Hi,
I’m reading the document for N1QL REST API: Couchbase SDKs, and I noticed that under Request parameters section, in the description of creds parameter, it says:
If credentials are supplied in the request header (that is, using HTTP basic authentication), then creds is ignored
However, if you scroll down to Authentication parameters section, it says:
If a request contains both HTTP basic authentication header and a creds parameter, the HTTP basic authentication header is ignored
It’s confusing to me, and I want to know which part is correct?
Thanks
Hi @johan_larson, please take a look.
Already on it, Gerald.
Steven, if you supply both basic authorization and the “creds” parameter, we use the basic authorization.
I just tested this on the current codebase. With a bucket “customer” having password “key”, this works:
curl http://localhost:8093/query/service -d "statement=select count(*) from customer&creds=[{\"user\":\"customer\",\"pass\":\"wrong\"}]" -u customer:key
This does not:
curl http://localhost:8093/query/service -d "statement=select count(*) from customer&creds=[{\"user\":\"customer\",\"pass\":\"key\"}]" -u customer:wrong
Accordingly, we are using the basic authorization info, not the creds array, when both are present.
1 Like