I keep getting this error when I make a request to an api. The api requires authentication and for this I add valid OAuth token to the header of the request. When I do that I receive a 200 response so all is good.
But I want to test my code to handle a 401 response code. To do this I add a invalid OAuth token to the request. I was expecting the server to just send a 401 response code but instead I got an error from my callback. The error is NSURLErrorDomain Code=-1012, and after looking online it turns out this is a authentication error.
I was expecting the server to just send a 401 back? Instead I'm getting a error in my callback. Is there something wrong with my server or my request?
Thanks for the replies...
I think maybe you need to establish your NSURLConnection with a delegate to handle this the way you want to.
I was using charles proxy and that was the reason I saw this error. When I stopped using the proxy it worked like a charm.
P.s. I've not tested this with NSURLSession but if anyone is curious just add a comment! :)
Related
I am calling an api with AFNetworking, It is working fine with HTTP request but when I am trying to hit with secure connection HTTPS, it returns the error code -999 "cancelled".
I know there any already many question for this error and it happens with the request is cancelled but my case is different. I am using the same request code for both HTTP and HTTPS.
I tried following things:-
1. Add arbitrary load to true in info.plist
2. Allowed invalid certificate with AFNetworking
Do anyone have any idea about this?
Thanks in advance
I am using the Alamofire 4.0.1 library in swift 3; I am looking for the HTTP Status-Line (as described in https://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html). I can get the status code, the headers, everything, but not the status message.
I am querying a REST API which gives me 403 responses with different messages after the "Forbidden" keyword describing the problem: like the client is not approved for access or that accessing an specific URL is not allowed, because it is for internal use only. In my client accessing the API I want to give the user more details than just the "Forbidden" message.
This is what the server sends back (I know this because I used Paw, a HTTP Client to send a HTTP request and investigate the response):
HTTP/1.0 403 Forbidden (internal method)
So to conclude, is there any chance to get the HTTP Status-Line in Alamofire?
Unfortunately no
Alamofire uses the URLResponse and it does not implement any field/method that gives you information about Status-Line. To get the Status-Line you should use other maybe lower-level frameworks.
URLResponse gives you only information about allHeaderFields, you can look on my answer about it here :
https://stackoverflow.com/a/36524454/5433235
I have an API which validates a user and I don't know what to return to my iOS application when authentication is and isn't successful. I'm currently returning a 401 error for failed authentication, but how should I tell my iOS application that authentication was successful?
You could use an HTTP 200, which indicates the request was OK without problems. You could also potentially use 201 to indicate a new session has been created.
For explanations on HTTP status codes, please see Wikipedia's list of HTTP status codes
I have been trying with the simple REST Client as well as the REST Plugin for Mozilla. I am getting
"HTTP/1.1 401 Unauthorized" response with
"{"error":"unauthorized_client","error_description":"the client is not authorized"}" in the body.
I have been successful in getting the auth code, and the below is the POST request for access token, (Scope is r_fullprofile)
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AQTQeBxBzbU2aNWaQM6Ff3Z3bUd8Gyg10W9G2DdqXgWiP0q7-M55c5PLtppP7Ni3Y-6A9C8yDkj9K4VfJ7QkRUFjuV-3AknA5jAahpsFJv3wYfr8XD8&redirect_uri=https://www.google.com&client_id=75wl6j5zndvfkp&client_secret=secret
The redirect_uri=https://www.google.com is the one used for getting auth code as well.
Do we need to perform any URL encoding before making the POST request?
When I log into the linked in to my app, it has the below tokens,
OAuth User Token: c3ae4cee-1b23-xxx-9d2a-206f578dee4d
OAuth User Secret: 76bc48cc-c94f-xxx-bf9d-a663f7003383
I am not sure where it is used. we are using API & secret key to get auth code.
Thanks in Advance.
This is a 2-step process.
First, go to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=YOUR-API-ID&scope=r_basicprofile&state=STATE&redirect_uri=YOUR-ENCODED-REDIRECT-URI
Then, within 10 secs of receiving the response, go to:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&redirect_uri=YOUR-ENCODED-REDIRECT-URI&client_id=YOUR-API-ID&client_secret=YOUR-API-ID&code=THE-CODE-OBTAINED-IN-FIRST-STEP
The response of the second request will have the actual access token you need to use.
When I followed the two steps I faced an issue where I got an error as
{"errorCode":0,"message":"Access to posting shares denied","requestId":"TYWULO2WPZ","status":403,"timestamp":1497353538016}
So I had to remove the &scope=r_basicprofile since it was preventing reading all the Default Application Permissions
I faced a similar problem and the problem was with the initial authorization code. You should mention the scope=rw_company_admin or whatever it is that you want to authorize to while doing the initial redirect URL call. Something like this -
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=your_client_id&redirect_uri=https%3A%2F%2Fwww.google.com/&state=12345&scope=rw_company_admin%20r_emailaddress%20w_share%20r_basicprofile
I know same question has been asked many times but even after following each and every post as well trying various suggestions, I am still facing invalid_request error.
I am able to get code successfully from Google API and when I am trying to access accessToken , I am getting this error and HTTP code being sent from Google API is 400.
I have already tried and compared my data with oauthplayground and seems everything is same
Following data is being sent from my Application to Google API
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
Access Token URL
https://accounts.google.com/o/oauth2/token?
scope=openid+profile+email
&client_secret=***********
&grant_type=authorization_code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&code=4%2F8veoAnihzkao58oWvZaRShn5nhYg.0to7Or-lHPwRXE-sT2ZLcbTblHXFhgI
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
But When Application is trying to fetch data over the network, I am getting exception
SEVERE: Error while fetching access token for Google..
OAuthProblemException{error='invalid_request', description='null', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
I am using URLConnectionClient to establish network connection
Go through the OAuth flow using the OAuth playground https://developers.google.com/oauthplayground/.
Then compare what is being sent with your own.
Note that it needs to be an HTTP POST. The code you posted looks like a GET.
Also, your redirect URL looks a little odd. Is that exactly the same URL that you registered in the API console? This is isn't your current error, but will probably become your next one ;-)
It seems that you forgot to send 'state' parameter here (it is mandatory!):
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
In Java code you can generate it in a way like this:
String state = new BigInteger(130, new SecureRandom()).toString(32);
So you request should look like this:
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
&state= {insert_here_generated_state}
And also I don't know if it is necessary to send a 'scope' parameter in "Access Token URL".