AWS API Gateway {"error": "missing authentication token"} - ios

I've been constantly getting the "missing authentication token" error when I click the AWS API gateway POST method url through the browser. I set "AUTH" as none and it's working totally fine through Postman but not with the browser. The problem is that I'm using swift to trigger the method and it doesn't seem to be reaching the gateway at all (no log on CloudWatch) and I don't think my code is wrong (or maybe it is). If someone could point out what my mistake is or a solution to this problem I'd appreciate it so much.
P.S. My lambda function is working totally fine and I typed in the right URL (one in the code is just for example)
Here's my code:
func postNonceToServer(paymentMethodNonce: String) {
let paymentURL = URL(string: "https://example-url.us-east-1.amazonaws.com/prod/create-transaction")!
var request = URLRequest(url: paymentURL)
request.httpBody = "\(paymentMethodNonce)".data(using: String.Encoding.utf8)
request.httpMethod = "POST"
}

In my opinion, this should be a problem in the URL itself. I can think of:
1- Please make sure that the URL is parsed correctly by printing it to the console and pasting it into the browser URL bar. (I have no idea about swift)
2- Make sure that "execute-api" is included in your "example-url", i.e., before the region.
3- Make sure that OPTIONS method has AUTH as none.
Good luck!

After enabling CORS on my endpoints I was receiving the same error message:
{"message":"Missing Authentication Token"}
Everything checked out, but I consistently received that error. To fix my issue I had to deploy the API. To do that, do the following:
Go to "Amazon API Gateway" console
Click on the API Gateway in question
Click "Resources" and select the root resource, e.g., "/"
Click "Actions" and then "Deploy API"
Select the stage you want to deploy to
Click "Deploy"
Long story short, redeploy the API after you've enabled CORS.

This mostly would be because of CORS issue.
Please enable CORS in you API gateway like below. After enabling CORS please redeploy the API
If you don't have OPTIONS added, please follow below steps (If OPTIONS already there just add CORS),
Create a new OPTIONS method under the /services resource
Create and populate the Access-Control-Allow-Origin/Method/Headers in the OPTIONS method.
Enable CORS like below after creating OPTIONS

Related

Why is swagger embedding v2/api-docs in request path for each resource

I can access swagger just fine and it is finding all of my resources (endpoints). However, Try it out! fails on each link because the request path has v2/api-docs embedded within it. The request constructed is as follows
https://{host}/{context-root}/v2/api-docs/{actual endpoint}
How do I go about configuring swagger to stop adding that to the request path?
After chasing this around and re-configuring the Docket, a friend noticed I had two slashes in my browser URL
https://{host}//{context-root}/swagger-ui.html
Changing my own hand-typed url solved the issue!

Error Domain=NSPOSIXErrorDomain Code=100 "Protocol error"

I am trying to call a service using Alamofire using a .get method.
The request has nothing special no parameters just an Authorization header.
I am going a bit mad here because to request works fine when I run it on postman with the same URL and Authorization token, but when I run my app code with Alamofire it returns this error:
Error Domain=NSPOSIXErrorDomain Code=100 "Protocol error" UserInfo={NSErrorPeerAddressKey={length = 16, capacity = 16, bytes = 0x100201bbd83ad0b10000000000000000}, _kCFStreamErrorCodeKey=100, _kCFStreamErrorDomainKey=1}
I am using:
Alamofire.request("https://myserverURL", method: .get, parameters: [:], encoding: JSONEncoding.default, headers: ["Authorization":"myToken"])
.responseJSON {response in
guard response.result.error == nil else {
//HERE IS WHERE IS GOING IN WITH THE ERROR
}
}
Any thoughts will be much appreciated or point me in the right direction :)
I got exact same error as yours in Cocoa with foundation class URLSession. After hours debugging the issue lies in the HTTP request body.
You should really try to dump the HTTP request/response body to see if there are some malformed fields. For example, Content-Length and Content-Type are right or missing? In my experience if these required(fundamental) headers are malformed, it may not work depending on your OS or other intermediate network accept(e.g. proxy, gateway, server, etc.)
My fault is misplacing function params in the method URLRequest.addValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type"), which ends up with a wrong Content-Type HTTP field.
However, it works in macOS 10.12 but not 12.11 so you should makes sure your HTTP Request body is not malformed.
Hope it helps.
Form your sample code, I guess the encoding: JSONEncoding.default is wrong. Since an HTTP GET method has NO body, a strict/not-robust network component would reject/not understand it.
What your goal is set the Accept: application/json in the request header, however it's not required if you're sure the response body type.
I got this error with Apache sending an upgrade header. Here is a link to Apache's bugzilla discussion on the issue.
Fixed it by adding Header unset Upgrade to host config in Apache.
This was a tricky one at least for me for an entire day 😅. I figure out at the end how to solve it, it was an HTTP protocol version issue with the server.
We were using IIS to connect to a development API and by default IIS if I remember correctly above 10 use HTTP 2.0 if both the client and the server support it. Also, our server was using an SSL certificate for the development API so I think this was the main issue combined with HTTP 2.0. Disabling the use of HTTP 2.0 for the IIS in the development API fixes the issue.
So my advice is to try to monitor the incoming request to see which kind of protocol is using the request in the server, you can do it with Charles or any another HTTP monitor tool.
I hope this helps someone else with the same problem.
Adding ["Content-Type": "application/json"] to the headers helped.
If you are using some kind of sniffer, try to turn it off.
Running Charles was the reason of this error for me. I was uploading files to the server, and it worked only for small files (several kb). 500kb file leads me to "EOF" failure in Charles, and to your error in xCode. Turning off Charles allowed to upload any large file. I didn't find the exact reason of this yet.
Charles worked well with the same query via Web, but not with iOS.
I have worked with apache server, I have fixed issue by adding Upgrade key in header.
Example:
let headers = ["Upgrade":"h2,h2c", "Content-Type":"application/json"]
Hope it will help other.
try to replace this parameters: [:] with parameters: nil in your request. Strangely it fixed the problem.
I had the same issue fixed it by replacing Authorization feild value to nil instead of ""
[request setValue: #"" forHTTPHeaderField:#"Authorization"];
changed it to this
[request setValue: nil forHTTPHeaderField:#"Authorization"];
In some cases, you must add an entry to ignore the header containing "Upgrade" as shown in this solution: https://forum.directadmin.com/showthread.php?t=55803
And
https://serverfault.com/questions/937253/https-doesnt-work-with-safari
In some cases it was only necessary to add a line in htaccess
Header unset Upgrade
I hope I helped you
In my case there were several F5 balancers in the test network. One of the F5 servers were validating the request incorrectly in such a way that json's objects containing # or / were considered malformed. The issue was hard to detect because many times it was working for me, but few times it was not - exactly according to the specific misconfigured F5 server that my client app was communicating with.
I had this problem when I used Google Places API, then I figured it out the problem was HTTP body, I set my HTTP body to nil and the problem solved
After spending hours the fix was adding "Upgrade" field in header.
let headerFields = ["Upgrade":"h2,h2c","Content-Type":"application/x-www-form-urlencoded"]
I just had a similar issue and resolved it by renaming the authentication header from firebase_token to auth.
I'm building both the backend and the frontend, so it's a reasonable solution.
It looks like the Nginx proxy was cutting off all the unknown headers.

Swagger UI - "Try it Out!" button call failing

I have installed Swagger UI on my local machine. When I am pulling up some Swagger definitions, the definitions are working fine, however, when I click on the "Try it out!" button, the call fails stating "No response from server".
However, when I take the Request URL from Swagger UI and run it directly in the browser, the server responds (BAU).
Am I missing something? Do I need to setup/configure Swagger UI to make this call happen?
Note: I have just downloaded the latest version of Swagger and running it locally on Windows desktop with Tomcat server.
Please help.
The specs for Swagger-ui is usually in JSON format which contains host(including port), basePath, paths (path array of each API service). Swagger-client will construct the request URL from all these properties and send the request to the URL with an "Accept" header. Now you can not get response from service you need to check whether the backend services are running. You can open browser development tools to capture the HTTP request and see if it is correct.
You can go to http://petstore.swagger.io/ to see how it works.

URL pattern to include in JMeter for testing ASP.NET MVC website

I am trying to perform a load test with JMeter on my ASP.NET MVC website that I have published on IIS..
My problem is..I'm confused about what URL pattern should I include or exclude..Currently, URL is immaterial for me, so I tried with '.* ' in URL to include and nothing in URL to exclude.. But JMeter is recording only a jpg url...If I specify '.*\.jpg ' in exclude, it records nothing. I also tried '.*\.aspx ' in include and nothing in exclude, but that doesn't seem to be working either :(
Is this something MVC specific? I am not very sure how it handles urls..(I am doing all this for the first time..). I otherwise didn't have any issues recording steps on other servers like google,apache.jmeter.test etc. where there were normal html pages with my current JMeter settings:
A Thread Group called 'Users' having a
Recording Controller
HTTP request defaults pointing to localhost:9080
A Workbench with
HTTP Proxy Server pointing to localhost:9080
My connection setting is also on localhost:9080.
I'm running JMeter from behind my company's proxy server successfully.
Thanks for any help :)
Realized later that it was not about URLs as such. My browser setting was probably faulty. I was using IE8..When I switched to Firefox, got more fine-grained control on the settings..These settings before recording worked for me:
Set manual proxy configuration to localhost,8081.
Check 'Use this proxy for all protocols'
Leave 'No proxy for' field blank
No 'Automatic proxy configuration'
Click OK.
After this if you try to access your site on IIS while JMeter proxy server hasn't started yet, it wouldn't, saying the connection was refused.
After this, go to JMeter and click the Start button to record. Try acessing the site again. It should come up :) Some more details:
There was no need to specify port number in HTTP request defaults. Just specified it in HTTP proxy server (8081 in my case).
For the session information to be saved properly, you must use a cookie manager (preferably, keep it at the top)..When you record, you get a HTTP header manager under each HTTP request if you had ticked the chekcbox against "Capture HTTP headers" in HTTP Proxy Server before recording..Copy this and add it as a child under your thread group.
Hope this helps someone struggling like me :)

spring-social-vkontakte problems with authorizationCode

I try to develop an application with connection to social set vkontakte. To do this I use spring-social-vkontakte module of spring-social from https:// github.com/vkolodrevskiy/spring-social-vkontakte as this resources is mentioned in official site spring social http:// www.springsource.org/spring-social.
Problem is that when I use VKontakteConnectionFactory to make request to my application in vkontakte I can't use my local address in redirect_uri because I receive na error:
{"error":"invalid_request","error_description":"redirect_uri has wrong domain, check application settings"}
in vkontakte documentation http://vk.com/developers.php?oid=-17680044&p=Authorizing_Client_Applications in section how to build authorization url is described: "REDIRECT_URI – the address to which access_token will be rendered". To resole this problem I use http:// api.vkontakte.ru/blank.html as redirect_uri, I can receive an code but after authorization I can't back to my application. It is a problem. My example:
VKontakteConnectionFactory vKontakteConnectionFactory = new VKontakteConnectionFactory(app_id, app_secret);
OAuth2Operations operations = vKontakteConnectionFactory.getOAuthOperations();
OAuth2Parameters parameters = new OAuth2Parameters();
parameters.setRedirectUri("http://api.vkontakte.ru/blank.html");
String authorazeUrl = operations.buildAuthorizeUrl(GrantType.AUTHORIZATION_CODE, parameters);
response.sendRedirect(authorazeUrl);
In vkontakte I have created on application with next parameter:
Site address: http://localhost:8080/
Base domain: localhost (in this place I can't type localhost:8080, service denies it)
I destroyed some links because I can't post so many(
If somebody knows how to do redirection to localhost or some other solution how to solve this problem, please help me.
Thanks in advance
It does not allow you to specify domain 'localhost'. It should be a kind of 'localhost.ua', 'www.mysite.com'.
This has worked for me.
I am contributor of this project and updated its wiki https://github.com/vkolodrevskiy/spring-social-vkontakte/wiki

Resources