CODEWITHSUNDEEP
authenticationaclloopbackjsloopback
Midnight Coder
Midnight Coder

Reputation: 721

Error 401 on POST Request in Loopback

Good morning, guys. I'm still new to Loopback, and have a feeling that I'm missing something, but not sure where and what to find, so advice would be helpful.

I have an app. I'm using local authentication with standard ACL.

I have few methods that open only for $owner, and few that open for $authenticated. I'm using few POST requests within the app to retrieve data, and every time I get 401 error. If use GET request, all I have to do is to include an access token id into the url like that url?access_token=jjkdfsjjkj334.

I have a feeling that there is a some sort similar of trick for POST requests.

Any help would be appreciated.

Upvotes: 0

Views: 574

Answers (2)

richardpringle
richardpringle

Reputation: 781

If you had a model called Test with the following ACL:

{
  "principalType": "ROLE",
  "principalId": "$everyone",
  "permission": "DENY"
},
{
  "principalType": "ROLE",
  "principalId": "$authenticated",
  "permission": "ALLOW",
  "property": "create"
}

You should be able to make the following POST request:

curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" -d "{}" "http://localhost:3000/api/Tests?access_token=cor7DDfUKoFSI6DzgCezQzoKFOuSmpLYzSF85xA8QXePkbFAGDKjjp7QwaVlP11B"

I always like to use the component explorer to test out what works and what doesn't. My guess is that something isn't set up properly in your ACL.

Upvotes: 1

Nishant
Nishant

Reputation: 3694

For the post request pass the access_token as the "Authorization" header in the respective post call.

request({url: url, json: true, headers: {'Authorization': 'access-token-value'}}, function (err, res, responseJson) {

console.log(responseJson);

});

You also specify other headers also, like Accept-type etc.

Upvotes: 1

Related Questions