Web Server keeps asking for basic authentication when using a Client Extension that makes a request via OAuth to Liferay API

Issue

  • A Web Server before the Liferay environment is configured with Basic Auth.
  • Liferay uses a Client Extension (CX) that makes a request to a Liferay API using OAuth.
  • When the page using the CX is loaded, the Web Server keeps asking for the basic credentials, even after they've been provided once.

Environment

  • Quarterly Release 2024.Q1

Resolution

  • When the Web Server is configured with Basic Auth the first request will ask for credentials. Subsequent ones will include a header Authorization of type Basic with a token to avoid asking again.
  • A request to the Liferay API using OAuth is done with Authorization of type Bearer. 
  • Since only one token can be used with the header Authorization and the Bearer one is used, the Web Server asks for credentials.
  • To avoid this issue, note that since the request from the CX is to a Liferay API there's no need to use OAuth (the authorization server and the resource server are the same). Instead the api method could be used, like in this example:
    api('o/headless-admin-user/v1.0/my-user-account')
        .then((response) = response.json())
            .then((response) = {

Additional Information

这篇文章有帮助吗?
0 人中有 0 人觉得有帮助