correct-apricot•2mo ago

useCustomMutation authorization issue

Hello, I am using GraphQL, and I want to send a mutation to verify the two-factor authentication of a user then logs him in, everything is good with the backend, it works well when testing with postman, but when trying to implement it in my refine app I get "Unauthorized" error despite passing the Authorization bearer token in the headers, here is what I do:

loginTwoFactorAuthentication({
      url: API_URL,
      method: "post",
      config: {
        headers: {
          // Send the short-lived token in the Authorization header
          Authorization: `Bearer ${shortLivedToken}`,
        },
      },
      meta: {
        gqlMutation: MUTATION_LOGIN_TWO_FACTOR_AUTHENTICATION,
        variables: {
          loginTwoFactorAuthenticationInput: {
            userId: "toVerify",
            otp: code,
          },
        },
      },
      values: {},
    });

loginTwoFactorAuthentication({
      url: API_URL,
      method: "post",
      config: {
        headers: {
          // Send the short-lived token in the Authorization header
          Authorization: `Bearer ${shortLivedToken}`,
        },
      },
      meta: {
        gqlMutation: MUTATION_LOGIN_TWO_FACTOR_AUTHENTICATION,
        variables: {
          loginTwoFactorAuthenticationInput: {
            userId: "toVerify",
            otp: code,
          },
        },
      },
      values: {},
    });

When sending this mutation, onError is called with "Unauthorized" error, what am i doing wrong ?

2 Replies

kapa.ai•2mo ago

Hi @3abdjlil. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Based on the information provided, it seems like you're correctly setting the Authorization header in your useCustomMutation call. However, there could be a few reasons why you're still receiving an "Unauthorized" error. 1. Token Expiry: Ensure that the shortLivedToken you're using hasn't expired. Tokens are usually time-sensitive and may need to be refreshed. 2. Incorrect Token: Verify that the shortLivedToken is correct. It might be possible that the token is not being set or retrieved correctly. 3. Backend Authorization: Check your backend server's authorization logic. It's possible that the server is not correctly validating the token or the user's permissions. 4. CORS Issues: If your backend server is on a different domain, you might be running into Cross-Origin Resource Sharing (CORS) issues. Ensure that your server is set up to accept requests from your application's domain. Unfortunately, without more information, it's hard to pinpoint the exact issue. I would recommend checking the network tab in your browser's developer tools to see the full request and response details. This might give you more insight into what's going wrong. For more information on how to use useCustomMutation, you can refer to the official documentation (https://refine.dev/docs/data/hooks/use-custom-mutation). ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------

kapa.ai•2mo ago

<@274658679611981824> kapa.ai is still learning and improving, please let us know how it did by reacting below