URLConnection and JWT

Kristin_Green · August 21, 2020, 10:00pm

I recently upgraded my REST server to authenticate using JSON Web Tokens (JWT) and I can authenticate with no problems… my Xojo application sends a username and password and the server responds back with access and refresh tokens. The problem comes when I attempt to use the access token for subsequent calls.

I can’t seem to get it to recognize my Bearer Token as the Authorization header in Xojo.

The following cURL command works great in Terminal…

$ curl --location --request GET 'http://localhost:8000/api/teams' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTk4MDQ1ODI2LCJqdGkiOiJhMmQ2ZGVjZGFiMzg0MGZjOGI1YjU3ZmE0NTA4OGZkYiIsInVzZXJfaWQiOjZ9.RCbXfnyGqeJH7QQiQAXPsMaeRn3AbdNeo87U2OmXAFY'

Returns nice, juicy JSON content!

However, this code in my Xojo application always returns a response from the server as if no authorization header was sent.

Connection = New URLConnection
AddHandler Connection.ContentReceived, WeakAddressOf HandleRead
AddHandler Connection.Error, WeakAddressOf HandleError

Connection.RequestHeader("Authorization") = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNTk4MDQ1ODI2LCJqdGkiOiJhMmQ2ZGVjZGFiMzg0MGZjOGI1YjU3ZmE0NTA4OGZkYiIsInVzZXJfaWQiOjZ9.RCbXfnyGqeJH7QQiQAXPsMaeRn3AbdNeo87U2OmXAFY"

Connection.Send("GET", "http://localhost:8000/api/teams")

Returns the same error that I receive if I send the cURL command without the header.

{
    "detail": "Authentication credentials were not provided."
}

I’ve never used the Authorization header so I’m not sure if I’m using it correctly. I even tried to EncodeBase64 the token.

Thoughts and suggestions are welcome.

Kristin_Green · August 24, 2020, 2:20pm

@Thom_McGrath I read your blog regarding your difficulties with using URLConnection. Have you ever experienced a situation in which authentication headers are simply not being sent or when an HTTP call works with cURL but not with Xojo?

I’m using 2019r3.1 but on Mac OS 10.11 so I’m wondering if it’s maybe just an issue with using an older Mac since URLConnection is built off of the operating system’s library instead of the cURL library.

Thom_McGrath · August 24, 2020, 2:44pm

I’ve only experienced that on Windows when trying to use the AuthenticationRequired event. I’ve learned to just compute the header manually and include it with initial request.

So no, I haven’t experienced what you are.

Mike_Cotrone · October 14, 2020, 7:39pm

@Kristin_Green did you find a solution for this? I am seeing something similar where curl is working for me, my JWT is signature valid, but Im failing with URLConnection.

Thanks!
Mike

Kristin_Green · October 14, 2020, 7:56pm

In the end, it turned out that I had omitted the trailing slash in my request. If I had requested /api/teams/ it worked fine. In the end, I actually disabled trailing slashes on my server (Django w/DRF).