I am working on set of API development which needs authorization so in headers I have to include key as Authorization and value as Bearer <access_token> like below:
I have another authorization api which I call and in return it gives me below data which has token value:
{
"data": {
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkNwMTFCNXRGaWZLOZ1lOQXp5ZnZUa1hWMXhkbXJHOXBtem1xY0NRQT0iLCJhcHBfZGlzcGxheW5hbWUiOiJ1c2VyYWNjZXNzIiwiYXBwaWQiOiIyNDg4YTNiNi00MjlhLTQyZWMtYTVhZi04ZTQzZWFjNjJlMWIiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80ZjdjNzBhNy1mOGRlLTRhMzMtOGYzNS05OWE5ZDQ1NThkODUvIiwiaWR0eXAiOiJhcHAiLCJvaWQiOiJmNDk2NjUwZS1kOTgzLTRjNDItODViNC03NzYxZjljMTEzZDQiLCJyaCI6IjAuQVhjQXAzQjhUOTc0TTBxUE5abXAxRldOaGJhamlDU2FRdXhDcGEtT1EtckdMaHQzQUFBLiIsInJvbGVzIjpbIklkZW50aXR5VXNlckZsb3cuUmVhZFdyaXRlLkFsbCIsIlVzZXJTaGlmdFByZWZlcmVuY2VzLlJlYWQuQWxsIiwiVXNlckF1dGhlbnRpY2F0aW9uTWV0aG9kLlJlYWQuQWxsIiwiVXNlci5SZWFkV3JpdGUuQWxsIiwiVXNlckF1dGhlbnRpY2F0aW9uTWV0aG9kLlJlYWRXcml0ZS5BbGwiLCJEaXJlY3RvcnkuUmVhZFdyaXRlLkFsbCIsIklkZW50aXR5Umlza3lVc2VyLlJlYWRXcml0ZS5BbGwiLCJJZGVudGl0eVVzZXJGbG93LlJlYWQuQWxsIiwiVXNlci5JbnZpdGUuQWxsIiwiRGlyZWN0b3J5LlJlYWQuQWxsIiwiVXNlci5SZWFkLkFsbCIsIlVzZXJOb3RpZmljYXRpb24uUmVhZFdyaXRlLkNyZWF0ZWRCeUFwcCIsIlVzZXJTaGlmdFByZWZlcmVuY2VzLlJlYWRXcml0ZS5BbGwiLCJBcHBSb2xlQXNzaWdubWVudC5SZWFkV3JpdGUuQWxsIiwiVXNlci5FeHBvcnQuQWxsIiwiSWRlbnRpdHlSaXNreVVzZXIuUmVhZC5BbGwiLCJVc2VyLk1hbmFnZUlkZW50aXRpZXMuQWxsIl0sInN1YiI6ImY0OTY2NTBlLWQ5ODMtNGM0Mi04NWI0LTc3NjFmOWMxMTNkNCIsInRlbmFudF9yZWdpb25fc2NvcGUiOiJOQSIsInRpZCI6IjRmN2M3MGE3LWY4ZGUtNGEzMy04ZjM1LTk5YTlkNDU1OGQ4NSIsInV0aSI6IkVIYXVmb1pwazBhU2std0QyTEFlQUEiLCJ2ZXIiOiIxLjAiLCJ4bXNfdGNkdCI6MTYwODMwOTI5OH0.kEoNTY84S2sxjAlLGmfJzKYJ_20m9tOR22l3XFdrZVOR4Kv3X1ThZRvr-WckfVN0PeyQ_IIMdY7cf231MRfdMd8dTe0HdSobrBWuFel7gmdmstAWPeNLj5hIM2mQueNuyOa3PucR9qfOr0yQ-FA7I4F2UjFLN7WfU0NhP0hnI3Qg4mnnq1xc727kvZWC9KzbEszVpEnVtewLxKgWIIwRl_NsG6ghIO0utc3aJsU8f7oULVtb99gUhLM-4v5YcAk2xZebRoVnsJYv4tfg8cZJasG9POv7akzdjD8tKhjF1hOGjcowY3E0AxdiC4wYU0S7fj2Mpx4HD1gV9hPneFTgaA",
"expires_in": "3599",
"expires_on": "1618296096",
"ext_expires_in": "3599",
"not_before": "1618292196",
"resource": "https://graph.microsoft.com",
"token_type": "Bearer"
},
"msg": "",
"status": true
}
It has access_token which I have to copy in all the other apis to authorize. This token expires every 60min so I have to copy paste the token again and again. Is there any way available through which I can define a dynamic variable in postman and assign it value of access_token so that whenever it expires, I simply query the authorization api and value of that dynamic variable is automatically refreshed. This will help in copy pasting the token again in all the other APIs.
EDIT:
I have set the token variable in getoauthtoken api
In another api, I have now used {{token}} but looks like its not able to find it
You should be able to use this in the Tests tab:
pm.globals.set('token', pm.response.json.data.access_token)
Once you have the variable saved, you can use {{token}} as the header value.
If it expires, make the token request again to set the new value everywhere.
Alternatively, you could use something like this (you would need to modify the script for your context) to automatically refresh the token when it expires:
https://dannydainton.com/2018/09/10/postman-the-bearer-of-good-news/
You can go the the Test tab. and copy/paste this code javascript code.
pm.environment.set('token', pm.response.json().token)
And after the saving the token value into the environment variable you can go to the Authorization tab and click on the Type dropdown menu and select Bearer token like in screenshoot.
And then place this into the token input {{token}}
Related
I am trying to login using token-based Auth, because we are using Odoo-web module in mobile-app.
currently using GET-method url-passing approach which is "UNSECURE" on websites without SSL certificates and localhost-websites, as
myurl.com?username=foo&password=bar
How can I do that using Token based approach or passing credentials in POST-method, in Odoo-12?
Edit 1:
I found this authenticate() method in core-modules of odoo in http-controllers file and I am calling that only now, as:
request.session(db, username, password)
but I wanted it to be token based without hardcoding password as different passwords for different partners, which I can't hardcode and it's bad approach.
how can I do it by passing token and validating it?
You can use the authenticate endpoint provided by odoo to create a session for your api user.
In the following requests you then use the session id to process operations.
Example call to /web/session/authenticate with body:
{
"jsonrpc": "2.0",
"method": "call",
"id": 1,
"params": {
"db": "<YOUR-DB>",
"login": "<YOUR#LOGIN.COM>",
"password": "<YOUR-PASSWORD>"
}
}
You can find a description of the endpoints in https://github.com/odoo/odoo/blob/12.0/odoo/http.py
I have been trying to create an app in Zapier for one of my project. On the very first step, I am doing Authentication where I choose "Basic Auth" method. I have set API URL along with details, however cannot see the expected result and seeing error in my API return value. After debugging, I found that API doesn't get the value I pass thru the Zapier. I have checked the same API in postman and it works, however it only doesn't work thru the Zapier.
Below is even more detail how I proceed, what is expected result and what I am getting:
Process we're following
We have created an App
We went to Authentication step, there we have selected “Basic Auth” option
Under the Basic Auth, we have configure with setting end point and method is “Post”
We have set our field names as Key and as value we have set “{{bundle.authData.password}” and “{{bundle.authData.username}}” in order to field mapping
Then came to Step 2 to test the authentication
Under the “Test Setup”, we have connected the current Zapier account and clicked on “Test Authentication”
This process doesn’t post any value in parameters. Hope I could explain the issue, please help us to find where we’re going wrong.
Expected Result
{
"data": {
"first_name": "Dhaval",
"last_name": "Parekh",
"email_address": "dhaval.php#gmail.com",
"phone_no": "1234567890",
"user_id": "7oiA****",
"token_id": "zNkzT***"
},
"resend_verification_link": false,
"status": true,
"message": "You have successfully Logged in!!"
}
Actual Result
{
"resend_verification_link": false,
"status": false,
"message": "The password must contain a minimum of one lower case character. one upper case character, one digit"
}
What I understand after spending too much time, is it doesn't send the data with post method and hence I'm getting this issue. While it works fine with the Get Method. So, should I consider that Basic Auth will only with work with "Get" method in Zapier? Or I'm missing any piece to include here?
Please let me know what is missing? Or even I'm going thru the wrong root. I want to create an app in Zapier to allow other apps to connect.
I'm trying test a few endpoints using Postman.
All endpoint, require a token which can be obtain by log-in.
So I did this :
Request #1
After login success, I have access to the token from the response, then I store that token in my global variable.
let token = pm.response.json().location
console.log('Token : ', token.split("?token=")[1]);
pm.globals.set("token", token)
I need to use that token as Authorization type Bearer Token for my request #2.
I can copy & paste that in the token box, but I tried to avoid doing that manually, is there a way to do it automatically so I can run these 2 requests in sequence?
At first, create an environment ( top right corner of postman - image below ) This
is not a mandatory step by I suggest you to do for better handling of variables
I have modified the script to suit your need
var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("ID", jsonData.Location.split("?token=")[1]);
Now this will export the value of the token ( screenshot below )
All you have to do next is to call the variable in request #2
By this you don't have to manually copy, paste into request #2 every single time
NO there isn't any till now. It has to be done manually if you want to have complete value or else you can store it in a variable and use that variable directly for the token.
We are creating REST API and implemented oAuth 2, using YII framework.
We are facing a strange issue, while we are trying to access the resource and sending access token via "Authorization Request Header Field" we are getting the expected output.
e.g.
curl -i -H "Accept:application/json" -H "Authorization: Bearer XXXXXX"
Whereas while we are trying to send the access token via "URI Query Parameter" we are getting response as "Unauthorized".
e.g.
https://server.example.com/resource?access_token=XXXXXX&p=q
Your suggestions would be really helpful for us.
RFC 6750 (Bearer Token Usage) defines 3 ways to pass an access token to a protected resource endpoint.
Via Authorization header. (2.1. Authorization Request Header Field)
Via a form parameter access_token. (2.2. Form-Encoded Body Parameter)
Via a query parameter access_token. (2.3. URI Query Parameter)
Among the above, only the first way is mandatory. It seems your authorization server does not support the third way.
Addition for the comment
Below is an example to support all the 3 ways in PHP. See "3. Extract Access Token" in "Protected Resource" for details and for other examples in Ruby and Java.
/**
* Function to extract an access token from a request.
*/
function extract_access_token()
{
// The value of Authorization header.
$header = $_SERVER['HTTP_AUTHORIZATION'];
// If the value is in the format of 'Bearer access-token'.
if ($header != null && preg_match('/^Bearer[ ]+(.+)/i', $header, $captured))
{
// Return the value extracted from Authorization header.
return $captured;
}
if ($_SERVER['REQUEST_METHOD'] == 'GET')
{
// Return the value of 'access_token' query parameter.
return $_GET['access_token'];
}
else
{
// Return the value of 'access_token' form parameter.
return $_POST['access_token'];
}
}
I don't know Yii, but my guess is that simply the framework does not contain code like the above.
I am trying Token based authentication with NancyFX. Token is getting generated perfectly but when I am passing header in Get Request, I can't get pass this.RequiresAuthentication() and getting unauthorized error.
Here is my token format
Token:{ token: "ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=" }
Am I passing wrong way?
I have also tried
Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}
and also
"Token:{ ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY=:QerS8B701zoC1xqlvSxuz0EbrBDtfgEzkDWzlEj9ChA=}"
But nothing work.
Please let me know if any more details are required.
The value of the authorization header must simply read "Token ZGVtb1VzZXINCmFkbWlufG5vbmFkbWluDQo2MzU1MDU5NjU4NzExNTE5MzkNCk1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMzsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8zOC4wLjIxMjUuMTExIFNhZmFyaS81MzcuMzY" (no quotes).
The brackets in the documentation threw me off as well.