Basic authentication calls


#1

Hello,
i would like to call a web api
(especially the Diigo service)

and I’d like different diigo user to be able to use my api.

The problem is that the diigo service use a basic authentication api, so I need the user to give me it’s key (or to create it on the fly) and to send a header like this:

Authorization: basic Y293YWJvbzpQYXNzd29yZCA0IGNvd2Fib29=

SO I added to my remote web service call a header with name “Authorization”, value empty and checked the “Pass From Client”

When I pass it from the client it acts as if I don’t give any value (if i put a value hard coded in the header definition it works)…

Any idea why this specific header doesn’t work although other simpler headers work ?


#2

We have a few ideas on how to make this work. Will all of your Diigo users also be authenticated users on your DSP, or are you using Guest Access?


#3

At first, they should be guest on my dsp…

(but if you have an idea on how to make it work if they are authenticated I am interested :slight_smile:


Basic HTTP Authentication
#4

We made a change to allow auth headers from the client to be passed through to the remote web service.

Here is the file you need to edit:

/vendor/dreamfactory/lib-php-common-platform/src/Services/RemoteWebSvc.php

Here is the change:

https://github.com/dreamfactorysoftware/lib-php-common-platform/commit/db0a939a0861807c1ce769b3e47f06ec5400774e

To get this to work, add a header named “Authorization” to your remote web service config in the Services section of the DSP admin console. Check the box ‘Pass from client.’ This means that the header value sent to the remote web service will be taken from the incoming request from the client. If no incoming value is found, it will use whatever value you type in the service config for the Authorization header. In your case you can just leave the value blank there. Give this a try and let us know how it goes.


#5

By the way, this will work for both guest users and DSP-authenticated users, as the DSP’s authentication does not interfere with the Authentication: Basic HTTP header at all.