saloon icon indicating copy to clipboard operation
saloon copied to clipboard

Published 20 hours ago • verified publisher icon saloonphp

Remove authentication on a specific request

Open labomatik opened this issue 10 months ago • 1 comments

I would like to remove the authentication on a specific request while the connector is using OAuth

The request to the API is the following:

  • OAuth request to get the Bearer
  • Create a Job -> we are receiving an URL (Using Bearer)
  • PUT a file to the URL (No Auth should be used)

The last step is actually sending an error when we push to AWS "Only one auth mechanism allowed;" since we are using an API key on that step

Is there a way to remove from the connector the Authentication?

        $api = new APIConnector(config('services.api.client_id'), config('services.api.client_secret'));

        $authenticator = $api->getAccessToken([
            "connect/read:jobs",
            "connect/submit:jobs",
            "connect/read:sending-events"
        ]);

        $api->authenticate($authenticator);

        $data = $api->send(new CreateJobSingleFile('01HT2RK56ETAD2GGNRGA4Z03BK', 'test', 'test.pdf'));

        $jobFile = $data->dtoOrFail();

        // We should now post file to $jobFile->fileUploadUrl

        $file = \Storage::disk('local')->path('test.pdf');

        // We should remove the Auth

        $result = $api->send(new AttachFileToJob('01HT2RK56ETAD2GGNRGA4Z03BK', 'test.pdf', $file, $jobFile->fileUploadUrl));

labomatik avatar Apr 17 '24 09:04 labomatik

Maybe you could do it with a NullAuthenticator, something like this:

class NullAuthenticator implements Authenticator
{
    public function set(PendingRequest $pendingRequest): void
    {
    }
}

And then when you want to make the auth-free call:

$api->authenticate(new NullAuthenticator());

jlevers avatar Apr 17 '24 16:04 jlevers

Hey @labomatik I have just released v3.9.0 which includes the above PR made by @patrickcarlohickman. Would you be able to try the NullAuthenticator and see if this fixes your issue?

Sammyjo20 avatar Jun 09 '24 10:06 Sammyjo20

Hello,

Sorry for being late on this... I just validated and it seems that the nullAuthenticator doesn't erase all previous auth mechanism, the API we are using is still pinpointing an issue with a mixed auth... I added a debug just after the NullAuthenticator and i do see the oauthConfig object part of the connector

image

labomatik avatar Jun 10 '24 14:06 labomatik

@labomatik ,

Changing the authenticator won't affect the oauthConfig property that is already set on the connector. However, the NullAuthenticator doesn't use this config data at all, so I think the issue is somewhere else.

Would you be able to provide the implementation for your APIConnector connector, AttachFileToJob request, and possibly a dump of the request actually made (with any sensitive data/ids/secrets/keys redacted).

Thanks, Patrick

patrickcarlohickman avatar Jun 12 '24 18:06 patrickcarlohickman

Thanks @patrickcarlohickman after a review on the AttachFileToJob i just found this:

 protected function defaultHeaders(): array
    {

        return [
            'x-api-key' => config('services.api.api_key'),
            //'Authorization' => null. ---> I removed this...
        ];
    }

And now it's working :-) Thanks for the support

labomatik avatar Jun 12 '24 20:06 labomatik