I'm pleased to be able to interact with my Spring service and it's database. I am able to retrieve data using URLs that are marked open to all users using the following Web component blocks.
set Web1 . Url to "http://mySite:8080/fetchsomething"
get Web1 . Get
But so far I haven't been able to figure out if AI supports a way to use the service when Basic Auth info is required. The application Postman explains Basic Auth as follows:
In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic as follows:
Basic <Base64 encoded username and password>
It seems that perhaps the Properies->RequestHeaders or Methods->BuildRequestData might be involved. But I'm not able to figure out how.
The app I am making doesn't need to be super secure, especially for the bulk of the users that it is designed for, who are restricted to "read only" access. But it would be nice if they just fetched the info without having to manually log in, and, at the same time, nice if casual hackers were excluded.
If you have suggestions as to how to build this, I am all ears. I am new to AI and to making back end services with Spring Boot.
I'd be happy to add to the library. Heads up, I'm working two other jobs and am doing this in my "spare" time, so progress is slow. I'd like to make it part of a tutorial, perhaps.
set Web1 .RequestHeaders to
make a list
"Authorization"
join
"Basic"
"<Base64 " + encodedUsernameAndPassword + ">
Is there a convention as to how to notate blocks?
Also, I think the suggestion has been made to put the token value into a variable. In other words, work out the encoding elsewhere and only have the encoded value appear in the app blocks. I'm guessing that token variable's value will be visible? I'm not clear how easy it is to decompile App Inventor apps. Or maybe the way security works is that we assume the user who owns the app is not the issue, but rather it's the transmission's possible interception (man-in-the-middle)?
I haven't learned how to set up a server on https, it's currently at the standard http 8080 port on my remote server. Lot's of details still to work out!
You need a list of another list, which is a key/value pair as shown in the example
Also between "Basic" and your string there must be a space
It would really help if you provided a screenshot of your relevant blocks, so we can see what you are trying to do, and where the problem may be.
To get an image of your blocks, right click in the Blocks Editor and select "Download Blocks as Image". You might want to use an image editor to crop etc. if required. Then post it here in the community.
I was able to test the Basic Auth coding solution today, and it worked!
I'm not sure which reply to click as the solution. I had multiple followup questions which were kindly answered. I will select Taifun's first reply with the link to the example, but am very thankful for everyone else's help as well.
Additional notes
As discussed, we have to place in the header the following:
Authorization
Basic <Base64 encoded username and password>
The part that replaces the above's <> is an encoding of a string consisting of the username, a ":" and the password. Using Java's utility JShell (a way to quickly get a shell up and running that can execute Java commands), entering the following command at the jshell prompt will generate the needed token, which can be copied and pasted into the variable strAccessToken via the text "Obfusticated Text" control.
Taifun.