Invalid Token When Using Alamofire - oauth-2.0

Environment: Swift 2, iOS 9
I had rolled my own HTTP networking library. It wasn't broken but I decided to fix it and switch to Alamofire.
Here is my code snippet:
case .HTTPTokenAuth: // Token Auth
let dictionary = Locksmith.loadDataForUserAccount("Auth_Token", inService: "KeyChainService")
let token = dictionary!.valueForKey("access_token")
var aManager = Manager.sharedInstance
aManager.session.configuration.HTTPAdditionalHeaders = ["Authorization": "Bearer \(token!)" ]
aManager.request(method, requestURL!, parameters: parameters, encoding: .JSON).response { request, response, data, error in
print("===== Request ================")
print(request!.allHTTPHeaderFields!)
print("===== Response ================")
print(response!.allHeaderFields)
print("===== Error ================")
print(error)
}
The problem is that for some reason the Oauth token is not making it into the header. (At least that is what appears to be the problem as I don't see it in the Request header. I receive the following request/response:
===== Request ================
["Content-Type": "application/json"]
===== Response ================
[Content-Type: application/json,
Www-Authenticate: Bearer realm="Doorkeeper",
error="invalid_token",
error_description="The access token is invalid",
Pragma: no-cache, X-Runtime: 0.002205,
X-Powered-By: Phusion Passenger 4.0.14, X-XSS-Protection: 1; mode=block, Server: nginx/1.6.2 + Phusion Passenger 4.0.14,
Transfer-Encoding: Identity,
Cache-Control: no-store,
Date: Tue, 01 Sep 2015 18:54:16 GMT,
X-Request-Id: 395d2154-5054-423c-a7bc-f7ef85e0cdbf,
Connection: keep-alive,
X-Content-Type-Options: nosniff,
X-UA-Compatible: chrome=1,
Status: 401 Unauthorized,
X-Frame-Options: SAMEORIGIN]

I went with the simpler approach:
case .HTTPTokenAuth: // Token Auth
let dictionary = Locksmith.loadDataForUserAccount("Auth_Token", inService: "KeyChainService")
let token = dictionary!.valueForKey("access_token")
let headers = ["Authorization":"Bearer \(token!)"]
Alamofire.request(method, requestURL!, parameters: parameters, headers: headers, encoding: .JSON)
.response { request, response, data, error in
print(request!.allHTTPHeaderFields!)
print(response)
print(error)
}

Related

Alamofire stacking responses

I am using Alamofire to communicating with my API, also I am using RequestInterceptor to catch unauthorized requests or for refreshing the JWT token. When everything is going well, there is no problem at all, but in case of bad response (400,401) Alamofire tries to refresh token and send the request again. There is a strange behavior, since it fails with serialization error:
[Request]: PUT https://my.url.com/unregistered?
[Headers]:
Content-Type: application/json
[Body]:
{"name":"user16","email":"dummy#gmail.com"}
[Response]:
[Status Code]: 400
[Headers]:
Connection: keep-alive
Content-Length: 51
Content-Type: application/json
Date: Sun, 19 Sep 2021 08:13:57 GMT
Server: nginx
[Body]:
{"message": "User with same email already exists"}
{"message": "User with same email already exists"}
[Network Duration]: 0.21983695030212402s
[Serialization Duration]: 0.0001439583720639348s
[Result]: failure(Alamofire.AFError.responseSerializationFailed(reason: Alamofire.AFError.ResponseSerializationFailureReason.decodingFailed(error: Swift.DecodingError.dataCorrupted(Swift.DecodingError.Context(codingPath: [], debugDescription: "The given data was not valid JSON.", underlyingError: Optional(Error Domain=NSCocoaErrorDomain Code=3840 "Garbage at end." UserInfo={NSDebugDescription=Garbage at end.}))))))
It basically read the same answer two times and tell me that it's not a JSON serializable. I am absolutely sure that server returns only one response like JSON, what is totally strange is fact that Alamofire doing this at any time, once it get back with successfully serialized body and second time it fails on serialization. This is the code I am using:
func authorization<T: Decodable>(
_ url: String,
method: HTTPMethod = .get,
parameters: Parameters? = nil,
decoder: JSONDecoder = JSONDecoder(),
headers: HTTPHeaders? = nil,
interceptor: RequestInterceptor? = nil,
withInterceptor: Bool = false
) -> Future<T, ServerError> {
return Future({ promise in
AF.request(
url,
method: method,
parameters: parameters,
encoding: JSONEncoding.default,
headers: headers,
interceptor: withInterceptor ? self : nil
)
.validate(statusCode: [200, 401])
.responseDecodable(completionHandler: { (response: DataResponse<T, AFError>) in
print(response.debugDescription)
switch response.result {
case .success(let value):
self.saveCookies(cookies: HTTPCookieStorage.shared.cookies)
promise(.success(value))
case .failure(let error):
promise(.failure(self.createError(response: response.response, AFerror: error, AFIerror: nil, data: response.data)))
}
})
})
}
Also, I've tried adding multiple status codes to validation, nothing helps at all.
When I've used .responseString to get any thoughts I was able to see the response only once, which is strange too.

How to login to a site using POST request? (Swift,iOS)

I want to create an iOS Application that logs into a website and parses the data from several pages of that site, while maintaining the login session.This is what I have done so far. I send a GET request to retrieve the EVENTVALIDATON and VIEWSTATE parameters required for the POST request. (I looked at the POST by using 'Firebug'). When I run the following code, it gives back the same login page. But it should be giving me this page.
var parameter: Parameters = [:]
var viewstate: String = ""
var eventvalidation: String =
#IBAction func postRequest(_ sender: Any) {
Alamofire.request("https://ecampus.psgtech.ac.in/studzone/AttWfLoginPage.aspx").responseString { response in
print("\(response.result.isSuccess)")
if let html = response.result.value {
if let doc = Kanna.HTML(html: html, encoding: String.Encoding.utf8) {
// Search for nodes by CSS selector
for show in doc.css("input[id='__VIEWSTATE']") {
self.viewstate=show["value"]!
//print(show["value"] as Any)
}
for show in doc.css("input[id='__EVENTVALIDATION']") {
self.eventvalidation=show["value"]!
//print(show["value"] as Any)
}
}
}
//creating dictionary for parameters
self.parameter = ["__EVENTTARGET":"",
"__EVENTARGUMENT":"",
"__LASTFOCUS":"",
"__VIEWSTATE":self.viewstate,
"__EVENTVALIDATION":self.eventvalidation,
"rdolst":"S",
"Txtstudid":"<myrollno>",
"TxtPasswd":"<mypassword>",
"btnlogin":"Login"
]
}
Alamofire.request ("https://ecampus.psgtech.ac.in/studzone/AttWfLoginPage.aspx",method: .post, parameters: self.parameter, headers: headers).responseString { response in
print("\(response.result.isSuccess)")
print(response)
}
To be honest, I'm very new to requests and parsing data(I have finished the parsing part separately though). I did some more research and read about headers and cookies.So after checking the headers, the initial GET request by the browser has a response header of
Cache-Control : private
Content-Encoding : gzip
Content-Length : 4992
Content-Type : text/html; charset=utf-8
Date : Sun, 18 Jun 2017 14:25:50 GMT
Server : Microsoft-IIS/8.0
Set-Cookie : .ASPXAUTH=; expires=Mon, 11-Oct-1999 18:30:00 GMT; path=/; HttpOnly
Vary : Accept-Encoding
X-AspNet-Version : 4.0.30319
X-Powered-By : ASP.NET
and Request Header of
Accept : text/html,application/xhtml+xml,application/xml;q=0.9;q=0.8
Accept-Encoding : gzip, deflate, br
Accept-Language : en-US,en;q=0.5
Connection : keep-alive
Cookie : ASP.NET_SessionId=urzugt0zliwkmz3ab1fxx1ja
Host : ecampus.psgtech.ac.in
Upgrade-Insecure-Requests : 1
User-Agent : Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0`
The problem is I don't understand how a initial GET request can have a token with it. If request happens first, response should be the one containing the token? I don't know what I am doing wrong and how to get this working. I don't know if I am missing something altogether. I came here only after trying everything I could think of. Any help would be appreciated. Thank you.
EVENTVALIDATON and VIEWSTATE parameters required for the POST <--
But in your code the POST request is executed immediately after the GET request, at this point the self.parameter is empty
Alamofire has asynchronous completionHandler
Wait for the GET request to complete, and then send the POST request:
var parameter: Parameters = [:]
var viewstate: String = ""
var eventvalidation: String =
#IBAction func postRequest(_ sender: Any) {
Alamofire.request("https://ecampus.psgtech.ac.in/studzone/AttWfLoginPage.aspx").responseString { response in
print("\(response.result.isSuccess)")
if let html = response.result.value {
if let doc = Kanna.HTML(html: html, encoding: String.Encoding.utf8) {
// Search for nodes by CSS selector
for show in doc.css("input[id='__VIEWSTATE']") {
self.viewstate=show["value"]!
//print(show["value"] as Any)
}
for show in doc.css("input[id='__EVENTVALIDATION']") {
self.eventvalidation=show["value"]!
//print(show["value"] as Any)
}
}
}
//creating dictionary for parameters
self.parameter = ["__EVENTTARGET":"",
"__EVENTARGUMENT":"",
"__LASTFOCUS":"",
"__VIEWSTATE":self.viewstate,
"__EVENTVALIDATION":self.eventvalidation,
"rdolst":"S",
"Txtstudid":"15i231",
"TxtPasswd":"OpenSesame",
"btnlogin":"Login"
]
//Wait for the GET request to complete, and then send the POST request: <<==
Alamofire.request ("https://ecampus.psgtech.ac.in/studzone/AttWfLoginPage.aspx",method: .post, parameters: self.parameter, headers: headers).responseString { response in
print("\(response.result.isSuccess)")
print(response)
}
}

How to detect 304 statusCode with Alamofire

Is there a way to detect 304 Not Modified response with Alamofire 4? I find that Alamofire response.statusCode is always 200 even if server responded with 304.
Network call setup:
Alamofire
.request("http://domain.com/api/path", method: .get)
.validate(statusCode: 200..<300)
.validate(contentType: ["application/json"])
.responseJSON { response in
print(response.response?.statusCode)
}
Alamofire response header
<NSHTTPURLResponse: 0x61800003e1c0> { URL: http://domain.com/api/path } { status code: 200, headers {
"Access-Control-Allow-Headers" = "content-type, authorization";
"Access-Control-Allow-Methods" = "GET, PUT, POST, DELETE, HEAD, OPTIONS";
"Access-Control-Allow-Origin" = "*";
"Cache-Control" = "private, must-revalidate";
Connection = "keep-alive";
"Content-Type" = "application/json";
Date = "Mon, 23 Jan 2017 23:35:00 GMT";
Etag = "\"f641...cbb6\"";
"Proxy-Connection" = "Keep-alive";
Server = "nginx/1.10.1";
"Transfer-Encoding" = Identity;
} }
Server response
HTTP/1.1 304 Not Modified
Server: nginx/1.10.1
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type, authorization
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Cache-Control: private, must-revalidate
ETag: "f641...cbb6"
Date: Mon, 23 Jan 2017 23:35:00 GMT
Since NSURLSessions default behavior is to abstract from cached 304 responses by always returning 200 responses (but not actually reloading the data), I first had to change the cachingPolicy as follows:
urlRequest.cachePolicy = .reloadIgnoringCacheData
Then, I adjusted the status codes of the validate function to accept 3xx responses and handled the codes accordingly:
Alamofire.request("https://httpbin.org/get")
.validate(statusCode: 200..<400)
.responseData { response in
switch response.response?.statusCode {
case 304?:
print("304 Not Modified")
default:
switch response.result {
case .success:
print("200 Success")
case .failure:
print ("Error")
}
}
}
You can use manual response validation with Alamofire as outlined here.
Alamofire.request("https://httpbin.org/get")
.validate(statusCode: 200..<300)
.validate(contentType: ["application/json"])
.responseData { response in
switch response.result {
case .success:
print("Validation Successful")
case .failure(let error):
print(error)
}
}

Problems with JSON and Alamofire request

I am trying to send a request with the next code:
func getLogin(user: String, password: String) {
let url = URL(string: "https://www.url.es/api/login")!
let parameters: Parameters = [
"usuario" : "\(user)",
"clave" : "\(password)"]
let headers: HTTPHeaders = [
"Authorization": "Basic TOKEN"
]
Alamofire.request(url, method: .post, parameters: parameters, encoding: JSONEncoding.default, headers: headers).validate()
.responseJSON { response in
print("repuesta")
print(response.request as Any) // original URL request
print(response.response as Any) // URL response
print(response.result.value as Any) // result of response serialization
debugPrint(response)
}
}
But I am getting this response:
[Request]: https://www.url.es/api/login
[Response]: <NSHTTPURLResponse: 0x608000220b40> { URL: https://www.url.es/api/login } { status code: 401, headers {
"Cache-Control" = "no-cache";
"Content-Length" = 28;
"Content-Type" = "text/plain; charset=utf-8";
Date = "Mon, 16 Jan 2017 20:44:14 GMT";
Expires = "-1";
Pragma = "no-cache";
Server = "Microsoft-IIS/8.5";
"Www-Authenticate" = Bearer;
"X-AspNet-Version" = "4.0.30319";
"X-Powered-By" = "ASP.NET";
} }
[Data]: 28 bytes
[Result]: FAILURE: responseValidationFailed(Alamofire.AFError.ResponseValidationFailureReason.unacceptableStatusCode(401))
[Timeline]: Timeline: { "Request Start Time": 506292395.911, "Initial Response Time": 506292396.351, "Request Completed Time": 506292396.352, "Serialization Completed Time": 506292396.353, "Latency": 0.440 secs, "Request Duration": 0.441 secs, "Serialization Duration": 0.000 secs, "Total Duration": 0.441 secs }
I am sending the request with paw http client and the response is ok.
I am working with swift3, alamofire 4 and iOS10
According to the response you have there it looks like your username and password is incorrect. Try printing the parameters dictionary to make sure it is correct. Something that can happen sometimes is if you forget to unwrap an optional value it will still get sent. For example
let optionalString:String? = "blablabla"
print(optionalString) //prints: Optional(blablabla)
Edit:
Another thing I noticed is you set the encoding to JSON but the header Content Type is PlainText. Try setting the encoding to URLEncoding.default and make sure the headers are set appropriately for what the server is expecting.

Handle non-JSON response from POST request with Alamofire

I'm using Alamofire 3 and the end point I'm calling (I don't own the server) accepts a POST request and returns HTML as a response.
I am able to get the HTML response when using curl in the command line, however Alamofire doesn't return the response body, but only the header.
This is my code:
let headers = [
"Referer": "SOMEURL"
]
Alamofire.request(.POST, url, headers: headers)
.validate()
.response { request, response, data, error in
// do something with response
}
response is:
Optional(<NSHTTPURLResponse: 0x7f9ba3759760> { URL: SOMEURL } { status code: 200, headers {
Connection = "keep-alive";
"Content-Encoding" = gzip;
"Content-Type" = "text/html";
Date = "Thu, 22 Sep 2016 15:19:20 GMT";
Server = nginx;
"Transfer-Encoding" = Identity;
Vary = "Accept-Encoding";
} })
and data is:
Optional<NSData>
- Some : <>
Any thoughts?

Resources