I am using the Dart server side Aqueduct framework. My program uses their OAuth 2.0 Bearer authorisation to secure certain routes. This works fine. However, I have a problem when I try to establish a websocket connection through a secure route. This is the code:
router
.route("/connect")
.pipe(new Authorizer(authServer));
.listen((request) async {
var userID = request.authorization.resourceOwnerIdentifier;
var socket = await WebSocketTransformer.upgrade(request.innerRequest);
socket.listen((event) => handleEvent(event, fromUserID: userID));
connections[userID] = socket;
return null;
});
This code is taken directly from the Aqueduct website: https://aqueduct.io/docs/http/websockets/.
My question is, how do should the client look for this? Specifically, how do I set the authorisation in the HTTP header when establishing the websocket connection. I have tried lots of different things, including the following:
void connect()
{
_address = "ws://$ip:$port/connect";
_webSocket = new WebSocket(_address, {"Authorization":"Bearer ks123..."});
}
And:
void connect()
{
_address = "ws://$ip:$port/connect&access_token=ks123...";
_webSocket = new WebSocket(_address);
}
And:
void connect()
{
_address = "ws://$ip:$port/connect&Authorization=Bearer ks123...";
_webSocket = new WebSocket(_address);
}
And:
void connect()
{
_address = "ws://$ip:$port/connect";
_webSocket = new WebSocket(_address, ["Authorization Bearer ks123.."]);
}
Does anyone know how to solve this?
Related
i'm currently trying to connect via UNO-Plattform sample to the Spotify API.
https://github.com/unoplatform/Uno.Samples/blob/master/UI/Authentication.OidcDemo/Authentication.OidcDemo/Authentication.OidcDemo.Shared/MainPage.xaml.cs
Therefore I have updated the PrepareClient method.
private async void PrepareClient()
{
var redirectUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri().OriginalString;
// Create options for endpoint discovery
var options = new OidcClientOptions
{
Authority = "https://accounts.spotify.com", //"https://demo.duendesoftware.com/",
ClientId = "7c1....a45",
ClientSecret = "4b..a",
Scope = "playlist-read-private",
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode
};
// Create the client. In production application, this is often created and stored
// directly in the Application class.
_oidcClient = new OidcClient(options);
var extra_parameters = new Dictionary<string, string>();
//extra_parameters.Add("response_type", "token"); // if i add this line i get an error
_loginState = await _oidcClient.PrepareLoginAsync(extra_parameters);
btnSignin.IsEnabled = true;
// Same for logout url.
//If i add this line a get an error
//_logoutUrl = new Uri(await _oidcClient.PrepareLogoutAsync(new LogoutRequest()));
btnSignout.IsEnabled = true;
}
private async void SignIn_Clicked(object sender, RoutedEventArgs e)
{
var startUri = new Uri(_loginState.StartUrl);
// Important: there should be NO await before calling .AuthenticateAsync() - at least
// on WebAssembly, in order to prevent triggering the popup blocker mechanisms.
var userResult = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, startUri);
if (userResult.ResponseStatus != WebAuthenticationStatus.Success)
{
txtAuthResult.Text = "Canceled";
// Error or user cancellation
return;
}
// User authentication process completed successfully.
// Now we need to get authorization tokens from the response
var authenticationResult = await _oidcClient.ProcessResponseAsync(userResult.ResponseData, _loginState);
if (authenticationResult.IsError)
{
var errorMessage = authenticationResult.Error;
// TODO: do something with error message
txtAuthResult.Text = $"Error {errorMessage}";
return;
}
// That's completed. Here you have to token, ready to do something
var token = authenticationResult.AccessToken;
var refreshToken = authenticationResult.RefreshToken;
// TODO: make something useful with the tokens
txtAuthResult.Text = $"Success, token is {token}";
}
If i use Postman for authentication, i can use the URL
curl --location --request GET 'https://accounts.spotify.com/authorize?response_type=token&client_id=7c...45&scope=playlist-read-private&redirect_uri=http://localhost:8080&state=test'
and everything works fine and i get the token in the callback url as parameter.
If i add as "extra_parameters" the "response_type" : "token" i get the message, that this parameter is not supported...
I'm a little bit stucked here and don't know how to proceed.
I'm happy about any help in every direction to get this autentication done with uno-plattform.
OIDC can be described as a superset of OAuth2. It is a way for an identity provider to issue tokens and supply info about a user via additional APIs. Read more here.
The Oidc code that you use (probably IdentityModel.OidcClient?) requires a the service you’re calling to implement a few extra endpoints which Spotify has not implemented for their API. This is discussed in this forum topic. Because of the missing Oidc support, your code will try making calls that do not work.
The SpotifyAPI-NET library might also help you authenticate and make API calls instead.
I am building a flutter web app and I need to use SSL to talk to the server using a .pem certificate.
I am using HttpClient and IOClient to get it to work and the code for this looks as following:
fetchData()async{
HttpClient _client = HttpClient(context: await globalContext);
_client.badCertificateCallback =
(X509Certificate cert, String host, int port) => false;
IOClient _ioClient = new IOClient(_client);
var response = await _ioClient.get(Uri.parse('https://appapi2.test.bankid.com/rp/v5.1'));
print(response.body);
}
Future<SecurityContext> get globalContext async {
final sslCert1 = await
rootBundle.load('assets/certificates/bankid/cert.pem');
SecurityContext sc = new SecurityContext(withTrustedRoots: false);
sc.setTrustedCertificatesBytes(sslCert1.buffer.asInt8List());
return sc;
}
I get the following error when trying to run fetchData:
Unsupported operation: SecurityContext constructor
I have also tried using the flutter plugin DIO that looks like this:
void bid() async {
final dio = Dio();
ByteData bytes = await rootBundle
.load('assets/certificates/bankid/FPTestcert4_20220818.pem');
(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate =
(client) {
SecurityContext sc = SecurityContext();
sc.setTrustedCertificatesBytes(bytes.buffer.asUint8List());
HttpClient httpClient = HttpClient(context: sc);
return httpClient;
};
try {
var response = await dio.get('https://appapi2.test.bankid.com/rp/v5.1');
print(response.data);
} catch (error) {
if (error is DioError) {
print(error.toString());
} else {
print('Unexpected Error');
}
}
}
When running this I get the following error:
Error: Expected a value of type 'DefaultHttpClientAdapter', but got one of type
'BrowserHttpClientAdapter'
I understand that I get the error above because of the casting that the httpClientAdapter is used as a DefaultHttpClientAdapter but since the app is running in the browser its using BrowserHttpClientAdapter, but how do I solve this?
Is it possible to make this work?
In need of some help accessing an external Web API passing along credentials in order to access the methods available. I have included the code below that i use in order to attempt to access the Web API. However, i receive the following error every time i attempt to access it:
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
What am i missing or what am i doing wrong? I have been circling around this for a couple days and have tried a couple different techniques but continue to get the same error. Here is one technique that i used.
private static async Task<string> GetAPIToken(string userName, string password, string apiBaseUri)
{
try
{
using (var client = new HttpClient())
{
//setup client
client.BaseAddress = new Uri(apiBaseUri);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//setup login data
var formContent = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string,string>("username",userName),
new KeyValuePair<string,string>("password",password),
});
//send request
HttpResponseMessage responseMessage = await client.PostAsync("Token", formContent);
//get access token from response body
var responseJson = await responseMessage.Content.ReadAsStringAsync();
var jobject = JObject.Parse(responseJson);
return jobject.GetValue("access_token").ToString();
}
}
catch (Exception ex)
{
return null;
}
}
Any help would be greatly appreciated.
Thanks
There is a little bit of a difference when using HTTPS vs HTTP. This question should give you the information you need to fix your problem.
Make Https call using HttpClient
Could anybody help me to handle POST request, I read docs, but it's not clear to me, how to handle POST request, that I send from page, to vibed server.
I wrote next code:
import vibe.d;
import std.stdio;
void main()
{
auto router = new URLRouter;
router.any("*", &accControl);
router.any("/my", &action);
auto settings = new HTTPServerSettings;
settings.port = 8080;
settings.bindAddresses = ["::", "127.0.0.1"];
listenHTTP(settings, router);
runEventLoop();
}
void accControl(HTTPServerRequest req, HTTPServerResponse res)
{
res.headers["Access-Control-Allow-Origin"] = "*";
}
void action(HTTPServerRequest req, HTTPServerResponse res)
{
// how get string from POST request here. And how get JSON object, if server send it.
}
but what method I should use for req? As I understand expect POST body there is sending a lot of other data.
The POST request is sending with JQuery:
$.post("http://127.0.0.1:8080", "\"answers_result\":777");
So I need to get this JSON and send with vibed it's to DB. But problem that I can't understand how to handle it.
In main:
auto router = new URLRouter;
router.post("/url_to_match", &action);
listenHTTP(settings, router);
Action:
void action(HTTPServerRequest req, HTTPServerResponse res)
{
auto answers_result = req.json["answers_result"].to!int;
// ...
}
Or you can use registerRestInterface.
Here is an example code to show how to read POST params from vibe.d:
Main Function:
shared static this()
{
auto router = new URLRouter;
router.post("/url_to_match", &action);
auto settings = new HTTPServerSettings;
settings.port = 3000;
listenHTTP(settings, router);
}
Action:
void action(HTTPServerRequest req, HTTPServerResponse res)
{
// Read first POST parameter named "first_name"
auto firstName = req.form["first_name"];
// Read second POST parameter named "last_name"
auto lastName = req.form["last_name"];
// Prepare output to be sent to client.
auto name = "Hello %s, %s".format(lastName, firstName);
// Send data back to client
res.writeBody(name);
}
Build the program and run it, to try it out on your local machine you may execute the following simple curl request:
curl --data "first_name=kareem&last_name=smith" "http://localhost:3000/url_to_match"
HTH
I plan to use SignalR to notify clients.
In production we are forced to use a client x509 certificate to authenticate the client using a reverse proxy. It will also terminate the SSL prior to connecting to our IIS webserver.
Will this work?
I can't find any api to add the client certificate or to use a WebRequestHandler.
I can't be the first.
/HAXEN
Regarding using client-based certificate: there is nothing in SingalR that allows to do it, I went through all the sources, and apparently it's an oversight, and a very annoying one. Here's a hack that I found:
public class MyHttpClient: IHttpClient
{
DefaultHttpClient _client = new DefaultHttpClient();
X509Certificate Certificate;
Action<IRequest> SpiceAction(Action<IRequest> prepareRequest)
{
return new Action<IRequest>(req =>
{
var fi = typeof(HttpWebRequestWrapper).GetField("_request",
BindingFlags.NonPublic | BindingFlags.Instance);
HttpWebRequest request = (HttpWebRequest) fi.GetValue(req);
request.ClientCertificates.Add(Certificate);
prepareRequest(req);
});
}
public Task<IResponse> Get(string url, Action<IRequest> prepareRequest)
{
return _client.Get(url, SpiceAction(prepareRequest));
}
public Task<IResponse> Post(string url, Action<IRequest> prepareRequest,
IDictionary<string, string> postData)
{
return _client.Post(url, SpiceAction(prepareRequest), postData);
}
}
and then instead of:
var conn = new Connection("https://xxxxxxxx");
conn.Start()
do:
var conn = new Connection("https://xxxxxxxx");
conn.Start(new MyHttpClient() { Certificate = xxxxxxx });
Here we go, with version 1.1 of SignalR Client Certificates are supported out of the box.
Great!