Neo4j simple authentication

Question

I can log in using username and password here http://localhost:7474/ by typing server: connect and logging in. I can view data from there by executing queries.

Then I immediately switch to a new tab, or in the same tab, and go to: http://localhost:7474/db/data/, and I get:

{
  "errors" : [ {
    "message" : "No authorization header supplied.",
    "code" : "Neo.ClientError.Security.AuthorizationFailed"
  } ]
}

And I cannot connect using py2Neo or any NEO4J libraries either using the same password; they return the exact same error.

What am I doing wrong?

Answer 1

The request json should look like: (XXX being the Base64 encoding of the user:password string - the string to encode contains the column):

{
    method: "POST",
    headers: { 
        "content-type": "application/json", 
        "Authorization": "Basic XXX"
    },
    body: {
        statements:[
            {
                statement: query,
                parameters: params
            }
        ]
    }
}

This has been tested in Javascript (axios) and in Deno.land (fetch API). ES Javascript contains a built in base64 encoding function: btoa()

Answer 2

All REST API requests must now include the Authorization header. To quote the REST API Authentication and Authorization page of the neo4j manual:

Requests should include an Authorization header, with a value of Basic <payload>, where "payload" is a base64 encoded string of "username:password".

That page contains some examples.

Note: you can also disable authentication -- but you should only do this on your personal machine, for development purposes. You do this by setting to false the dbms.security.auth_enabled property in <neo4j-install-dir>/conf/neo4j-server.properties, and then restarting the server.

[UPDATED]

By the way, since your question mentioned py2neo, you should know that its Graph class supports "authorisation".

Answer 3

add this to your http-headers request:

Authorization: "Basic xxxx"

xxxx = base64(username:password)