Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add access token usage documentation #186

Open
amit-a-lx opened this issue Aug 7, 2024 · 0 comments
Open

Add access token usage documentation #186

amit-a-lx opened this issue Aug 7, 2024 · 0 comments

Comments

@amit-a-lx
Copy link

I want to use the withAuthentication middle in my app to authenticate user requests submitted with tenant API tokens.

There is no documentation about how the client id and secret should be added to the requests.

I looked at the source code and saw this common format:

      const buffer = new Buffer(`${clientId}:${apiKey}`);
      const buffer = Buffer.from(`${clientId}:${apiKey}`);
      this._authorizationHeader = `Basic ${buffer.toString('base64')}`;

But when I try to submit such request authenticate fails.

How to reproduce

create a simple express js app:

app.ts

import express from "express";

import { withAuthentication, FronteggContext } from "@frontegg/client";

FronteggContext.init({
  FRONTEGG_CLIENT_ID: "<vendor client id>",  // from here: https://docs.frontegg.com/reference/getting-started-with-frontegg-apis#performing-your-first-api-call
  FRONTEGG_API_KEY: "<vendor api key>",
});

const app = express();
const port = 5001;

// This route can now only be accessed by authenticated users
app.use('/', withAuthentication(), (req, res, next) => {
  // Authenticated user data will be available on the req.frontegg object
  // @ts-ignore
  console.log(`JSON.stringify(req.frontegg): ${JSON.stringify(req.frontegg)}`)
  res.status(200);
  next()
});

app.get("/", (req, res) => {
  res.send("Hello, TypeScript Node Express!");
});

app.listen(port, () => {
  console.log(`Server is running on port ${port}`);
});

start the server.

Then run the following script to see that different requests fail:

script.ts

import axios from "axios"

const tenantApiTokenId = "token id"
const tenantApiTokenSecret = "token secret"

// all the following requests fail:

const main = async () => {

const res1 = await axios({
        url: "http://localhost:5001",
        method: "get",
        validateStatus: null,
        headers: {
            'x-api-key': `Basic ${Buffer.from(`${tenantApiTokenId}:${tenantApiTokenSecret}`).toString('base64')}`
        }
})

const res2 = await axios({
        url: "http://localhost:5001",
        method: "get",
        validateStatus: null,
        headers: {
            authorization: `Basic ${Buffer.from(`${tenantApiTokenId}:${tenantApiTokenSecret}`).toString('base64')}`
        }
})

}

(async () => {
    try {
        await main();
    } catch (e) {
        console.error(e);
        throw e;
    }
})()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@amit-a-lx