Skip to content

Add access token usage documentation #186

New issue
New issue
Open
Open
Add access token usage documentation#186
@amit-a-lx

Description

@amit-a-lx
amit-a-lx
opened on Aug 7, 2024

I want to use the withAuthentication middle in my app to authenticate user requests submitted with tenant API tokens.

There is no documentation about how the client id and secret should be added to the requests.

I looked at the source code and saw this common format:

      const buffer = new Buffer(`${clientId}:${apiKey}`);
      const buffer = Buffer.from(`${clientId}:${apiKey}`);
      this._authorizationHeader = `Basic ${buffer.toString('base64')}`;

But when I try to submit such request authenticate fails.

How to reproduce

create a simple express js app:

app.ts

import express from "express";

import { withAuthentication, FronteggContext } from "@frontegg/client";

FronteggContext.init({
  FRONTEGG_CLIENT_ID: "<vendor client id>",  // from here: https://docs.frontegg.com/reference/getting-started-with-frontegg-apis#performing-your-first-api-call
  FRONTEGG_API_KEY: "<vendor api key>",
});

const app = express();
const port = 5001;

// This route can now only be accessed by authenticated users
app.use('/', withAuthentication(), (req, res, next) => {
  // Authenticated user data will be available on the req.frontegg object
  // @ts-ignore
  console.log(`JSON.stringify(req.frontegg): ${JSON.stringify(req.frontegg)}`)
  res.status(200);
  next()
});

app.get("/", (req, res) => {
  res.send("Hello, TypeScript Node Express!");
});

app.listen(port, () => {
  console.log(`Server is running on port ${port}`);
});

start the server.

Then run the following script to see that different requests fail:

script.ts

import axios from "axios"

const tenantApiTokenId = "token id"
const tenantApiTokenSecret = "token secret"

// all the following requests fail:

const main = async () => {

const res1 = await axios({
        url: "http://localhost:5001",
        method: "get",
        validateStatus: null,
        headers: {
            'x-api-key': `Basic ${Buffer.from(`${tenantApiTokenId}:${tenantApiTokenSecret}`).toString('base64')}`
        }
})

const res2 = await axios({
        url: "http://localhost:5001",
        method: "get",
        validateStatus: null,
        headers: {
            authorization: `Basic ${Buffer.from(`${tenantApiTokenId}:${tenantApiTokenSecret}`).toString('base64')}`
        }
})

}

(async () => {
    try {
        await main();
    } catch (e) {
        console.error(e);
        throw e;
    }
})()

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions