auth-header | Deal with obscene HTTP Authorization | Authorization library

This is an assignment question so I can't give you the full answer, but what your error message means is that you're taking an object somewhat this:

The problem is that the check to localStorage in AuthHeader() isn't updating reactively. The fix would be to rewrite AuthHeader to accept the user data like this:

const image = req.query.profile_img or const {profile_img} = req.query

The definition for Axios headers is...

but I would assume, that returning an access token would result in the client/browser storing it and automatically adding it to its request headers in "Authorization"

This assumption is where you're wrong. It's your apps responsibility to store the token and transmit it for each request against an endpoint. If you're planning on using regular HTML and navigating through it as a user clicking links instead of as an API endpoint, you might want to look at using cookies instead of an HTTP header (which are sent automagically by your browser).

The swagger-ui can determine from the API signature that an Authorization header is required (which is what OAuth2PasswordBearer does, among other things), it knows that it can ask for and is expected to present that header. Since swagger-ui is not a common web standard as a part of HTTP, that's not something browsers should, or are able to, do.

Cookies do serve that purpose, however - so you could use cookies if you want to do that. But API requests does not include cookies, and its far more common to use the Authorization header for those requests.

First Create an Axios object instance.

At todo.service.ts

• Explanation

I believe you are using wso2am-3.1.0 vanilla pack along with a custom sequence file which probably has a mediator using "json-eval($.)" expression. Please confirm. This is a known issue in the wso2am-3.0.0 and wso2am-3.1.0 vanilla packs.

This is becasue when we use json-eval($.) expression in a sequence in the /repository/deployment/server/synapse-configs/default/sequences directory and when it gets deployed, the synapse is setting the GsonJsonProvider [1] to represent the JSON inside the Jayway JsonPath[2].

Since the GsonJsonProvider is getting loaded, even if we remove the particular sequence file which has the json-eval($.) expression in a property mediator, the issue will still persists until we restart the server.

But, if we do not use the json-eval($.) expression at all in a sequence in the /repository/deployment/server/synapse-configs/default/sequences directory, we will not get the above error when we enable the JSON schema validation as the jsonsmartjsonprovider [3] is used to represent the JSON inside the Jayway JsonPath.

Since the JSON object representation is getting different in the error scenario, it throws the IllegalArgumentException in that case.

• Solution

You can approach one of the following solution as suggested below.

1. This issue has been fixed in the latest WUM/updated pack. If you have the WSO2 subscription then you can get the latest update.
2. You can deploy a new wso2am-3.1.0 vanilla pack and invoke the API calls without the sequence having json-eval($.) expression.

[1] https://www.javadoc.io/doc/com.jayway.jsonpath/json-path/latest/com/jayway/jsonpath/spi/json/GsonJsonProvider.html

[2] https://github.com/wso2/wso2-synapse/blob/417ce10dec58579b758e12f41909f17c09d25a64/modules/core/src/main/java/org/apache/synapse/mediators/eip/EIPUtils.java#L348

[3] https://www.javadoc.io/doc/com.jayway.jsonpath/json-path/latest/com/jayway/jsonpath/spi/json/JsonSmartJsonProvider.html

I have solved by simply not using oauth2-proxy which clearly does not work with Traefik, instead I have found this other project: https://github.com/thomseddon/traefik-forward-auth

A bit more simple and it works.

Dynamic headers in declarative client can be defined on the method argument level. See the example below: