I'm working on a simple Flutter mobile app that needs to call out to an API that uses Basic Auth.
I can hit the API in Postman using email & password credentials and it encodes the email & password in Base64 (I assume with a ":" separating) before performing the request.
I'm not sure how to do this in Flutter / Dart...
I've tinkered with the http package and tried to do the Base64 encoding... but I just get back errors from the server.
Can anyone provide some guidance or an example for a basic auth request?
Assuming that your server expects that the username:password combo will be encode it UTF-8 (see RFC 7617 for more details) then use this:
import 'dart:convert';
import 'package:http/http.dart';
main() async {
String username = 'test';
String password = '123£';
String basicAuth =
'Basic ' + base64.encode(utf8.encode('$username:$password'));
print(basicAuth);
Response r = await get(Uri.parse('https://api.somewhere.io'),
headers: <String, String>{'authorization': basicAuth});
print(r.statusCode);
print(r.body);
}
I know it's late but I am posting this if it can help others.
import 'dart:convert';
var auth = 'Basic '+base64Encode(utf8.encode('$username:$password'));
Future<Response> callAPI(param) async {
await dio.post('/api/test',
data: {'param': param},
options: Options(headers: <String, String>{'authorization': auth}));
}
Related
I'm trying to call an api from flutter but i keep getting 401 Unauthorized. According to the api documentation it uses basic authentiocation and is UTF-8 encoded. The username and password is provided by the docs and if try the api in a web browser and enter those credentials it goes through and i recieve the data. This is the code i'm using in flutter:
Future<void> requestData() async {
String username = 'abc';
String password = '123';
String basicAuth = 'Basic ' + base64Encode(utf8.encode('$username:$password'));
Response r = await get(
Uri.parse('http://api.example.com'),
headers: {
HttpHeaders.authorizationHeader: basicAuth,
});
print(r.body);
print(r.statusCode);
}
I've also tried this variation which gave the same result:
headers: <String, String>{
'authorization': basicAuth
}
Seeing as the username and password are correct there must be something wrong with how i make the call, but i've tried to do it a bunch of different ways and nothing works. Any help would be greatly appreciated!
As per my experience, there is no need of token or basic auth while doing login. And login is post method not get.
Turns out the documentation i read was outdated/incorrect. The api uses "Digest authentication" which i looked up and was able to implement. This is the code if anyone is interested:
import 'package:http/http.dart';
import 'package:http_auth/http_auth.dart';
...
Response res = await DigestAuthClient("USERNAME", "PASSWORD")
.get(Uri.parse("API_URL")).timeout(const Duration(seconds: 20));
I'm trying to upload a video file to GCS using a pre-signed url. I've managed to create the url via Google but now I am facing a problem using it.
Upload works in Postman, got response 200.
postman body, postman params
Code copied from Postman results in 403 Forbidden (SignatureDoesNotMatch):
Future<http.StreamedResponse> uploadVideo(
{required String uploadURL, required String filePath}) async {
var headers = {'Content-Type': 'application/octet-stream'};
var request = http.MultipartRequest('PUT', Uri.parse(uploadURL));
request.files.add(await http.MultipartFile.fromPath('file', filePath));
request.headers.addAll(headers);
http.StreamedResponse response = await request.send();
if (response.statusCode == 200) {
print(await response.stream.bytesToString());
} else {
print(response.reasonPhrase);
}
return response;
}
This is the error I am getting from Google:
<?xml version='1.0' encoding='UTF-8'?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message><StringToSign>GOOG4-RSA-SHA256
20210803T082850Z
20210803/auto/storage/goog4_request
6d513846a3db49f949b0d2eea8f04b90f918b3b94588c3ed55ed3620b7d7e1f6</StringToSign><CanonicalRequest>PUT
/phonedo-interviews/app-test/007/2.mp4
X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=interviews%40interviews-317011.iam.gserviceaccount.com%2F20210803%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20210803T082850Z&X-Goog-Expires=900&X-Goog-SignedHeaders=content-type%3Bhost
content-type:multipart/form-data; boundary=dart-http-boundary-6w1yq6BQN3EkGBrhHZnwidOXZsBecsgSwTT3nBjB9vQCToHt0cg
host:storage.googleapis.com
content-type;host
UNSIGNED-PAYLOAD</CanonicalRequest></Error>
Note: I needed Content-Type to be application/octet-stream so I disabled that header in Postman's automatic headers and added Content-Type manually. When I didn't do that I also got 403.
The solution was to send the file in binary.
Here is the working code:
Future<http.Response> uploadVideo(
{required String uploadURL, required String filePath}) async {
var response = await http.put(
Uri.parse(uploadURL),
headers: {'content-type': 'application/octet-stream'},
body: File(filePath).readAsBytesSync(),
);
In your Postman headers, a Token is given to GCS (first line). Given that you need authorization, Postman probably has this Token saved somewhere application-wise.
In this flutter code, the headers you're giving do not include an Auth token and therefore you're receiving a 403 error.
I am using the oauth2_client package for flutter, connecting to the Coinbase API via OAuth 2.0.
From what I can tell, Coinbase uses the code flow for authentication. This is the same as Github. This is important to note because I can successfully auth into Github using the oauth2_client package for flutter.
To connect to Github I used the existing client:
import 'package:oauth2_client/oauth2_client.dart';
import 'package:meta/meta.dart';
/// Implements an OAuth2 client against GitHub
///
/// In order to use this client you need to first create a new OAuth2 App in the GittHub Developer Settings (https://github.com/settings/developers)
///
class GitHubOAuth2Client extends OAuth2Client {
GitHubOAuth2Client(
{#required String redirectUri, #required String customUriScheme})
: super(
authorizeUrl: 'https://github.com/login/oauth/authorize',
tokenUrl: 'https://github.com/login/oauth/access_token',
redirectUri: redirectUri,
customUriScheme: customUriScheme) {
accessTokenRequestHeaders = {'Accept': 'application/json'};
}
}
Then I created a method to call within the app:
void _oauthMethod() async {
//clientID
String cID = 'x';
//clientSecret
String cSecret = 'y';
OAuth2Client client = GitHubOAuth2Client(
redirectUri: 'my.app://oauth2redirect', customUriScheme: 'my.app');
AccessTokenResponse tknResp = await client.getTokenWithAuthCodeFlow(
clientId: cID, clientSecret: cSecret, scopes: ['repo']);
http.Response resp = await http.get('https://api.github.com/user/repos',
headers: {'Authorization': 'Bearer ' + tknResp.accessToken});
}
Calling this function brings up the OAuth page for Github, I can sign in, and if I print resp it shows a list of my repos. As expected.
Using the same method for Coinbase, I first create the new class:
class MyOAuth2Client extends OAuth2Client {
MyOAuth2Client(
{#required String redirectUri, #required String customUriScheme})
: super(
authorizeUrl:
'https://www.coinbase.com/oauth/authorize', //Your service's authorization url
tokenUrl:
'https://api.coinbase.com/oauth/token', //Your service access token url
redirectUri: redirectUri,
customUriScheme: customUriScheme) {
this.accessTokenRequestHeaders = {'Accept': 'application/json'};
}
}
Then I create the method to call:
void _coinbaseAuth() async {
String cID = 'x';
String cSecret = 'y';
MyOAuth2Client client = MyOAuth2Client(
redirectUri: 'my.app://oauth2redirect', customUriScheme: 'my.app');
AccessTokenResponse tknResp = await client.getTokenWithAuthCodeFlow(
clientId: cID, clientSecret: cSecret, scopes: ['wallet:user:read']);
print(tknResp);
//code fails
//http.Response resp =
// await http.get('https://api.coinbase.com/v2/user', headers: {
// 'Authorization': 'Bearer ' + tknResp.accessToken,
// 'Content-Type': 'application/json',
// 'Charset': 'utf-8'
// });
}
I can't run the http.Response part, because it is filled with nulls. The tknResp prints:
HTTP 401 - invalid_grant The provided authorization grant is invalid,
expired, revoked, does not match the redirection URI used in the
authorization request, or was issued to another client.
I have tried creating a new OAuth application in Coinbase, however this doesn't work.
Does anyone know why I'm getting this error? It's confusing for me as the code worked with Github using the exact same OAuth flow.
I tested the auth flow manually using postman, which enabled me to get the token.
After some testing, I was able to get the token with the dart package by adding the extra auth code params & disabling PKCE
AccessTokenResponse tknResp = await client.getTokenWithAuthCodeFlow(
clientId: cID,
clientSecret: cSecret,
scopes: ["wallet:user:read"],
authCodeParams: {
"grant_type": "authorization_code",
"redirect_uri": "my.app://oauth2redirect"
},
enablePKCE: false,
state: 'OYWjs_95M6jlkvy5');
hi in my case i have problems in the get token with duplicate oauth of coinbase with my app to text.
error "invalid_grant"
To solve, I went to the test account and navigate to the activities section and click x (x) to log out and intend again.
Also applies to other oauth 2
thanks
In my flutter app I would like to implement basic authentication. The project is like user need to login to the app, after the login they have to give a test. After successful login using Django knox authentication(a token is generated for login) when the Test page comes, Basic authentication need to implement.
Here is the following code snippet.
import 'package:http/http.dart' as http;
import 'dart:convert';
Future TestAPI(String question1, String question2, String question3, String question4) async{
String url = 'https://someapi.com/api/test/';
String username = "myusername";
String password = "mypassword";
String basicAuth =
'Basic ' + base64Encode(utf8.encode('$username:$password'));
var response = await http.post(url,
headers: {
"Content-type": "application/json",
"Authorization": basicAuth
},
body: jsonEncode(
{
"question1":question1,
"question2":question2,
"question3":question3,
"question4":question4,
}
)
);
var convertedDataToJson = json.decode(response.body);
return convertedDataToJson;
I want to use dynamic username and password. How can I implement the logic??
I have gone through this logic but this is not what I am looking for. Can anyone help to solve this problem?
I'm a couple of weeks into my Flutter journey. I have looked at a few tutorials on using a web service and returning data, but am unsure of a couple of things and how to apply to my web services.
I have completed my web app (written in Elevate Web Builder) and also my server side modules acting as my web services. Inside my web app I call the web service using a server request and the following parameters:
Params : Key and value pairs - used to pass authorization info
eg:
Params.Values['userid'] := 'test'
Params.Values['password'] := 'test-Password'
RequestHeaders - used to specify the content type
eg:
RequestHeaders.Values['Content-Type'] := 'text/plain'
RequestContent : Key and value pairs - used to send values to specify what to retrieve or what to save into the database
eg:
RequestContent.Values['webService'] := 'Get_StaffList'
RequestContent.Values['CompanyId'] := '123'
RequestContent.Values['OnlyActive'] := 'Y'
The Params are specified as URL parameters, but I'm not sure where I specify the RequestHeaders and RequestContent?
I have tried sending RequestHeaders and RequestContent as:
http.post('https://...', headers: {'Content-Type': 'text/plain',
'webService': 'Get_StaffList',
'CompanyId': '123',
'OnlyActive': 'Y'
});
but this didn't work. Any ideas how it should be sent in Flutter?
Thanks heaps,
Paul
Here is an example
String server = "http://localhost:8008";
userSearch(String accessToken, String searchTerm) async {
String url = server + "/_matrix/client/r0/user_directory/search";
Map<String, String> headers = {"content-type": "application/json", "authorization": "Bearer $accessToken"};
String body = jsonEncode({"search_term": searchTerm});
Response response = await post(url, headers: headers, body: body);
UserSearchObj users = UserSearchObj.fromJson(jsonDecode(response.body));
return users;
}
I just thought I'd let you know I got it working. I took what you suggested and looked at what the web service was receiving from the web app. Then modified the code in Flutter to send the data in the same format. This now works:
final response = await http.post(
Uri.encodeFull('http://mobileuser.pvapps.one:82/modules/rmo_daMLogin'),
headers: {'Content-Type': 'text/plain'},
body: 'rmoService=User_Login\n'
'UserId=fred\n'
'Password=abc123');
Thanks again for the help,
Paul