Hi,
I’ve upgraded to 1.9 - I was hoping to allow users to authenticate without recreating a session_id -
However when I try to send a request to the API with basic authentication, it only works with a session_id added to the header , otherwise I get a "“There is no valid session for the current request.” error- am I doing something wrong?
I have tested using basic HTTP auth to make a simple API call. Here is my request:
GET https://dsp.domain.com/rest/db/Table
Headers:
Authorization: Basic dXNlckBkb21haW4uY29tOnBhc3N3b3Jk
X-DreamFactory-Application-Name: mysql
Response:
{"record":[{"id":1,"Column":"column zero"},{"id":2,"Column":"column one"}]}
Proof that this user/browser did not have a valid session at the time:
GET https://dsp.domain.com/rest/user/session
Headers:
Authorization: Basic dXNlckBkb21haW4uY29tOnBhc3N3b3Jk
X-DreamFactory-Application-Name: mysql
Response:
{"error":[{"context":null,"message":"There is no valid session for the current request.","code":401}]}
Using my successful call as a model, see if you can work it out. If not, please post your full request and response (obfuscate or remove your hashed credentials).
I’m attaching the request info:
http://c**********f5.cloudapp.net:80/rest/C********d/Order_Decisions_p?filter=ID%3D50001&SHOP_ID%3D1028
HEADERS:
Accept: /
Accept-Encoding: gzip, deflate
Authorization: Basic aWthQHBh*********************MjM0
User-Agent: runscope/0.1
X-Dreamfactory-Application-Name: cd
RESPONSE:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: application/json; charset=utf-8
Date: Tue, 10 Feb 2015 10:17:39 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Server: Apache
Set-Cookie: PHPSESSID=1c69l1j2159v434p5fiibr1lj2; path=/
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/5.4.36
BODY view raw
{
“error”: [
{
“context”: null,
“message”: “There is no valid session for the current request.”,
“code”: 401
}
]
This request works as soon as I add the session id for the user in the header.
I’ve coded and decoded the authorization string to double check it is correct for the username / password.
I’ve still been unable to get basic authorization to work too…
You cannot drop into HTTP Basic auth if you already have an established session_id. Try using basic auth with a user that’s not also a user with a currently active session. DSP prioritizes the checking of credentials/sessions in this order, and will not drop to a lower tier if a higher tier is active: