URLConnection: Can't see my request headers etc

Hi and thanks in advance,

So with URLConnection I am trying to validate what I have set in my requestHeaders and my SetRequestContent. The debugger for the URLConnection class does not give me this info like HTTPSecureSocket did. Am I missing something to validate this info before I post?

Thanks!
Mike

File a feature request for allowing to iterate trough the request headers.

As far as i know you can clear the headers and get a request header by name only.

I was afraid of that being the case – URLConnection is not sending the headers properly using JWT (my token is signature verified) but I get a 400 from my server. CURL works fine with my same JWT info and same headers.

Now Im am stuck with troubleshooting as Wireshark is useless as TLS encrypts the details after the POST.

What kind of header do you send?

Self.RequestHeader(“Accept”) = “/
Var hrStr as String = "Bearer " + thisAuthHeader
Self.RequestHeader(“Authorization”) = hrStr
Self.RequestHeader(“Content-Type”) = “application/json”

HrStr has a JWT string value of Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzZWNyZXQiOiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkiLCJpc3MiOiIifQ.W94d8w2uoWu5HAqJ4UfmVUeUHMkySzje8GXmbFz2gho

Tried this one:

Self.RequestHeader(“Accept”) = “ */* ”
Var hrStr as String = "Bearer " + thisAuthHeader 
Self.RequestHeader(“Authorization”) = hrStr
Self.RequestHeader(“Content-Type”) = “application/json; charset=uft-8;”

Should not make difference, default is utf-8…

It doesn’t help you with the whole request body, but it’s a good chunk of what you’d need.

Thanks - but same result.

Can you try this event:

only set the username ? i’ve not tried this before with a bearer token but we have in the past used this kind of auth… not sure where.

I already have that event with a break - -it never fires.

image

OK did you try:

Self.RequestHeader(“Accept”) = “ */* ”
Var hrStr as String = "JWT " + thisAuthHeader 
Self.RequestHeader(“Authorization”) = hrStr
Self.RequestHeader(“Content-Type”) = “application/json;”

Its looking for Bearer – But Ill try… Here is my successful CURL response using my JWT. Could it be my User-Agent needs to be set?

Same error but JWT now :slight_smile:

My JWT Creation is Valid - Cloudflare is saying that because of how the header is being sent:

Perhaps you need a user-agent, your calling an API right?

Did you copy and paste the string? Try to clean the string value with the bearer.

Select it in (including the quotes) the ide then right click -> clean invisible characters
If you’r generating it i don’t see a problem with this…

No dice w/ adding User-Agent - 400 still

Var thisAuthHeader as String = createJWT(ourSecretStr, ourIssStr)
Self.RequestHeader("Accept") = "*/*"
Self.RequestHeader("User-Agent") =  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36"
Var hrStr as String = "Bearer " + thisAuthHeader
Self.RequestHeader("Authorization") =  hrStr
Self.RequestHeader("Content-Type") = "application/json"

For example set a breakpoint then copy the bearer result value into curl, does it still work then?

yes I posted those CURL results above. Well not all of it… Here it is more detail:

Did you copy them from the debugger? so you can see if the string matches exactly?

I sure did - I use the debugger more than I write code :slight_smile:

1 Like

How do you baseencode ? Which exact method?

EncodeBase64( "somestring", 0) ?

If you use:

EncodeBase64( "somestring" ) 

you’ll get a line break inside the result, which is in the header. Xojo won’t strip that for you. CURL may be stripping that… ?