Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

Web Server keeps asking for basic authentication when using a Client Extension that makes a request via OAuth to Liferay API

Written By

Ricardo Couso

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • A Web Server before the Liferay environment is configured with Basic Auth.
  • Liferay uses a Client Extension (CX) that makes a request to a Liferay API using OAuth.
  • When the page using the CX is loaded, the Web Server keeps asking for the basic credentials, even after they've been provided once.

Environment

  • Quarterly Release 2024.Q1

Resolution

  • When the Web Server is configured with Basic Auth the first request will ask for credentials. Subsequent ones will include a header Authorization of type Basic with a token to avoid asking again.
  • A request to the Liferay API using OAuth is done with Authorization of type Bearer. 
  • Since only one token can be used with the header Authorization and the Bearer one is used, the Web Server asks for credentials.
  • To avoid this issue, note that since the request from the CX is to a Liferay API there's no need to use OAuth (the authorization server and the resource server are the same). Instead the api method could be used, like in this example: 
    api('o/headless-admin-user/v1.0/my-user-account')
    .then((response) = response.json())
        .then((response) = {

Additional Information

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?