it has been noticed that with
$.ajax
That the requests to server side API calls are injected with a bearer token as a header. This authenticates the request if adminAuth is enabled in the settings.js file.
If fetch is used within the registered endpoint then this token is not injected and the request is unauthorized a 401 error is thrown.
Is there a way of accessing this token and adding it as a header to the fetch request?
Have a look in localstorage for the site
PS, if you are developing a node, then this should be in Developing Nodes or if this is for a core pull request, then Core Development
I did and found the
auth-token
, however it has an expires_in property. Does this property value get updated from time to time?
I am just wondering if there is an already defined method within Node RED for extracting the token and verifying its validity. i.e. is still valid/not expired.
Hi @malee
How and where the token is stored inside the editor is an internal implementation detail that could well change in the future as we reconsider some of the use of localStorage. So I would carefully consider whether it's worth the maintenance overhead just to get to use fetch rather than the included client.
This is the consideration I had also I think staying with the included client is the best thing to do
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy