Phoenix API with android phone

MUSTDOS · May 22, 2025, 3:11pm

My Phoenix API works on hopscotch.io web but not on the phone itself but I even tried this https://abulasar.com/installing-cors-in-elixir-phoenix-application
Which lead to nowhere.
I can get a token on my phone but I always get 401 whenever I try to use it

How do I fix this?

thomas.fortes · May 22, 2025, 6:04pm

What do you mean on the phone itself?

web or mobile app?

Where it is running? local or web?

How are you sending the token during the request?

If it is a webapp, can you do it from a browser where you can check the developer tools to see if there’s something wrong?

Based only on what you wrote I would check if hoppscotch isn’t skipping CORS errors. You may be hitting this issue, which should be easy to check using your browser’s developer tools. Debugging on a phone browser is possible, but it’s easier to do on a computer.

MUSTDOS · May 22, 2025, 6:17pm

Mobile android web app.

I got my guess for CORS from here Interceptor - Hoppscotch Documentation

MUSTDOS · May 22, 2025, 6:18pm

I’m sending my authentication (after getting a token) from here Fuel | Fuel - Documentation

thomas.fortes · May 22, 2025, 6:43pm

Since fuel is a kotlin library I will assume that it is a mobile app like one built using android studio, in that case CORS doesn’t apply (or at least shouldn’t), so correct me if I’m wrong.

If that’s the case the 401 is what matter and that’s the HTTP error for credentials invalid, even though it isn’t elixir, can you show us the code where you’re adding the header?

I suppose you’re using the Authorization header, a common mistake is forgetting to add the auth-scheme, which for an API is usually Bearer.

Edit: ok, nevermind, if you’re using

val token = "mytoken"

Fuel.get("https://httpbin.org/bearer")
    .authentication()
    .bearer(token)
    .response { result -> }

It should work.

If you’re using this and it is not working I would check if the token is being retrieved correctly and is a valid token, if it is I then I would debug the requests that are returning a 401.

MUSTDOS · May 22, 2025, 6:55pm

private fun fuelGet_logOut(): String {

    val (request, response, result) = Fuel.get(sign_out_URL)
        .authentication()
        .bearer(user_token.token)
        .response()

    Log.i("request", request.toString())
    Log.i("response", String(response.data))
    Log.i("result", result.toString())

    when (result) {
        is Result.Failure -> {
            return getString(R.string.bad_connection)
        }
        is Result.Success -> {
            val response_body = String(response.data)
            //val user_token_array = Json.decodeFromString<UserToken>(response_body)
            //Log.i("User name:",user_token_array.name)
            return getString(R.string.options_sign_out)
        }
    }
}

Note: user_token.token is taken from the login activity and I check in my database; both tokens match.

thomas.fortes · May 22, 2025, 10:32pm

Just something that I noticed, is the HTTP method correct? Usually sign outs use DELETE or POST, GET should not be used to do things that change the server state.

If it is correct I would go to the phoenix code and start debugging the request there.

MUSTDOS · May 23, 2025, 6:44am

It uses GET on the server side and works in hopscotch.io.

MUSTDOS · May 25, 2025, 8:12pm

Does in anyway Guardian impede/changes the behavior of CORSPlug?