

functionaldude commented 4 years ago

We need better docs for the API Access feature, and how to use the X-Authorization header.

functionaldude commented 4 years ago

#48

Answer 1 · 2020-10-07T12:40:03.000Z

@functionaldude, this doesn't seem to work for me:

On server

> mongo "mongodb://user:pass@localhost:27017/campus-qr" --eval 'db.configurations.find({_id: "authSharedSecret"})'
MongoDB shell version v4.4.1
<snip>
MongoDB server version: 4.4.1
{ "_id" : "authSharedSecret", "stringValue" : "", "intValue" : null, "value" : "our-long-secret" }

looks fine, our-long-secret

On client

> curl 'https://our-host/location/list' -H 'X-Authorization: our-long-secret'
forbidden^J

Says forbidden. Note that this request works when I use the SESSION_CAMPUS_QR cookie instead of X-Authorization.

Answer 2 · 2020-10-07T12:42:27.000Z

I made a new issue #50.