Trouble with Scoped Search API Keys in Flutter App
TLDR Shane struggled with scoped search API keys in Typesense library for a Flutter app, which returned a 401 error. Jason identified that the error may be a result of an invalid filter within the key, and instructed to create separate keys for different permissions. On implementation, the error was resolved.
Powered by Struct AI
1
19
3mo
Solved
Jul 05, 2023 (3 months ago)
Shane
Shane
02:31 PMI have a Flutter based app where I"m trying to make scope search API keys work, but i don't think that the official Typesense lib supports it. Do i need to call HTTP direct instead of using this lib if i want this security feature? https://pub.dev/packages/typesense
02:38
Shane
02:38 PMI add the scoped search key where the normal apiKey goes, but get a 401
Code block
401: {"message": "Forbidden - a valid `x-typesense-api-key` header must be sent."}Code block
Future<Configuration> getTypeSenseConfig(Environment environment) async {
final typeSenseConfig = TypeSenseConfig(environment);
var generatedScopeKey =
await callGenerateScopedSearchKey('userId', 'accountId');
// Create and return the Configuration instance
final config = Configuration(
generatedScopeKey,
nodes: {
Node.withUri(
Uri(
scheme: 'https',
host: typeSenseConfig.typeSenseHost,
port: 443,
),
),
},
numRetries: 3, // A total of 4 tries (1 original try + 3 retries)
connectionTimeout: const Duration(seconds: 2),
);
return config;
}Jason
Jason
05:01 PMThe client library is agnostic to scoped api keys - it’s just another api key from the client’s perspective
05:02
Jason
05:02 PMIt’s likely that there’s some filter embedded inside the scoped api key that’s invalid
05:02
Jason
05:02 PMCould you share the code snippet you’re using to generate the scoped api key?
Shane
Shane
05:12 PMthis code is in a Cloud Function and is called by the client to get the search key. this will successfully return a key.
// @ts-check
const Typesense = require("typesense");
// Initialize Typesense client
const typesenseClient = new Typesense.Client({
// Set the appropriate endpoint and API key for your Typesense instance
nodes: [
{
host: "",
port: 443,
protocol: "https", // Use 'https' for secure connection
},
],
apiKey: "redacted",
});
// Function to generate a scoped search key
async function generateScopedSearchKeyForTypesense(userId, accountId) {
try {
// Make sure that the parent search key you use to generate a scoped search key
// has no other permissions besides `documents:search`
// Generate a scoped search API key with embedded filter
const searchKey = "redacted"; // Replace with your main search API key
const parameters = {
filter_by: `accountId:=${accountId}`,
};
const scopedSearchKey = await typesenseClient.keys().generateScopedSearchKey(searchKey, parameters);
// Make sure that the parent search key you use to generate a scoped search key
// has no other permissions besides `documents:search`
// Return the scoped search key
return scopedSearchKey;
} catch (error) {
console.error("Error generating scoped search key:", error);
throw error;
}
}
module.exports = generateScopedSearchKeyForTypesense; Jason
Jason
05:17 PMThis comment is the solution:
// Make sure that the parent search key you use to generate a scoped search key
// has no other permissions besides `documents:search`05:17
Jason
05:17 PMIt looks like all your API keys have this as the permission:
[ "documents:search", "documents:get" ]05:18
Jason
05:18 PMYou want to create separate API keys to use with a scoped search api key and the search endpoint (with just the
documents:search permission), vs the documents:get endpointShane
Shane
05:29 PMso generate a new api search key that ONLY has documents:search. Okay, i'll try that. thanks
1
06:27
Shane
06:27 PMyou are a wise man, yes that worked! I'm getting this error now, however i'm wondering the best way to generate this:
I'm using that cloud function in order to generate the scope searched key with the only required parameter (for security purposes) that is required and that is
I'm taking that scoped security key and using it in my Configuration object from Flutter. Then I'm querying with what the user would be searching. Maybe i move this all to the server side cloud function?
400: {"message": "No search fields specified for the query."}I'm using that cloud function in order to generate the scope searched key with the only required parameter (for security purposes) that is required and that is
accountId.I'm taking that scoped security key and using it in my Configuration object from Flutter. Then I'm querying with what the user would be searching. Maybe i move this all to the server side cloud function?
final searchParameters = {
'q': searchModel
.searchKey, // Access searchKey property using the null-aware operator
'per_page': pageSize.toString(),
'page': (pageKey + 1).toString(),
'preset': 'inventory_search',
'filter_by': filterBy,
"sort_by": "modifiedOn:desc",
'facet_by': 'category,status',
};Jason
Jason
07:18 PMYou also want to specify the query_by field in the search parameters
Shane
Shane
09:39 PMThis message contains interactive elements.
Jason
Jason
09:39 PMOh you’re right - I missed the
preset param in your code snippet above. My bad.09:40
Jason
09:40 PMCould you give me a curl command that replicates the HTTP 400, with all the search params?
Shane
Shane
09:40 PMyes, give me a few
Jul 06, 2023 (3 months ago)
Shane
Shane
12:25 AMso it looks like it wants to
q parameter, but the purpose of this function is get my search scope key, and then call the actual search with that key and a query. is that how it's supposed to work?Jason
Jason
03:20 AM> the purpose of this function is get my search scope key
You would use the code in this function to get your search scoped key
You would use the code in this function to get your search scoped key
03:21
Jason
03:21 AMAnd then use that scoped API key to make this search API call
Typesense
Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI
Indexed 2779 threads (79% resolved)
Similar Threads
Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.
42
17mo
Resolving Issues with Scoped API Keys in Typesense with Golang
Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.
158
26mo
Solved
Correct API Key Generation and Usage on Cloud
Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.
31
12mo
Solved
Trouble Spotting API Error in Dart vs Shell Operations
Erick is having issues with the typesense API, receiving errors in Dart that are not present in shell operations. Despite Kishore Nallan trying to help, no solution has been found, leading Erick to post the issue on the dart client repository.
30
21mo
Scoped Search Key with Preset Parameters Issue
Gustavo faces issues with search key generation and preset parameters. Kishore Nallan clarifies how presets work, but the issue remains unresolved, requiring further investigation.
18
3mo