I get an authentication error with a json post

Question

I am trying to authenticate, the result of my request is returned incorrectly.

Request Model

Method: Post, Endpoint: /api/authenticate, Header Variables: [{"key":"Content-Type","value":"application/json","enabled":true}], Body Parameters: username: string, password: string, authenticationType: string

Sample Request

POST /api/authenticate 
Host: mpop-sit.hepsiburada.com
Content-Type: application/json
{
   "username": "xyz_dev",
   "password": "XYZ_dev123!",
   "authenticationType": "INTEGRATOR"
}

Request i sent

$url = 'https://mpop-sit.hepsiburada.com//api/authenticate';
$ch = curl_init($url);
$header = array(
    'Content-Type: application/json',
    'Authorization: Bearer '. base64_encode('xyz_dev:XYZ_dev123!:INTEGRATOR'),
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
$return=json_decode($result,true);
print_r($return);

This is the result of the query returned and the error I received. Where do you think I might be making a mistake?

Array ( [timestamp] => 2020-02-07T09:01:47.426+0000 [status] => 500 [error] => Internal Server Error [exception] => io.jsonwebtoken.MalformedJwtException [message] => JWT strings must contain exactly 2 period characters. Found: 0 [path] => //api/authenticate )

Does this answer your question? [JWT strings must contain exactly 2 period characters. Found: 0](https://stackoverflow.com/questions/53949137/jwt-strings-must-contain-exactly-2-period-characters-found-0) — Mark, Feb 07 '20 at 09:22
Change url to `https://mpop-sit.hepsiburada.com/api/authenticate` or `https://mpop-sit.hepsiburada.com/api/authenticate/` — , Feb 07 '20 at 09:34
@Mahlika add this to end of your code `echo curl_error($ch); curl_close($ch);` first one will give you correct error, second will close curl connection. I get *SSL certificate problem: unable to get local issuer certificate* at localhost with your codes and second url in my above comment. this is the correct url : `https://mpop-sit.hepsiburada.com/api/authenticate/` I think, see this post for ssl https://stackoverflow.com/a/59919558/12232340 — , Feb 07 '20 at 10:14

score 0 · Answer 1 · answered Feb 07 '20 at 09:42

0

Do you need the authentication header for this endpoint?

Because what the sample request wants you to send the parameters in the request body like this:

$post = [
   'username' => 'xyz_dev',
   'password' => 'XYZ_dev123!',
   'authenticationType' => 'INTEGRATOR'
];

$url = 'https://mpop-sit.hepsiburada.com//api/authenticate';
$ch = curl_init($url);
$header = array('Content-Type: application/json');
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
$return=json_decode($result,true);
print_r($return);

So no need fot the Authentication: Bearer ... header, it would also be created differently.

answered Feb 07 '20 at 09:42

GamerPanda99

1
1
1

In the statement, authentication should be bearer, not basic! says interesting – Mahlika Feb 07 '20 at 10:51
Usually authentication credentials such as are used by `bearer` are contained in the HTTP header, not the body. – Mike Robinson Feb 07 '20 at 17:01
@MikeRobinson yeah but the sample request Mahlika gave it looks like the request doesnn't need an auth header at all. Anyways, the combination of username, password, and authencationType wouldn't constitute an JWT token(see [JWT-Token](https://jwt.io/introduction/) ) – GamerPanda99 Feb 08 '20 at 12:42

score 0 · Answer 2 · 2020-02-07T17:55:44.580

This should work fine! I get access denied error, so, that means codes works fine.

Note you might need to change http_build_query($fields) to $fields

$url = "https://mpop-sit.hepsiburada.com/api/authenticate/";
$token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; 
$fields = array(
   "username" => "xyz_dev",
   "password" => "XYZ_dev123!"
);

$header = array(
    'Content-Type: application/json',
    'Authorization' => 'Bearer ' . $token,
);

//open curl connection
$ch = curl_init();

//set the url, fields, vars
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, true);
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($fields));
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,false); // SSL false if not required
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false); //False if not required
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

//execute fields
$result = curl_exec($ch);
//return result echo $result; if you need
echo curl_error($ch);
//close curl connection
curl_close($ch);

Please let me know if it works!

UPDATE : if you want to use ssl which is saving you from hacks.

Follow steps in this answer to activate ssl : https://stackoverflow.com/a/59919558/12232340

Please don't switch off SSL verification off. It makes your code vulnerable. — Dharman, Feb 07 '20 at 17:44

score 0 · Answer 3 · edited Dec 26 '20 at 01:15

0

2 slashes here, so it does not work:

$url = 'https://mpop-sit.hepsiburada.com//api/authenticate';

edited Dec 26 '20 at 01:15

DRPK

2,023
1
14
27

answered Dec 25 '20 at 18:33

Tarık CÖRÜT

1
1

I get an authentication error with a json post

3 Answers3