Using Python and authorization on flask, getting an error message on verification of the header

dannywinnick · May 25, 2019, 9:06am

Hi all,

I hope someone can answer this question. When using the @requires_auth on a route I’ve created in a Python and Flask API, I’m receiving this error message:

*  Traceback (most recent call last):*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2309, in __call__*
*    return self.wsgi_app(environ, start_response)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2295, in wsgi_app*
*    response = self.handle_exception(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask_restful/__init__.py", line 269, in error_router*
*    return original_handler(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1741, in handle_exception*
*    reraise(exc_type, exc_value, tb)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/_compat.py", line 35, in reraise*
*    raise value*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2292, in wsgi_app*
*    response = self.full_dispatch_request()*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1815, in full_dispatch_request*
*    rv = self.handle_user_exception(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask_restful/__init__.py", line 269, in error_router*
*    return original_handler(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1718, in handle_user_exception*
*    reraise(exc_type, exc_value, tb)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/_compat.py", line 35, in reraise*
*    raise value*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1813, in full_dispatch_request*
*    rv = self.dispatch_request()*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1799, in dispatch_request*
*    return self.view_functions[rule.endpoint](**req.view_args)*
*  File "/usr/local/lib/python3.6/dist-packages/flask_cors/decorator.py", line 128, in wrapped_function*
*    resp = make_response(f(*args, **kwargs))*
*  File "/home/raindropadmin/scripts/auth0.py", line 145, in decorated*
*    token = get_token_auth_header()*
*  File "/home/raindropadmin/scripts/auth0.py", line 119, in get_token_auth_header*
*    "Authorization header is expected"}, 401)*
*  auth0.AuthError: ({'code': 'authorization_header_missing', 'description': 'Authorization header is expected'}, 401)*

Can someone assist?

Thank you in advance!

bruno.krebs · May 26, 2019, 9:57am

The very last line of the stack trace states:

This message makes me believe you forgot to pass the token on the Authorization header. Can you check you are setting this header accordingly?

For more info, check this resource on access tokens.

dannywinnick · May 26, 2019, 6:47pm

Here is my get_token definition, as per the documentation I’m pretty sure?

  """Obtains the Access Token from the Authorization Header
  """
  auth = request.headers.get("Authorization", None)
  if not auth:
      raise AuthError({"code": "authorization_header_missing",
                      "description":
                          "Authorization header is expected"}, 401)
  parts = auth.split()
  if parts[0].lower() != "bearer":
      raise AuthError({"code": "invalid_header",
                      "description":
                          "Authorization header must start with"
                          " Bearer"}, 401)
  elif len(parts) == 1:
      raise AuthError({"code": "invalid_header",
                    "description": "Token not found"}, 401)
  elif len(parts) > 2:
      raise AuthError({"code": "invalid_header",
                    "description":
                        "Authorization header must be"
                        " Bearer token"}, 401)
  token = parts[1]
  return token```

dannywinnick · May 26, 2019, 6:48pm

here is my code for that:

  """Obtains the Access Token from the Authorization Header
  """
  auth = request.headers.get("Authorization", None)
  if not auth:
      raise AuthError({"code": "authorization_header_missing",
                      "description":
                          "Authorization header is expected"}, 401)
  parts = auth.split()
  if parts[0].lower() != "bearer":
      raise AuthError({"code": "invalid_header",
                      "description":
                          "Authorization header must start with"
                          " Bearer"}, 401)
  elif len(parts) == 1:
      raise AuthError({"code": "invalid_header",
                    "description": "Token not found"}, 401)
  elif len(parts) > 2:
      raise AuthError({"code": "invalid_header",
                    "description":
                        "Authorization header must be"
                        " Bearer token"}, 401)
  token = parts[1]
  return token```

bruno.krebs · May 26, 2019, 8:06pm

The code you are pasting is the code that validates an access_token. But, are you sending any access_token at all?

Topic		Replies	Views
Python flask route: How to have a conditional "@requires_auth", based on presence or not of authorization header Help auth0 , python , flask	0	3968	June 28, 2021
Flask Authentication By Example Developer Hub authentication , python , flask , web-app	2	1791	August 29, 2023
Flask-OAuth Invalid Response Help python	2	4741	July 25, 2019
Why authorization header not included in request ? - Auth0 Help jwt , auth0 , api , login , python	6	26382	July 13, 2021
Id_token valid but returns "Unable to parse authentication token." Help jwt	3	4204	January 14, 2022

Using Python and authorization on flask, getting an error message on verification of the header

Related Topics