WebBasic Authorization without a username

I am trying to authorize with an external API and they have a unique setup where you can generate a token which is then supposed to be used as the password portion of a Basic authorization, where the username is empty. In the end, the authorization header looks something like this:

Authorization: Basic BASE64TOKENSTRING 

where BASE64TOKENSTRING is the :<token> converted to base64.

I have tried a few different things and can’t seem to find a way to make this work.

Attempt 1: Use the WebBasic Authorization type

This would be the easiest option by far, except that Coda doesn’t currently support an empty username field. There is an argument for “username only”, but no such option for having “password only”

Attempt 2: Use CustomHeaderToken Authorization type

I tried this method, having the custom header be “Authorization” and a tokenPrefix of “Basic :”, but then I don’t have a way to convert the username/password portion to base64.

Attempt 3: Use Custom Authorization type

I then tried using the Custom Auth type, and having the user provide the token as a secret, but I run into issues when I try to convert this to Base64. I am able to get everything formatted together, but there doesn’t seem to be any way for me to specify that I want to convert a portion of the header value to Base64 after the invocationToken is resolved. If I try to convert in my execute function, it simply converts the invocation token string template to base64 instead of resolving the parameter value.

Any ideas how I can make this work? Or maybe there is an opportunity to expand on the current WebBasic Authorization type to allow an empty username field?

Hey there!

You should be able to do something similar to the following

  type: coda.AuthenticationType.WebBasic,
  uxConfig: {
    placeholderUsername: "API token",
    usernameOnly: true,

The key is in the usernameOnly key set to true

Edit: did I read you wrong? Is it NO username?

@Scott_Collier-Weir, yes, the problem is that I need “password only” not “username only”. If there were a parallel option available for passwordOnly, then I think that would be the ideal solution.

@Skyler_Tolman what happens if you pass any string as the username? Like test, username or anything.

Great question. I have tried entering a minimal password like a space or “''” and it fails to authenticate. It seems to very specifically expect no username

I can get this to work if I encode the token to base64 myself and then pass this in as a token using the CustomHeader authorization, but it’s not a very elegant solution from the user’s perspective. The string I end up needing to “encode” to base64 is of the form Basic:<token>. If I give Coda the encoded version of that string as the token, using “Authorization” as the header and “Basic” as the token prefix, it seems to work. But I don’t love it as a long-term solution.

So something like placeholder:<token> didn’t work?

1 Like

Ha! I attempted this again and it does work. Thanks. I must have had something else wrong in my setup before.

1 Like

in your pack you can use the javascript function btoa(myString) to convert myString to base64