If possible, tell your customer to not use the percent sign %. But if this is not possible, then you get into the encoding rabbit hole. You may need to use 2 percent signs. (i.e. pass%%Word123).
Jeff, thanks for the suggestion. Unfortunately, it does not work. But I did some research, and if I replace the percent in a password by '%25' then it works.
I wonder if this should be treated as a bug, or do I really need to implement this myself?
I feel like this should be considered a bug...
I doubt they will admit to it being a bug, but rather it has to do with http communication / protocol.
Is it possible to just use an application service account to login via the REST API? How are you using it?
I'm using the REST API fully as part of our integration. I can't control what password our customers will put as a password. Telling them not to use percent in a password is somewhat a weak solution to me.
On the other hand, even though I do have a solution, my current concern is what if I implement this change on my side, and then they decide it's a bug and fix it, which results in my side having to be fixed again... I'll open a case and see what they say.
What version of Tableau are you running?
When we upgraded to v9.0.3 we found passwords with £ signs stopped working (nothing to do with REST API calls, just standard authentication with the server via desktop or on the server directly). Support acknowledged there was an issue with passwords containing some special characters which had been inadvertently introduced. This got fixed in a later version of v9 ( I can't recall which exactly) though we didn't upgrade again until v10.1.1 recently.
Have you verified whether the password works if the account tries to authenticate directly ie not using a REST API call?
If it does work, then definitely worth opening a support call with Tableau.
FYI - I have no experience in using REST API :-)
This is on 9.3. Normal login works, only the REST API fails, and only with the percent sign.
Ok, thanks for the update. Definitely raise to supprt - at the very least if its not a bug, they could author a KB article about it for future reference.
I ended up opening a case to find out. They refered me to this thread:
Which I had refered to myself in my original post. At least, we're on the same page.
Tableau Support answer was:
I have heard no indication that the method of handling these characters will be updated to remove this ability, since at this time this is the only method available to use the REST API with a password containing these characters.
It would seem if this is updated, it would be to allow the special characters to work when typed normally or to allow multiple special characters to be escaped in a single password. Please note that I am speculating on these changes; I have also not heard any information about those being implemented in any upcoming release of Tableau software.
Since the code you are using is not of the type referenced in the Community post above (percent encoding rather than XML or HTML escaping) I would recommend using the HTML escape code for this character, as this is a code fully understood by all browsers and many other programs used for coding and/or scripting. The HTML escape code for % is "%" (without the quotes). This code has been working correctly as long as I have known and should not be changed.
So it should be treated as a technical challenge; probably should end up in the Knowledge Base.
I just tested this intensively with Alteryx with Tableau Server 10.40 and replied in more detail here.
I could not get the % sign to work out all.
- Using it without escaping gave me back a bad request (HTTP/1.1 400 Bad Request)
- All replacements suggested in this post gave me erros:
- Replacing it with "%" gave me back unauthorized (HTTP/1.1 401 Unauthorized)
- Replacing it with "%25" gave me back unauthorized (HTTP/1.1 401 Unauthorized)
- Replacing it with "%%" gave me back a bad request (HTTP/1.1 400 Bad Request)