akka-http-session icon indicating copy to clipboard operation
akka-http-session copied to clipboard

Published 20 hours ago verified publisher icon softwaremill

Header error regarding JWT implementation

Open nmolenaar opened this issue 7 years ago • 8 comments

First off, Thank you so much for your project (time and effort!). On this moment I'm experiencing some errors regarding the JWT header (name/value) combination.

The error throw = Illegal request header: Illegal 'authorization' header: Invalid input '=', expected auth-param, OWS, token68, 'EOI' or tchar

Using the directive optionalSession(oneOff, usingHeaders) This directive always returns an Option[T] containing a None

nmolenaar avatar Mar 25 '17 12:03 nmolenaar

Can you paste the headers that you are sending to the server?

adamw avatar Mar 25 '17 12:03 adamw

I have same warning, coming from akka http dispatcher: Illegal request header: Illegal 'authorization' header: Invalid input '=', expected auth-param, OWS, token68, 'EOI' or tchar (line 1, column 142): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InJvbGUiOiJzdHViUm9sZSJ9LCJleHAiOjE0OTIxNzY2MTB9.gEgcDFDb+G+sZjq0ekw7cr0Z8J58ywmWvFrowlCEBkE=

With setSession(oneOff, usingHeaders, ...) I have

Set-Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InJvbGUiOiJzdHViUm9sZSJ9LCJleHAiOjE0OTIxNzY2MTB9.gEgcDFDb+G+sZjq0ekw7cr0Z8J58ywmWvFrowlCEBkE=

in response.

curl -X GET -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InJvbGUiOiJzdHViUm9sZSJ9LCJleHAiOjE0OTIxNzY2MTB9.gEgcDFDb+G+sZjq0ekw7cr0Z8J58ywmWvFrowlCEBkE=" http://host/resource

produces already mentioned warning from dispatcher, omitting = in header value prevents decoding of session

slothspot avatar Apr 07 '17 13:04 slothspot

@adamw

Accept:application/json, text/plain, / Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.8,nl;q=0.6,de;q=0.4,af;q=0.2 Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXIiOnsiaWQiOjEsImVtYWlsIjoiZW5hYmxlQG1vbGVuYWFyLmlvIiwicGFzc3dvcmQiOiIkMmEkMTAkL3BNclY4bnlEV3VXY0cva3hTa1U5LjNXNTAxZG1hUzBRb0ZSeTJZNk5NSHF5Z29DSUkxWUciLCJhY3RpdmUiOnRydWV9fSwiZXhwIjoxNTA0ODAyMTU3fQ==.CsmHEuAIdxFDn9wDHzpnqX9WWiYsRPfSaSWzCNuTU30= Connection:keep-alive DNT:1 Host:localhost:8080 Origin:http://localhost:8000 Referer:http://localhost:8000/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

nmolenaar avatar Aug 31 '17 16:08 nmolenaar

@NicholasMolenaar doesn't JWT require the Bearer prefix before the token? So the header would be:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXIiOnsiaWQiOjEsImVtYWlsIjoiZW5hYmxlQG1vbGVuYWFyLmlvIiwicGFzc3dvcmQiOiIkMmEkMTAkL3BNclY4bnlEV3VXY0cva3hTa1U5LjNXNTAxZG1hUzBRb0ZSeTJZNk5NSHF5Z29DSUkxWUciLCJhY3RpdmUiOnRydWV9fSwiZXhwIjoxNTA0ODAyMTU3fQ==.CsmHEuAIdxFDn9wDHzpnqX9WWiYsRPfSaSWzCNuTU30=

adamw avatar Sep 01 '17 08:09 adamw

I have the same issue.

ghost avatar Nov 19 '17 08:11 ghost

@milanvdmria which version, are you on latest?

adamw avatar Nov 19 '17 09:11 adamw

@adamw I just saw there was an upgrade with the commit https://github.com/softwaremill/akka-http-session/commit/69ae123a639d28dd100d8f4cd7d25e7edc964f36 which I suppose is a fix for thise problem? Ill test on latest.

ghost avatar Nov 19 '17 09:11 ghost

I have similar problem... any suggestions ... by the way , I am not using akka-http-session lib at the client side. It is not produced at the local but at the server after deployment

aniketkakde avatar Nov 29 '18 14:11 aniketkakde