Basic authentication calls

stadja · January 30, 2015, 3:44pm

Hello,
i would like to call a web api
(especially the Diigo service)

and I’d like different diigo user to be able to use my api.

The problem is that the diigo service use a basic authentication api, so I need the user to give me it’s key (or to create it on the fly) and to send a header like this:

Authorization: basic Y293YWJvbzpQYXNzd29yZCA0IGNvd2Fib29=

SO I added to my remote web service call a header with name “Authorization”, value empty and checked the “Pass From Client”

When I pass it from the client it acts as if I don’t give any value (if i put a value hard coded in the header definition it works)…

Any idea why this specific header doesn’t work although other simpler headers work ?

jeffreystables · February 4, 2015, 8:52pm

We have a few ideas on how to make this work. Will all of your Diigo users also be authenticated users on your DSP, or are you using Guest Access?

stadja · February 4, 2015, 9:51pm

At first, they should be guest on my dsp…

(but if you have an idea on how to make it work if they are authenticated I am interested

toddappleton · February 5, 2015, 7:13pm

We made a change to allow auth headers from the client to be passed through to the remote web service.

Here is the file you need to edit:

/vendor/dreamfactory/lib-php-common-platform/src/Services/RemoteWebSvc.php

Here is the change:

https://github.com/dreamfactorysoftware/lib-php-common-platform/commit/db0a939a0861807c1ce769b3e47f06ec5400774e

To get this to work, add a header named “Authorization” to your remote web service config in the Services section of the DSP admin console. Check the box ‘Pass from client.’ This means that the header value sent to the remote web service will be taken from the incoming request from the client. If no incoming value is found, it will use whatever value you type in the service config for the Authorization header. In your case you can just leave the value blank there. Give this a try and let us know how it goes.

jeffreystables · February 5, 2015, 8:39pm

By the way, this will work for both guest users and DSP-authenticated users, as the DSP’s authentication does not interfere with the Authentication: Basic HTTP header at all.

Topic		Replies	Views
v2.0 Remote Web Service - headers not passed across Connecting to Web Services	11	6392	March 3, 2016
Basic HTTP Authentication Authentication & Security	1	2247	September 22, 2015
How to stop dreamfactory to interpret Authorization Bearer header in case of remote web service GET request? Connecting to Web Services	6	6401	February 14, 2017
Remote Web Service and Headers REST API	12	4466	August 31, 2015
Access to http headers from web services response Connecting to Web Services community	3	3057	September 29, 2016

Basic authentication calls

Related topics