I'm sending request body as
grant_type=password&username=username&password=7LQCz+ACVLqJYjR39MjVTQ==
from mobile app
but password is taking as 7LQCz ACVLqJYjR39MjVTQ==
The sending side is not URL encoding but the receiving side is URL decoding. Both sided need to agree in the used encodings.
I general it is not necessary to URL encode POST data.
Related
I am passing the value "mine & mine" to query parameter a after encoding the value it showing as a="mine+%26+mine". In my local Weblogic 12c server i am able to retrieve the value properly. but when I push the changes to my dev server I am only getting the value a "mine". when I print the querystring I am seeing the value as a="mine+&+mine".
we are invoking the service from postman,android, ios & ARC.
you must replace + with %20, the result of mine & mine should be mine%20%26%20mine.
there is a full answer in here.
the error maybe occurs in the client or in the server. the server and client side decode parameters twice from query string. so then you need encode the & twice which result in %2526. the & symbol is a special symbol for separates http request parameters.
the weblogic decoding once automatically in the server side, so you need to check your sever & client where also does decoding.
I'm trying to use OkHttp on Android to connect to an API that uses Basic Http authentication, and even though I appear to be doing everything right, I'm getting a 401 Unauthorized error.
The API is configured a little strangely in that it apparently requires the username (Base64 encoded) to be included in the url; it will not accept a properly formatted "Authorization: Basic " header. So the request has to be formatted like this:
https://<username>:<password>#www.api.com/api/ver/1/method
Where "username" and "password" are the Base64 encoded username and password entered by the user.
When I take the URL being sent by OkHttp and try it directly with curl, it works. So I know that the username and password are correct, they are being encoded correctly, and the url is being constructed correctly. But when I try it in my app, I get a 401 Unauthorized error with a "Www-Authenticate" header. Which is exactly what it sends if I try it in Postman with the "Authorization" header instead of the username and password in the url.
Is it possible that OkHttp is trying to be smart here, and pulling the username and password out of the url and automatically generating an "Authorization" header before sending the request? If so, I'd like to stop it from doing that.
I'm creating a android app which requires login and the authentication will be done against a node server.
HttpURLConnection is used with the POST and I'm using HTTPS. But my question is, since username and password are sent to the server as url parameters, do I need to add more security measures; like encrypting those two parameters(Using Base64)?
I've tried to use Authenticator.setDefault(new Authenticator(){}) but I'm not user implementing that only would be enough.
The URL parameters are encrypted thus protected in transit but are probably logged by the system so the username and password will probably be in the log files. It is best to send then in thee POST data, not as part of the URL.
What you can try is encrypting the data and then send it to server and on server side the data should be decrypted . In this way the security of your app will be maintained.
See this
I have an app that makes request to a wcf service. Usually I authenticate all of the requests using a hash value that is sent in the body of the request and then authenticated on the server. All most all of the request are sent via json and it is easy for me to add the hash value to the body of the request. The issue I am facing is that when I send a file stream I cannot add the hash to the body of the request so I am wondering how I can authenticate that the request came from my app and not from some where else. All suggestions are greatly appreciated.
Adding an authorization item in the header is a possible solution. So, if anyone is interested, read this and this.
I'm trying to make an application that needs authentication :- when user type username and pw in the text boxes it should check with the DB in the server and authenticate.
how can i do this in the android?
can please any one help me??
thank you,
If you are a web developer you can do this authentication very easily. You can follow the following steps,
First, get the username and password from the user and put in the variables.
Create the HTTP connection to the web server (Your data posting URL).
Post the data to the URL with specified data using HTTP Get or Post method(Post is preferable for authentication)
Get the posted value using server side script and do the authentication.
send the response status to the client by using JSON encoding or some other format whether the authentication is succeeded of failure.
Get the response in android and create the InputStream and decode the JSON or some specified encoding format which you done in the server side and shown the response in mobile.
Thats it.