Web Server keeps asking for basic authentication when using a Client Extension that makes a request via OAuth to Liferay API
Ricardo Couso
更新
Issue
A Web Server before the Liferay environment is configured with Basic Auth.
Liferay uses a Client Extension (CX) that makes a request to a Liferay API using OAuth.
When the page using the CX is loaded, the Web Server keeps asking for the basic credentials, even after they've been provided once.
Environment
Quarterly Release 2024.Q1
Resolution
When the Web Server is configured with Basic Auth the first request will ask for credentials. Subsequent ones will include a header Authorization of type Basic with a token to avoid asking again.
A request to the Liferay API using OAuth is done with Authorization of type Bearer.
Since only one token can be used with the header Authorization and the Bearer one is used, the Web Server asks for credentials.
To avoid this issue, note that since the request from the CX is to a Liferay API there's no need to use OAuth (the authorization server and the resource server are the same). Instead the api method could be used, like in this example: