Trouble with Scoped Search API Keys in Flutter App
TLDR Shane struggled with scoped search API keys in Typesense library for a Flutter app, which returned a 401 error. Jason identified that the error may be a result of an invalid filter within the key, and instructed to create separate keys for different permissions. On implementation, the error was resolved.
1
Jul 05, 2023 (3 months ago)
Shane
02:31 PMShane
02:38 PM401: {"message": "Forbidden - a valid `x-typesense-api-key` header must be sent."}
Code block
Future<Configuration> getTypeSenseConfig(Environment environment) async {
final typeSenseConfig = TypeSenseConfig(environment);
var generatedScopeKey =
await callGenerateScopedSearchKey('userId', 'accountId');
// Create and return the Configuration instance
final config = Configuration(
generatedScopeKey,
nodes: {
Node.withUri(
Uri(
scheme: 'https',
host: typeSenseConfig.typeSenseHost,
port: 443,
),
),
},
numRetries: 3, // A total of 4 tries (1 original try + 3 retries)
connectionTimeout: const Duration(seconds: 2),
);
return config;
}
Jason
05:01 PMJason
05:02 PMJason
05:02 PMShane
05:12 PM// @ts-check
const Typesense = require("typesense");
// Initialize Typesense client
const typesenseClient = new Typesense.Client({
// Set the appropriate endpoint and API key for your Typesense instance
nodes: [
{
host: "",
port: 443,
protocol: "https", // Use 'https' for secure connection
},
],
apiKey: "redacted",
});
// Function to generate a scoped search key
async function generateScopedSearchKeyForTypesense(userId, accountId) {
try {
// Make sure that the parent search key you use to generate a scoped search key
// has no other permissions besides `documents:search`
// Generate a scoped search API key with embedded filter
const searchKey = "redacted"; // Replace with your main search API key
const parameters = {
filter_by: `accountId:=${accountId}`,
};
const scopedSearchKey = await typesenseClient.keys().generateScopedSearchKey(searchKey, parameters);
// Make sure that the parent search key you use to generate a scoped search key
// has no other permissions besides `documents:search`
// Return the scoped search key
return scopedSearchKey;
} catch (error) {
console.error("Error generating scoped search key:", error);
throw error;
}
}
module.exports = generateScopedSearchKeyForTypesense;
Jason
05:17 PM// Make sure that the parent search key you use to generate a scoped search key
// has no other permissions besides `documents:search`
Jason
05:17 PM[ "documents:search", "documents:get" ]
Jason
05:18 PMdocuments:search
permission), vs the documents:get endpointShane
05:29 PM1
Shane
06:27 PM400: {"message": "No search fields specified for the query."}
I'm using that cloud function in order to generate the scope searched key with the only required parameter (for security purposes) that is required and that is
accountId
.I'm taking that scoped security key and using it in my Configuration object from Flutter. Then I'm querying with what the user would be searching. Maybe i move this all to the server side cloud function?
final searchParameters = {
'q': searchModel
.searchKey, // Access searchKey property using the null-aware operator
'per_page': pageSize.toString(),
'page': (pageKey + 1).toString(),
'preset': 'inventory_search',
'filter_by': filterBy,
"sort_by": "modifiedOn:desc",
'facet_by': 'category,status',
};
Jason
07:18 PMShane
09:39 PMJason
09:39 PMpreset
param in your code snippet above. My bad.Jason
09:40 PMShane
09:40 PMJul 06, 2023 (3 months ago)
Shane
12:25 AMq
parameter, but the purpose of this function is get my search scope key, and then call the actual search with that key and a query. is that how it's supposed to work?Jason
03:20 AMYou would use the code in this function to get your search scoped key
Jason
03:21 AMTypesense
Indexed 2779 threads (79% resolved)
Similar Threads
Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.
Resolving Issues with Scoped API Keys in Typesense with Golang
Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.
Correct API Key Generation and Usage on Cloud
Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.
Trouble Spotting API Error in Dart vs Shell Operations
Erick is having issues with the typesense API, receiving errors in Dart that are not present in shell operations. Despite Kishore Nallan trying to help, no solution has been found, leading Erick to post the issue on the dart client repository.
Scoped Search Key with Preset Parameters Issue
Gustavo faces issues with search key generation and preset parameters. Kishore Nallan clarifies how presets work, but the issue remains unresolved, requiring further investigation.