0

I followed this Laravel token API tutorial: http://rjv.im/post/95988160186/api-token-authentication-with-laravel-and-sentry-part. I have written the following cURL request to communicate with my API:

curl -H "X-Auth-Token:tokenhere" http://localhost:8000/account

The request works properly, and accurately returns the expected data. When I translate this to Python I receive urllib2.HTTPError: HTTP Error 401: Unauthorized

import urllib2
req = urllib2.Request('http://localhost:8000/account')
req.add_header("X-Auth-Token", "tokenhere")
resp = urllib2.urlopen(req)
content = resp.read()
print content

If I pass user credentials using basic auth instead of an X-Auth-Token, the request works as expected:

import urllib2

def basic_authorization(user, password):
    s = user + ":" + password
    return "Basic " + s.encode("base64").rstrip()

req = urllib2.Request("http://localhost:8000/account", headers = { "Authorization": basic_authorization("usernameHere", "passwordHere"), })

f = urllib2.urlopen(req)

print f.read()

Any assistance would be much appreciated.

Improve this question
3
  • First, how are you parsing the X-Auth-Token header on the server side? Because normally, headers are sent with a space after the colon—that's how curl is going to send all the rest of your headers, and how urllib2 is going to send all of the headers, including the one you added. If your server is actually expecting 'X-Auth-Token:tokenhere' and rejecting 'X-Auth-Token: tokenhere', that's a bug that you need to fix on the server side. Commented Nov 21, 2014 at 22:38
  • Second, in order to debug this, you need to first look at what you're sending that's different. Can you get your server to log the complete request so you can compare them? Or view them in Wireshark? Or just run something like nc -kl 8000 instead of your server, and watch what it prints out when your curl command and Python program try to talk to it? Commented Nov 21, 2014 at 22:39
  • Finally, most auth-token mechanisms have a TTL/expiration/etc. Does the curl command work even right after the Python script failed, or did it just work in the past? Commented Nov 21, 2014 at 22:42

1 Answer 1

Reset to default
1

There is something you missed in the tutorial. In the tokens table there is a column:

$table->string('client');

It is important from which client you are sending your request. I am using https://github.com/hisorange/browser-detect to detect from which client I got the request.

But for now I will just try to see User Agent. In my laravel code I just logged every request to see what's happening with the following code:

Route::filter('auth.token', function($route, $request)
{
....

  Log::info($request);

....
}

Now, Let's see:

When I use curl from command line:

curl -u [email protected]:password -X GET http://localhost:8000/account

My User Agent is 

User-Agent:   curl/7.32.0

I sent the same from python using your code above, User Agent is:

User-Agent:      Python-urllib/2.7

Ah! That must be it. You have to authenticate your user at least once using Basic Auth, it will give you a token and that token is valid for only that client. In the first part http://rjv.im/post/78940780589/api-token-authentication-with-laravel-and-sentry-part of tutorial there was no such condition. In the comments I received someone posted a query on how to support multiple clients, so this example was made to solve that problem.

Apart from that, may I suggest this library: https://github.com/chrisbjr/api-guard It supports Rate Limiting, easy to integrate with Sentry. It's a bit different from my tutorial. Using my solution you can hit any endpoint using Basic Auth or Token. Using above library, only token is permitted, so there is dedicated route to generate token. Let me know how it goes.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.