Getting 400 Bad Request for attempting to get token for Super Admin but works for user tokens

Questions and Answers Strapi Backend
1
System Information
  • 3.2.4:
  • Ubuntu 18.04.4 LTS:
  • mysql:
  • v12.16.2:
  • 6.14.4:
  • 1.22.5:

Hi, I created a second Super Admin and used the provided example code using axios to attempt to get a token. It works when I try it with a basic user account, but I get a statusCode: 400 ‘Bad Request’ when using the Super Admin account.

Here’s the code:

import axios from 'axios';

// Request API.
axios
.post(‘http://localhost:1337/auth/local’, {
identifier: ‘productadmin’,
password: ‘Pa1234512345’,
})
.then(response => {
// Handle success.
console.log(‘Well done!’);
console.log(‘User profile’, response.data.user);
console.log(‘User token’, response.data.jwt);
})
.catch(error => {
// Handle error.
console.log(‘An error occurred:’, error.response);
});

Here’s the console.log:
An error occurred: {
status: 400,
statusText: ‘Bad Request’,
headers: {
vary: ‘Origin’,
‘strict-transport-security’: ‘max-age=31536000; includeSubDomains’,
‘x-frame-options’: ‘SAMEORIGIN’,
‘x-ratelimit-limit’: ‘10’,
‘x-ratelimit-remaining’: ‘9’,
‘x-ratelimit-reset’: ‘1609861672’,
‘content-type’: ‘application/json; charset=utf-8’,
‘x-powered-by’: ‘Strapi <strapi.io>’,
‘x-response-time’: ‘37ms’,
‘content-length’: ‘245’,
date: ‘Tue, 05 Jan 2021 15:46:51 GMT’,
connection: ‘close’
},
config: {
url: ‘http://localhost:1337/auth/local’,
method: ‘post’,
data: ‘{“identifier”:“productadmin”,“password”:“Pa1234512345”}’,
headers: {
Accept: ‘application/json, text/plain, /’,
‘Content-Type’: ‘application/json;charset=utf-8’,
‘User-Agent’: ‘axios/0.21.1’,
‘Content-Length’: 55
},
transformRequest: [ [Function: transformRequest] ],
transformResponse: [ [Function: transformResponse] ],
timeout: 0,
adapter: [Function: httpAdapter],
xsrfCookieName: ‘XSRF-TOKEN’,
xsrfHeaderName: ‘X-XSRF-TOKEN’,
maxContentLength: -1,
maxBodyLength: -1,
validateStatus: [Function: validateStatus]
},
request: ClientRequest {
_events: [Object: null prototype] {
socket: [Function],
abort: [Function],
aborted: [Function],
connect: [Function],
error: [Function],
timeout: [Function],
prefinish: [Function: requestOnPrefinish]
},
_eventsCount: 7,
_maxListeners: undefined,
outputData: [],
outputSize: 0,
writable: true,
_last: true,
chunkedEncoding: false,
shouldKeepAlive: false,
useChunkedEncodingByDefault: true,
sendDate: false,
_removedConnection: false,
_removedContLen: false,
_removedTE: false,
_contentLength: null,
_hasBody: true,
_trailer: ‘’,
finished: true,
_headerSent: true,
socket: Socket {
connecting: false,
_hadError: false,
_parent: null,
_host: ‘localhost’,
_readableState: [ReadableState],
readable: true,
_events: [Object: null prototype],
_eventsCount: 6,
_maxListeners: undefined,
_writableState: [WritableState],
writable: false,
allowHalfOpen: false,
_sockname: null,
_pendingData: null,
_pendingEncoding: ‘’,
server: null,
_server: null,
parser: null,
_httpMessage: [Circular],
[Symbol(asyncId)]: 10,
[Symbol(kHandle)]: [TCP],
[Symbol(kSetNoDelay)]: false,
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: null,
[Symbol(kBuffer)]: null,
[Symbol(kBufferCb)]: null,
[Symbol(kBufferGen)]: null,
[Symbol(kCapture)]: false,
[Symbol(kBytesRead)]: 0,
[Symbol(kBytesWritten)]: 0
},
connection: Socket {
connecting: false,
_hadError: false,
_parent: null,
_host: ‘localhost’,
_readableState: [ReadableState],
readable: true,
_events: [Object: null prototype],
_eventsCount: 6,
_maxListeners: undefined,
_writableState: [WritableState],
writable: false,
allowHalfOpen: false,
_sockname: null,
_pendingData: null,
_pendingEncoding: ‘’,
server: null,
_server: null,
parser: null,
_httpMessage: [Circular],
[Symbol(asyncId)]: 10,
[Symbol(kHandle)]: [TCP],
[Symbol(kSetNoDelay)]: false,
[Symbol(lastWriteQueueSize)]: 0,
[Symbol(timeout)]: null,
[Symbol(kBuffer)]: null,
[Symbol(kBufferCb)]: null,
[Symbol(kBufferGen)]: null,
[Symbol(kCapture)]: false,
[Symbol(kBytesRead)]: 0,
[Symbol(kBytesWritten)]: 0
},
_header: ‘POST /auth/local HTTP/1.1\r\n’ +
‘Accept: application/json, text/plain, /\r\n’ +
‘Content-Type: application/json;charset=utf-8\r\n’ +
‘User-Agent: axios/0.21.1\r\n’ +
‘Content-Length: 55\r\n’ +
‘Host: localhost:1337\r\n’ +
‘Connection: close\r\n’ +
‘\r\n’,
_onPendingData: [Function: noopPendingOutput],
agent: Agent {
_events: [Object: null prototype],
_eventsCount: 2,
_maxListeners: undefined,
defaultPort: 80,
protocol: ‘http:’,
options: [Object],
requests: {},
sockets: [Object],
freeSockets: {},
keepAliveMsecs: 1000,
keepAlive: false,
maxSockets: Infinity,
maxFreeSockets: 256,
[Symbol(kCapture)]: false
},
socketPath: undefined,
method: ‘POST’,
insecureHTTPParser: undefined,
path: ‘/auth/local’,
_ended: true,
res: IncomingMessage {
_readableState: [ReadableState],
readable: false,
_events: [Object: null prototype],
_eventsCount: 3,
_maxListeners: undefined,
socket: [Socket],
connection: [Socket],
httpVersionMajor: 1,
httpVersionMinor: 1,
httpVersion: ‘1.1’,
complete: true,
headers: [Object],
rawHeaders: [Array],
trailers: {},
rawTrailers: [],
aborted: false,
upgrade: false,
url: ‘’,
method: null,
statusCode: 400,
statusMessage: ‘Bad Request’,
client: [Socket],
_consuming: false,
_dumped: false,
req: [Circular],
responseUrl: ‘http://localhost:1337/auth/local’,
redirects: [],
[Symbol(kCapture)]: false
},
aborted: false,
timeoutCb: null,
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: false,
_redirectable: Writable {
_writableState: [WritableState],
writable: true,
_events: [Object: null prototype],
_eventsCount: 2,
_maxListeners: undefined,
_options: [Object],
_ended: true,
_ending: true,
_redirectCount: 0,
_redirects: [],
_requestBodyLength: 55,
_requestBodyBuffers: [],
_onNativeResponse: [Function],
_currentRequest: [Circular],
_currentUrl: ‘http://localhost:1337/auth/local’,
[Symbol(kCapture)]: false
},
[Symbol(kCapture)]: false,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype] {
accept: [Array],
‘content-type’: [Array],
‘user-agent’: [Array],
‘content-length’: [Array],
host: [Array]
}
},
data: {
statusCode: 400,
error: ‘Bad Request’,
message: [ [Object] ],
data: [ [Object] ]
}
}

=================

I’ve tried it with the first Super Admin, as well as the second created and it’s the same result, 400 Bad Request, but it works fine and returns a token with a regular user.

Any help is greatly appreciated.
Thanks! Rxrx

2

For anyone else that may have a similar question regarding trying to access the API using a SuperAdmin account, they are separated completely.
So I had to dig through other topics, which I did do originally but dismissed this one since it was GraphQL related. I assumed I missed something so read a little more deeply. Here is the link to the other topic and @DMehaffy’s, response to the topic. https://forum.strapi.io/t/graphql-login-mutation-error/804

Basically, if I’m correct, if you’re wanting to create an API administrator with “Super Admin Like” ability, you’ll need to create a new user role under USERS & PERMISSINS PLUGIN, give it the rights you want, then create a new user account, and give it that role.

Hope this helps someone with a similar mishap as mine. Thanks.
Rxrx

1 Like