RequestBuilder Assistance

Andy Whitcombe

New Member
Morning All,

I am using RequestBuilder for the first time, and I coming across an error, which I am struggling to resolve.

Using the following code

Code:
    oClient = ClientBuilder:Build():Client.
    
    /* User Name, Password and Domain... we dont have these
    oServiceCredentials = NEW Credentials(ipServerURL, ipUserID, ipPassword).
    */
    
    oRequestBody = NEW String(oRequest:GetJsonText()). /* The JSON AS A LONGCHAR*/
                                                                                                                                            
    oRequest = RequestBuilder:Post(SubmissionURL, oRequestBody) /* Submit Request TO URL, Payload is the JSON */
          :ContentType("application/json")
          :AddHeader("Authorization",SigningStringHMAC)
          :AddHeader("Indentation","2")
          :AddHeader("partnerId","XYZ")
          :AddHeader("Timestamp",SUBSTRING(ISO-DATE(SigningStringTimeStamp),1,23) + "Z")
          :AcceptJson()
          :Request.                                 
    oResponse = oClient:Execute(oRequest).

    CATCH e AS Progress.Lang.Error :
      MESSAGE "APW DEBUG " STRING(TODAY) STRING(TIME,"HH:MM:SS") SKIP
      PROGRAM-NAME(1) SKIP
        DYNAMIC-FUNCTION("TranslateText","e:GetMessage(1)") e:GetMessage(1)
      VIEW-AS ALERT-BOX INFORMATION TITLE DYNAMIC-FUNCTION("TranslateText","APW DEBUG MESSAGE") .
    END CATCH.

I get the following error

Code:
e:GetMessage(1) Authorization header value must have at least 2 " "-delimited parts: ixQVrK2qH6bajs2ZeHxsJaoBwwjOgs0eHFBvwMwvFqE=

If I debug the component parts and post using Postman, I see a success.

Please notes the HMAC in the following screen shot is not the same, its from a test I did yesterday, so the calculated value is different

1624001144204.png
1624001201123.png
I am hoping people with more experience of RequestBuilder can spot something obvious.

Thanks.
 

Stefan

Well-Known Member
Your error is originating from the AuthorizationHeader class. In the cases I have come across, the authorization header has always been a combination of the type of authorization followed by the value, for example:

Code:
Bearer <sometoken>

Which is reinforced by the specification at Authorization - HTTP | MDN
 

Andy Whitcombe

New Member
Thanks @Stefan

If I compare to the c# code generated in postman for a valid request..

Code:
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "text/plain");
request.AddHeader("Authorization", "if/gWccU84vKq6Uj1zUZqqWOnpIbIj/rs7i4UH/fZX4=");
request.AddHeader("partnerId", "XYZ");
request.AddHeader("Timestamp", "2021-06-18T10:03:32.258Z");
request.AddHeader("Indentation", "2");

I thought that what I was attempting to replicate

Working with another Dev, we considered looking at System.Net.Http.HttpClient which allows for adding headers without validation

Code:
DEFINE VARIABLE client AS System.Net.Http.HttpClient.

client:DefaultRequestHeaders:TryAddWithoutValidation("Authorization","if/gWccU84vKq6Uj1zUZqqWOnpIbIj/rs7i4UH/fZX4=").

Is there such an option in Openedge?
 

Stefan

Well-Known Member
The HttpHeaderBuilder is registering headers named Authorization with the AuthorizationHeaderBuilder class, which invokes the AuthorizationHeader class which contains the check on the value. You may be able to override this registry entry with the DefaultHeaderBuilder, but I have no experience with this.

The hammer / screw approach (which always works) is to ensure you include your version of the AuthorizationHeader class with the check removed is found first in your propath.
 
Top