New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Newbie question about authorization header and client.request #273
Comments
I don't understand your question. If you want to post a short example of what you are trying to do, we can try to help. There are also plenty of useful examples in the tests. Have you looked there? |
On the client side, when I'm doing a request this is what I'm doing :
on the server side I have a route
But this does not work with ness because authorization cannot be provided I have to switch from That was for the first part of my question. |
If you passed the correct authentication headers when you connected the client, those are passed on with every request automatically for you. You don't need to authenticate each request, just once when you connect. You should never use joi validation for authentication headers, that's just wrong. This is shown in the example: https://github.com/hapijs/nes#route-authentication |
Thanks, I'm aware about ness passing auth data to sub request. |
You should not use joi to validate authorization headers. You should use an auth scheme to do that. You should also not invent new ways to authenticate a request, especially one that is already authenticated via the nes connection. |
I'm using an scheme to authenticate. This scheme read my authentication token from Thanks for you help. |
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions. |
Hello,
I'm opening a new issue but I think it's directly related to closed one #38
I'm trying to implement websocket and use request on my client side. But I'm still confused about the header. request does not allow authorization for security purpose witch seems fine to me but how can I authenticate myself on the route.
According to devinivy in a comment of #38 the auth is handled automatically if already done on connection. But hapi throws an error (
child "authorization" fails because ["authorization" is required]
) because my route, when used without the websocket requires and authorization token to be present.I'm publishing an automatically generated swagger definition, so making it optional will be visible by the api's users and it's quite counter intuitive for them.
It would be great if nes would automatically fill this field if the websocket connection was authenticated. This way Joi validation would still be ok
What if I'm doing extra validation process in the authentication scheme using additional headers information and maybe async authentication against an other server. It's currently completely bypassed.
Tell me if I'm doing something wrong which could explain this behavior.
Thanks
The text was updated successfully, but these errors were encountered: