I have been at this for hours, and finally figured it out.
For obvious reasons, I would like to avoid logging in every time I start my app, and using Cookie Tokens when possible. The problem rises when attempting to do so via the configuration:
The documentation in the Config says to do the following:
:Example:
API Key Authentication Example.
Given the following security scheme in the OpenAPI specification:
components:
securitySchemes:
cookieAuth: # name for the security scheme
type: apiKey
in: cookie
name: JSESSIONID # cookie name
You can programmatically set the cookie:
conf = vrchatapi.Configuration(
api_key={'cookieAuth': 'abc123'}
api_key_prefix={'cookieAuth': 'JSESSIONID'}
)
The following cookie will be added to the HTTP request:
Cookie: JSESSIONID abc123
However, if we scroll down to the auth_settings function, we find that the key configuration documentation is incorrect, as it reads:
def auth_settings(self):
"""Gets Auth Settings dict for api client.
:return: The Auth Settings information dict.
"""
auth = {}
if 'authCookie' in self.api_key:
auth['authCookie'] = {
'type': 'api_key',
'in': 'cookie',
'key': 'auth',
'value': self.get_api_key_with_prefix(
'authCookie',
),
}
if self.username is not None and self.password is not None:
auth['authHeader'] = {
'type': 'basic',
'in': 'header',
'key': 'Authorization',
'value': self.get_basic_auth_token()
}
if 'twoFactorAuthCookie' in self.api_key:
auth['twoFactorAuthCookie'] = {
'type': 'api_key',
'in': 'cookie',
'key': 'twoFactorAuth',
'value': self.get_api_key_with_prefix(
'twoFactorAuthCookie',
),
}
return auth
It implements Cookies incorrectly, as if you use the documentation with the correct authCookie key, it will put the pair into the cookies, but with one flaw:
Cookies are specified as key=value and the function writes key value, and therefore never actually validates. If you try this with a valid cookie, you will get a HTTP/1.1 401 Unauthorized with response {"error":{"message":"\\"Missing Credentials\\"","status_code":401}}.
To actually authenticate, you need to set api_key_prefix to {"authCookie": ""} and api_key to {"authCookie": "auth=authcookie_<CODE_HERE>"}
I am not actually sure, as I don't have a way to test, but I believe that the twoFactorAuthCookie key/value pair will also have this bug.
I have been at this for hours, and finally figured it out.
For obvious reasons, I would like to avoid logging in every time I start my app, and using Cookie Tokens when possible. The problem rises when attempting to do so via the configuration:
The documentation in the Config says to do the following:
However, if we scroll down to the
auth_settingsfunction, we find that the key configuration documentation is incorrect, as it reads:It implements Cookies incorrectly, as if you use the documentation with the correct
authCookiekey, it will put the pair into the cookies, but with one flaw:Cookies are specified as
key=valueand the function writeskey value, and therefore never actually validates. If you try this with a valid cookie, you will get aHTTP/1.1 401 Unauthorizedwith response{"error":{"message":"\\"Missing Credentials\\"","status_code":401}}.To actually authenticate, you need to set
api_key_prefixto{"authCookie": ""}andapi_keyto{"authCookie": "auth=authcookie_<CODE_HERE>"}I am not actually sure, as I don't have a way to test, but I believe that the
twoFactorAuthCookiekey/value pair will also have this bug.