Frappe Whitelisting Error

Hi team,

I am facing an issue with whitelisting my end point. I created a method and added below decorator to it.

@frappe.whitelist(allow_guest=True)
def handle_webhook(**kwargs):
return “OK”

I am trying to handle a webhook which comes from Microsoft teams. Along with the callback Microsoft teams sends us a JWT Bearer token in the headers.

The request is not reaching my code as the frappe is throwing an authentication error. I tried to hit the end point with headers passed. I got below response.

{
“exception”: “frappe.exceptions.AuthenticationError”,
“exc”: “["Traceback (most recent call last):\n File \"apps/frappe/frappe/app.py\", line 86, in application\n frappe.api.validate_auth()\n File \"apps/frappe/frappe/api.py\", line 186, in validate_auth\n raise frappe.AuthenticationError\nfrappe.exceptions.AuthenticationError\n"]”
}

How to overcome this error? I don’t want the authentication to be done even if the authorization headers are found.

With regards,
Prem

Refer this:

I think there is a confusion. My issue is not about verification key. The verification key is a part of authorization headers. But frappe considers this bearer token as a token that is assigned to a signed in user.

Which version are you using?

You may monkey patch this according to your requirement. But it may cause some security issue.

Thanks for the suggestion. Monkey patching works in our case. But we didn’t want to consider monkey patching because we are not sure about what issues might come up and we didn’t want to mess up the authentication flow. Is it safe to follow this approach?

If you are on <=14 version then you can try : auth_hooks hook.

Reference :

Thanks this worked.

What we did:
We tried to add a method to auth_hooks and tried to set current session to a valid user based on who is sending the request. This worked.