401 Client Error: Unauthorized url. Flask python

Question

I have a program that Authenticate with API and when logged in search by Id in contacts on this API. logging in works fine but when I try to find contact this error happen: 401 Client Error: Unauthorized for url:https://api.moxiworks.com/api/contacts/12345678 and same problem happen when try it on Postman like in this image: after log in I redirected to home route and here is the code:

@app.route('/home', methods=["GET", "POST"])
@login_required
def home():

    if request.method == "POST":
        found = request.form.get('id')

        #base64 encoded Partner ID and Partner Secret
        sample_string = ('%s:%s' % (os.getenv("CLIENT_ID"), os.getenv("CLIENT_SECRET"))).replace('\n', '')
        sample_string_bytes = sample_string.encode("ascii")
        base64_bytes = base64.b64encode(sample_string_bytes)
        base64_string = base64_bytes.decode("ascii")

        if not found:
            return render_template('apology', err='must provide id')

        try:
            token = session['token']
            response = moxi.get(f'https://api.moxiworks.com/api/contacts/{found}',
                                    token=token,
                                    headers={
                                        'Content-Type': 'application/x-www-form-urlencoded',
                                        'Authorization': 'Basic %s' % base64_string,
                                        'Accept': 'application/vnd.moxi-platform+json;version=1',
                                        'Cookie': '_wms_svc_public_session'
                                    })
            if response.status_code == 429:
                flash('too many requests, wait for 60 seconds then will get your results')
                time.sleep(60)
                response = moxi.get(f'https://api.moxiworks.com/api/contacts/{found}',
                                    token=token,
                                    headers={
                                        'Content-Type': 'application/x-www-form-urlencoded',
                                        'Authorization': 'Basic %s' % base64_string,
                                        'Accept': 'application/vnd.moxi-platform+json;version=1',
                                        'Cookie': '_wms_svc_public_session'
                                    })


            # If the response was successful, no Exception will be raised
            response.raise_for_status()
        except HTTPError as err:
            return render_template('apology.html', err=err)
        except Exception as err:
            return render_template('apology.html', err=err)
        else:
            try:
                contact = response.json()

                return render_template('data.html',
                                       contact1=contact['agent_uuid'], contact2=contact['moxi_works_agent_id'],
                                       contact3=contact['partner_contact_id'], contact4=contact['contact_name'],
                                       contact5=contact['primary_email_address'], contact6=contact['secondary_email_address'],
                                       contact7=contact['primary_phone_number'], contact8=contact['secondary_phone_number'])
            except (KeyError, TypeError, ValueError) as err:
                return render_template('apology.html', err=err)

    else:
        return render_template('home.html')

What I miss? or what is wrong in my code?

here is the auth register:

moxi = oauth.register(
    name='moxi',
    client_id=os.getenv("CLIENT_ID"),
    client_secret=os.getenv("CLIENT_SECRET"),
    access_token_url='https://sso.moxiworks.com/oauth/token',
    access_token_params={'grant_type': 'authorization_code'},
    authorize_url='https://sso.moxiworks.com/oauth/authorize',
    authorize_params={'response_type': 'code'},
    api_base_url='https://api.moxiworks.com/api/contacts/',
    userinfo_endpoint='https://sso.moxiworks.com/agent/profile',  # This is only needed if using openId to fetch user info
    client_kwargs = {
    'scope': 'profile',
    'token_endpoint_auth_method': 'client_secret_basic',
    'token_placement': 'header',
    }
)

please help me to figure out how to fix this? thanks in advance.

score 0 · Answer 1 · edited Oct 07 '21 at 13:21

0

The error shows that you have not included your authorisation header. According to the Basic Authentication standard (RFC 7617) used here, you should include the access token in the Authorization header instead of the parameter. As such, it should look something like this enter image description here.

Or on the python code, it will look like this

import requests

url = "https://example.com/api/contacts/1234"

payload = {}
headers = {'Authorization': 'Basic <access_token>'}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

edited Oct 07 '21 at 13:21

Community

1
1

answered May 29 '21 at 15:47

Yeong Jong Lim

208
1
4

thanks for your response. does not work when I use access_token but worked with base64 platform Id, platform secret – Mahmoud Ferig May 30 '21 at 06:16
can I use both Authorization Basic and Bearer? – Mahmoud Ferig May 30 '21 at 06:17
1

I don't think so, they are two different standards and are used in different flows. Bearer authentication scheme is more suitable for oauth2 as far as I understands it. In order to use the Bearer authentication, you will need to change the token_endpoint_auth_method in client_kwargs. – Yeong Jong Lim May 30 '21 at 07:14

401 Client Error: Unauthorized url. Flask python

1 Answers1