0

Optain Bearer-Token Client-Side?

Is there a way to optain the bearer token via basic auth (or smth. similar) against an api-endpoint, like in oauth?

How are you supposed to optain the bearer token client side (JS)?

Is there any way to create an authentication against a user-table?!?

11 replies

null
    • Mconneen
    • 5 yrs ago
    • Reported - view

    Basic authentication requires a base64 encodd Authorization header.   Ninox does NOT have a base64 function, so you have to encode that outside of Ninox. 

    • sgrinschgl
    • 5 yrs ago
    • Reported - view

    thanks for your reply,
    unfortunately that doesn't really answer any of the questions....

    • Mconneen
    • 5 yrs ago
    • Reported - view

    OK..

    Is there a way to optain the bearer token via basic auth (or smth. similar) against an api-endpoint ... If your third party end point requires basic authentication, YES.. you can use the Ninox HTTP function... but you have to encode your base64 OUTSIDE of Ninox as Ninox does not have a base64 function.   To work around this issue, use an integration platform like Integromat (or something) that natively supports the base64.

     

    How are you supposed to optain the bearer token client side (JS)? .... I do not fully understand the question.  When you say "client side", are you referring to your Ninox application? 

     

    Is there any way to create an authentication against a user-table?... It is not really "authentication"... Using the Ninox Cloud version, you CAN set READABL / WRITEABLE based on configured roles. 

    • sgrinschgl
    • 5 yrs ago
    • Reported - view

    hello,
    thanks for your reply.

    I'm refering to this:
    https://ninoxdb.de/en/manual/api/api-introduction -> Obtain an API Key

    I'm writing a web-app (client) to use ninoxdb via it's REST-API,
    and of course I don' t want to hardcode the bearer token into the source code.

    there must be another way to optain the bearer token than manually copying it from the backend like described in your api-introduction, right?
    other systems let you get the bearer token as a response from a successful basic-auth, which would be the expected behaviour.

    if I understand you correctly ninox doesn't provide an authentication endpoint nor does it support basic-auth.

    • chrisgelso
    • 4 yrs ago
    • Reported - view

    Have you had any progress on this issue? I am presently in the same situation. Building an HTML page that uses a JQuery GET request to retrieve records from my database. I need to hide the Bearer Key so that it does not appear in the code... Any idea where to start?

    • sgrinschgl
    • 4 yrs ago
    • Reported - view

    i just completely switched over to a headless wordpress setup, which does the job for me.

    • chrisgelso
    • 4 yrs ago
    • Reported - view

    Thanks for the reply... I am going the JQuery way on a simple webpage... Any ideas on how to tackle this?

    • Mconneen
    • 4 yrs ago
    • Reported - view

    Ahh.. Now I (think I) understand... So.. to access Ninox via the RESTAPI, you must register and get an API key that you use to get the token.   It is that API key that you do not want to hard code within your client side java script.   So yes, you could use a java key store that you first access via basic authentication.. they API key would still exist for awhile.. so not 100% sure how to totally protect it.

     

    Perhaps this may lead you somewhere.. 

    Java KeyStore (JKS) Examples for Node.js / https://www.example-code.com/nodejs/jks.asp

    • sgrinschgl
    • 4 yrs ago
    • Reported - view

    it would actually be much more convenient if ninox would provide a rest api authentication endpoint to retrieve a token...

    • Mconneen
    • 4 yrs ago
    • Reported - view

    Yes .. a true oAuth 2x would be awesome. 

    • chrisgelso
    • 4 yrs ago
    • Reported - view

    Thanks everyone... I'll research those leads, and I'll let you know if I get somewhere. Cheers.

Content aside

  • 4 yrs agoLast active
  • 11Replies
  • 2639Views