Using Python and authorization on flask, getting an error message on verification of the header

Hi all,

I hope someone can answer this question. When using the @requires_auth on a route I’ve created in a Python and Flask API, I’m receiving this error message:

*  Traceback (most recent call last):*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2309, in __call__*
*    return self.wsgi_app(environ, start_response)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2295, in wsgi_app*
*    response = self.handle_exception(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask_restful/__init__.py", line 269, in error_router*
*    return original_handler(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1741, in handle_exception*
*    reraise(exc_type, exc_value, tb)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/_compat.py", line 35, in reraise*
*    raise value*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 2292, in wsgi_app*
*    response = self.full_dispatch_request()*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1815, in full_dispatch_request*
*    rv = self.handle_user_exception(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask_restful/__init__.py", line 269, in error_router*
*    return original_handler(e)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1718, in handle_user_exception*
*    reraise(exc_type, exc_value, tb)*
*  File "/usr/local/lib/python3.6/dist-packages/flask/_compat.py", line 35, in reraise*
*    raise value*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1813, in full_dispatch_request*
*    rv = self.dispatch_request()*
*  File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1799, in dispatch_request*
*    return self.view_functions[rule.endpoint](**req.view_args)*
*  File "/usr/local/lib/python3.6/dist-packages/flask_cors/decorator.py", line 128, in wrapped_function*
*    resp = make_response(f(*args, **kwargs))*
*  File "/home/raindropadmin/scripts/auth0.py", line 145, in decorated*
*    token = get_token_auth_header()*
*  File "/home/raindropadmin/scripts/auth0.py", line 119, in get_token_auth_header*
*    "Authorization header is expected"}, 401)*
*  auth0.AuthError: ({'code': 'authorization_header_missing', 'description': 'Authorization header is expected'}, 401)*

Can someone assist?

Thank you in advance!

The very last line of the stack trace states:

This message makes me believe you forgot to pass the token on the Authorization header. Can you check you are setting this header accordingly?

For more info, check this resource on access tokens.

Here is my get_token definition, as per the documentation I’m pretty sure?

  """Obtains the Access Token from the Authorization Header
  """
  auth = request.headers.get("Authorization", None)
  if not auth:
      raise AuthError({"code": "authorization_header_missing",
                      "description":
                          "Authorization header is expected"}, 401)
  parts = auth.split()
  if parts[0].lower() != "bearer":
      raise AuthError({"code": "invalid_header",
                      "description":
                          "Authorization header must start with"
                          " Bearer"}, 401)
  elif len(parts) == 1:
      raise AuthError({"code": "invalid_header",
                    "description": "Token not found"}, 401)
  elif len(parts) > 2:
      raise AuthError({"code": "invalid_header",
                    "description":
                        "Authorization header must be"
                        " Bearer token"}, 401)
  token = parts[1]
  return token```

here is my code for that:

  """Obtains the Access Token from the Authorization Header
  """
  auth = request.headers.get("Authorization", None)
  if not auth:
      raise AuthError({"code": "authorization_header_missing",
                      "description":
                          "Authorization header is expected"}, 401)
  parts = auth.split()
  if parts[0].lower() != "bearer":
      raise AuthError({"code": "invalid_header",
                      "description":
                          "Authorization header must start with"
                          " Bearer"}, 401)
  elif len(parts) == 1:
      raise AuthError({"code": "invalid_header",
                    "description": "Token not found"}, 401)
  elif len(parts) > 2:
      raise AuthError({"code": "invalid_header",
                    "description":
                        "Authorization header must be"
                        " Bearer token"}, 401)
  token = parts[1]
  return token```

The code you are pasting is the code that validates an access_token. But, are you sending any access_token at all?