Load user from sessionToken in nodejs

[Jauny]

Hi,

I'm trying to find the best way to load/auth a user from a sessionToken. Only way I've found so far is to use the http api to call /users/me with X-Parse-Application-Id and X-Parse-Session-Token headers.
I've seen conflicting answers about having to add a X-Parse-REST-API-Key (including on the official docs). Our parse-server is started without a rest-api-key so I should not need one.

The call I'm doing then is the following:

curl -X GET \
  -H "X-Parse-Application-Id: <appId>" \
  -H "X-Parse-Session-Token: <token>" \
  https://<url>/parse/users/me

I'm getting {"error":"unauthorized"} without additional information so I don't know what the issue is.

I'm using both the parse/node on nodejs and parse lib in the browser. The parse lib offers a Parse.User.become(token) function which works, but I'm wondering why there is not an equivalent function from the nodejs lib. All I need is a getUserFromToken or equivalent.

I've seen that there was a Parse.Cloud.httpRequest but it got removed from the nodejs lib. I'm using axios for the call (or as I told simply curl to test) and this is not working.

[flovilmart]

You’re missing the client key, or javascript key or don’t have the proper credentials to your server

[Jauny]

@flovilmart thanks for you answer, although I find closing this a bit early. From the doc, it doesn't mention the need for the client key, or javascript key, or other proper credentials.

The example from the doc is:

curl -X GET \
  -H "X-Parse-Application-Id: APPLICATION_ID" \
  -H "X-Parse-REST-API-Key: ${REST_API_KEY}" \
  -H "X-Parse-Session-Token: r:pnktnjyb996sj4p156gjtp4im" \
  https://YOUR.PARSE-SERVER.HERE/parse/users/me

As I said, even the doc mentions that X-Parse-REST-API-Key is not required if the app is not started with it (which in our case it is not).

I'm sure I am missing some credentials since the app is returning unauthorised, but I'd appreciate some guidance or links towards a documentation where additional authentication headers are mentioned so I can try them.

Thanks!

[flovilmart]

If you are getting ‘unauthorized’ this means the headers passed as credentials (appId, client keys etc...) are invalid.

Also, you should have some verbose logs, and perhaps the server running locally.

Lastly, we use GitHub issues for bugs, and encourage questions like yours to be asked on stackoverflow. For all those reasons this issue was closed.

[Jauny]

Ok, I've tried with the -H "X-Parse-Javascript-Key: <key>" header and it seems to work now.

I think this would be worth adding to the documentation.

Thanks!

[flovilmart]

If you’re accessing through the REST API, you should use a Rest api key, and configure it accordingly.

If you want to add docs feel free to open a PR on the docs repo