Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Basic Authentication Using JavaScript

Tags:

I am building an application that consumes the Caspio API. I am having some trouble authenticating against their API. I have spent 2-3 days trying to figure this out but it may be due to some understanding on my end. I have read countless articles on stackoverflow post and otherwise but have not solved the issue. Below is a code example of my solution based on what i have looked at and i am getting a 400 Status code message; What am i doing wrong here? (Please provide well commented code example and i would prefer to NOT have links posted here referencing other material as i have looked at these extensively. Thanks!):

Some references i have looked at:

1) Pure JavaScript code for HTTP Basic Authentication?

2) How to make http authentication in REST API call from javascript

I would like to use this authentication method as described by caspio below:

As an alternative to including credentials in the request body, a client can use the HTTP Basic authentication scheme. In this case, authentication request will be setup in the following way:

Method: POST

URL: Your token endpoint

Body: grant_type=client_credentials

Header parameter:

Authorization: Basic Basic authentication realm

Below are my Javascript and HTML code.

JavaScript:

var userName = "clientID"; var passWord = "secretKey";  function authenticateUser(user, password) {     var token = user + ":" + password;      // Should i be encoding this value????? does it matter???     // Base64 Encoding -> btoa     var hash = btoa(token);       return "Basic " + hash; }  function CallWebAPI() {      // New XMLHTTPRequest     var request = new XMLHttpRequest();     request.open("POST", "https://xxx123.caspio.com/oauth/token", false);     request.setRequestHeader("Authorization", authenticateUser(userName, passWord));       request.send();     // view request status     alert(request.status);     response.innerHTML = request.responseText; } 

HTML:

<div> <div id="response">  </div> <input type="button" class="btn btn-primary" value="Call Web API" onclick="javascript:CallWebAPI();" /> 

like image 521
Rex Charles Avatar asked Jan 18 '16 17:01

Rex Charles


People also ask

How do you authenticate in JavaScript?

To setup Authentication, the user needs to configure OAuth 2.0 ID in JavaScript and the backend code. 5. JavaScript application uses client ID to obtain the Google ID token from OAuth 2.0 server and send ID in the request.

How do you pass credentials in JavaScript?

With basic auth, you include an Authorization property on the headers key in the options object with the fetch() method. For it's value, you use the following pattern: Basic USERNAME:PASSWORD . The username and password need to be base64 encoded, which we can do with the window. btoa() method.

What is basic authentication example?

Basic Auth: The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.


2 Answers

After Spending quite a bit of time looking into this, i came up with the solution for this; In this solution i am not using the Basic authentication but instead went with the oAuth authentication protocol. But to use Basic authentication you should be able to specify this in the "setHeaderRequest" with minimal changes to the rest of the code example. I hope this will be able to help someone else in the future:

var token_ // variable will store the token var userName = "clientID"; // app clientID var passWord = "secretKey"; // app clientSecret var caspioTokenUrl = "https://xxx123.caspio.com/oauth/token"; // Your application token endpoint   var request = new XMLHttpRequest();   function getToken(url, clientID, clientSecret) {     var key;                request.open("POST", url, true);      request.setRequestHeader("Content-type", "application/json");     request.send("grant_type=client_credentials&client_id="+clientID+"&"+"client_secret="+clientSecret); // specify the credentials to receive the token on request     request.onreadystatechange = function () {         if (request.readyState == request.DONE) {             var response = request.responseText;             var obj = JSON.parse(response);              key = obj.access_token; //store the value of the accesstoken             token_ = key; // store token in your global variable "token_" or you could simply return the value of the access token from the function         }     } } // Get the token getToken(caspioTokenUrl, userName, passWord); 

If you are using the Caspio REST API on some request it may be imperative that you to encode the paramaters for certain request to your endpoint; see the Caspio documentation on this issue;

NOTE: encodedParams is NOT used in this example but was used in my solution.

Now that you have the token stored from the token endpoint you should be able to successfully authenticate for subsequent request from the caspio resource endpoint for your application

function CallWebAPI() {     var request_ = new XMLHttpRequest();             var encodedParams = encodeURIComponent(params);     request_.open("GET", "https://xxx123.caspio.com/rest/v1/tables/", true);     request_.setRequestHeader("Authorization", "Bearer "+ token_);     request_.send();     request_.onreadystatechange = function () {         if (request_.readyState == 4 && request_.status == 200) {             var response = request_.responseText;             var obj = JSON.parse(response);              // handle data as needed...           }     } }  

This solution does only considers how to successfully make the authenticated request using the Caspio API in pure javascript. There are still many flaws i am sure...

like image 193
Rex Charles Avatar answered Sep 21 '22 08:09

Rex Charles


Today we use Bearer token more often that Basic Authentication but if you want to have Basic Authentication first to get Bearer token then there is a couple ways:

const request = new XMLHttpRequest(); request.open('GET', url, false, username,password) request.onreadystatechange = function() {         // D some business logics here if you receive return    if(request.readyState === 4 && request.status === 200) {        console.log(request.responseText);    } } request.send() 

Full syntax is here

Second Approach using Ajax:

$.ajax ({   type: "GET",   url: "abc.xyz",   dataType: 'json',   async: false,   username: "username",   password: "password",   data: '{ "key":"sample" }',   success: function (){     alert('Thanks for your up vote!');   } }); 

Hopefully, this provides you a hint where to start API calls with JS. In Frameworks like Angular, React, etc there are more powerful ways to make API call with Basic Authentication or Oauth Authentication. Just explore it.

like image 43
V.Tran Avatar answered Sep 21 '22 08:09

V.Tran