/auth is token valid gives 401 unauthorised!?

So, I found the API /auth is simple to use and that’s very encouraging.

However I then try the check token ==[get /auth] https://maidsafe.readme.io/docs/is-token-valid
and that should check if a token is valid but having fixed the code, I’m getting 401 unauthorised and wondering if that is intended.

I fixed the example code, so it does present the header as “Authorization: Bearer” and not “auth: bearer:”

var httpRequest = require('request');

var token = "abcthisistokenfromauthxyz";

var request = {
  url: 'http://localhost:8100/auth',
  Authorization: {
    Bearer: token // pass the auth token recieved from launcher
  }
};

var onResponse = function(err, response) {
  console.log(response.statusCode);
  console.log('Is token valid :', (!err && response.statusCode === 200));
};

httpRequest.get(request, onResponse);

and that with an additional line there to output the statusCode… but that suggesting 401 unauthorised.

I would suggest this is as a bug but that the description on the documentation does suggest Responses as either 200 or 401.

So, is 401 somehow correct for this function checking tokens are valid?.. Does that suggest only authorised apps check tokens!?.. I would have expected any app could throw a request to check a token.

If you are passing a garbage / invalid token then I’d expect 401, because that’s telling you the token is invalid. Have you tried passing a valid token? If so I’d expect you’ll get 200.

The common issue with these is how the token is extracted from the initial response. Notice here and here how I have to chop the token in half once I’ve unencrypted it to get the real token.

No, the example code was right for the lib they are using. Ref: https://github.com/request/request#http-authentication

At the very least, maybe those libs can give an idea on how to code it. Also, be advised, the API is not set in stone at this moment and will likely change.

2 Likes

Thanks.

The common issue with these is how the token is extracted from the initial response.

On first pass I couldn’t see a response, so tried to keep it simple and added a line into /auth post example to print what it suggests as token to the console.

So, I was expecting that the token follow correctly from this:

  // Authorisation token
  var token = response.body.token;
  console.log(token);

and then I could do the reverse in both the confirm and delete scripts.

I’ll take a closer look at the way you handle it, since the short cut I tried appears not so simple…