pushbullet - 401 Status Returned on Access Token Errors -


while 401 unauthorized may seem spiffy these ("access token missing or invalid") can throw many client http stack prompting user credentials, won't succeed anyway since normal http authentication mechanisms not in play.

while can detour using client library can direct not attempt auto-auth or user prompting (and have done so) seems violate rfc 7235 far can tell.

i suspect 403 forbidden more compliant here , less grief api users. of them see non-2xx status , run json "error" reponse body.

i have detour i'm not complaining, seems fishy here. surely i'm missing something? common practice use 401 in manner rest-like http apis?

more detail

this works long proper auth token used, causes gui prompt user/pw if bad token used:

set jsonbag = pbconfig.cloneitem("createpushjson") 'make deep copy of template json. jsonbag     .item("title") = txttitle.text     .item("body") = txtbody.text end  xmlhttp     .abort 'clean failed request if any.     .open "post", pbconfig.item("createpushurl"), true     .setrequestheader "access-token", pbconfig.item("accesstoken")     .setrequestheader "content-type", "application/json"     .onreadystatechange = sinkrschange     .send jsonbag.json end

if prompt canceled user 401 gets reported code.

in light of information below tried sending auth token user id value. raises prompt if auth token correct:

set jsonbag = pbconfig.cloneitem("createpushjson") 'make deep copy of template json. jsonbag     .item("title") = txttitle.text     .item("body") = txtbody.text end  xmlhttp     .abort 'clean failed request if any.     .open "post", pbconfig.item("createpushurl"), true, pbconfig.item("accesstoken")     .setrequestheader "content-type", "application/json"     .onreadystatechange = sinkrschange     .send jsonbag.json end

if user manually enters valid auth token prompt user id request succeeds.

based on new information below

this can made work explictly sending "." password:

set jsonbag = pbconfig.cloneitem("createpushjson") 'make deep copy of template json. jsonbag     .item("title") = txttitle.text     .item("body") = txtbody.text end  xmlhttp     .abort 'clean failed request if any.     .open "post", pbconfig.item("createpushurl"), true, pbconfig.item("accesstoken"), "."     .setrequestheader "content-type", "application/json"     .onreadystatechange = sinkrschange     .send jsonbag.json end

correct token value works, bad token value returns 401 can handled. no credentials prompt dialogs now.

normal http authentication mechanisms technically in play. api asks browser credentials can requests in browser (someone requested that).

http libraries have special behavior 401s seem problem, 1 time happened been able disable magic 401 handling. have no idea in violation of rfc 7235 here. rfc 2616 10.4.2 seems indicate current behavior "correct". have list of http clients prompt user credentials?

maybe 403 makes more sense here, stripe @ least seems use 401: https://stripe.com/docs/api#errors , rest. switching 403 break existing clients well. clients don't @ json body oddly enough, @ status code.

i think if make http api have 200/400/500 status codes post of json encoded bodies , json responses.


Comments

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more