MongoDB.live, free & fully virtual. June 9th - 10th. Register Now

How to include user credentials in GET Request to webhook?

I am not able to put the user credentials in the header because the OPTIONS pre-flight request fails. I believe this has to do with a CORS issue. Any guidance would be appreciated.

Hi @Charlie_Hauser,

Could you elaborate more what you’re trying to do, perhaps with an example ?
Including which Stitch Authentication Providers you are using.

Regards,
Wan.

I don’t think webhooks are supposed to be called from browser. You have to send username and password for every call or use api key - no temporary session token. The custom provider might work, have no idea about that.

I am hosting a react app using stitch. I have configured the custom JWT authentication using Microsoft Azure AD. I would like to use the webhooks as a rest api. I followed the documentation, here, to create an incoming webhook and authenticate requests with user credentials. The documentation suggests placing the credentials in either the header or body of the request with the syntax:

    {
      "jwtTokenString": "<User's JWT Token>"
    }

I would like to send the credentials in the header because GET requests do not have body. When I place the JWT in the header as shown in the documentation the browser sends a CORS preflight request because it is not a simple request. This request then fails because the response from stitch doesn’t have any of the CORS headers.

Thanks for the response and let me know if you need anymore information.

Hi all,

I am having the same problem with the UserPass authentication on a HTTP.GET request webhook. I am having a “400 Bad request” response when I try to send the credentials like normal Http authentication.

I use the HttpRequest.Builder() to build the request object. I tried to follow the guidelines at https://docs.mongodb.com/stitch/services/http-actions/http.get/#request-authentication but still getting the 400 Bad Request response.

Thank you,
Stéphane