I am trying to send oauth request to receive a token and no matter what I do I get an error that nonce was already used. So I decided to send that same request using Fiddler and everything worked flawlessly. The only issue I see is with the request body. I have to send grant_type=client_credentials in the body and it must be of application/x-www-form-urlencoded type. not Json nor XML. RestSharp describes adding JsonBody and XMLbody but both of those would set incorrect content type to the request. In my code I am trying to add the body the following way:
req.AddParameter("grant_type", "client_credentials", ParameterType.RequestBody)
Is that the correct way to add request body? I am also open to all suggestions to what else might be causing that error
Thank you
For OAuth, to generate a token the grant_type, code, client_secret etc. should be sent as an query parameters. In RestSharp it is done as
request.AddQueryParameter("grant_type", "client_credentials")
Everything in detail about OAuth is here
I tried to get header authorization by VueJs but as u can see below couldn't retrieve the header authorization key.I tried with React and Postman it was working properly and retrieved the header authorization.
https://i.stack.imgur.com/KULgg.png
the header authorization that I mentioned seems empty !
https://i.stack.imgur.com/d1qkH.png
this one tried by React and seems header auth. is OK
https://i.stack.imgur.com/jmxrK.png
This one is output of the postman method
I have fixed my issue.
I dont need your help anymore.
If you want to see how I can fix you can contact me hear
I've been struggling with this for too long now. I have an Expressjs server that provides an endpoint to login. The response I get has a JWT token, expiring in an hour. All good.
On the Emberjs side, I can successfully authenticate and get the token (using ember-simple-auth and ember-simple-auth-token). This works well for protecting my routes. But I can't for the life of me update the RESTAdapter headers to include my new authorization token.
I've tried:
using $.ajaxPrefilter to set the Authorization header. Didn't work
accessing "this.get('session.secure.token')" from the RESTAdapter. Thats undefined.
Please, if someone could point me in the right direction, I'd be eternally grateful. All I need to do is attach the value in "session.secure.token" to the header for all RESTAdapter requests.
Thanks
You should be able to set the simple-auth config property authorizer to simple-auth-authorizer:token - in the simple-auth code it looks for this config property, looks up simple-auth-authorizer:token and uses this in combination with ajaxPrefilter.
// config/environment.js
ENV['simple-auth'] = {
authorizer: 'simple-auth-authorizer:token'
};
I'm testing an implementation of JWT Token based security based off the following article. I have successfully received a token from the test server. I can't figure out how to have the Chrome POSTMAN REST Client program send the token in the header.
My questions are as follows:
1) Am I using the right header name and/or POSTMAN interface?
2) Do I need to base 64 encode the token? I thought I could just send the token back.
For the request Header name just use Authorization.
Place Bearer before the Token. I just tried it out and it works for me.
Authorization: Bearer TOKEN_STRING
Each part of the JWT is a base64url encoded value.
Here is an image if it helps :)
Update:
The postman team added "Bearer token" to the "authorization tab":
I am adding to this question a little interesting tip that may help you guys testing JWT Apis.
Its is very simple actually.
When you log in, in your Api (login endpoint), you will immediately receive your token, and as #mick-cullen said you will have to use the JWT on your header as:
Authorization: Bearer TOKEN_STRING
Now if you like to automate or just make your life easier, your tests you can save the token as a global that you can call on all other endpoints as:
Authorization: Bearer {{jwt_token}}
On Postman:
Then make a Global variable in postman as jwt_token = TOKEN_STRING.
On your login endpoint:
To make it useful, add on the beginning of the Tests Tab add:
var data = JSON.parse(responseBody);
postman.clearGlobalVariable("jwt_token");
postman.setGlobalVariable("jwt_token", data.jwt_token);
I am guessing that your api is returning the token as a json on the response as:
{"jwt_token":"TOKEN_STRING"}, there may be some sort of variation.
On the first line you add the response to the data varibale.
Clean your Global
And assign the value.
So now you have your token on the global variable, what makes easy to use Authorization: Bearer {{jwt_token}} on all your endpoints.
Hope this tip helps.
EDIT
Something to read
About tests on Postman: testing examples
Command Line: Newman
CI: integrating with Jenkins
Nice blog post: master api test automation
Here is how to set token this automatically
On your login/auth request
Then for authenticated page
I had the same issue in Flask and after trying the first 2 solutions which are the same (Authorization: Bearer <token>), and getting this:
{
"description": "Unsupported authorization type",
"error": "Invalid JWT header",
"status_code": 401
}
I managed to finally solve it by using:
Authorization: jwt <token>
Thought it might save some time to people who encounter the same thing.
If you wish to use postman the right way is to use the headers as such
key: Authorization
value: jwt {token}
as simple as that.
Open postman.
go to "header" field.
there one can see "key value" blanks.
in key type "Authorization".
in value type "Bearer(space)your_access_token_value".
Done!
For people who are using wordpress plugin Advanced Access Manager to open up the JWT Authentication.
The Header field should put Authentication instead of Authorization
AAM mentioned it inside their documentation,
Note! AAM does not use standard Authorization header as it is skipped
by most Apache servers. ...
Hope it helps someone! Thanks for other answers helped me alot too!!
Everything else ie. Params, Authorization, Body, Pre-request Script, Tests is empty, just open the Headers tab and add as shown in image. Its the same for GET request as well.
I did as how moplin mentioned .But in my case service send the JWT in response headers ,as a value under the key "Authorization".
Authorization →Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpbWFsIiwiZXhwIjoxNDk4OTIwOTEyfQ.dYEbf4x5TGr_kTtwywKPI2S-xYhsp5RIIBdOa_wl9soqaFkUUKfy73kaMAv_c-6cxTAqBwtskOfr-Gm3QI0gpQ
What I did was ,make a Global variable in postman as
key->jwt
value->blahblah
in login request->Tests Tab, add
postman.clearGlobalVariable("jwt");
postman.setGlobalVariable("jwt", postman.getResponseHeader("Authorization"));
in other requests select the Headers tab and give
key->Authorization
value->{{jwt}}
Somehow postman didn't work for me.
I had to use a chrome extension called RESTED which did work.
In Postman latest version(7++) may be there is no Bearer field in Authorization
So go to Header tab
select key as Authorization and in value write JWT
x-access-token on headers works for me.
key: x-access-token
value: token
I am trying to use the Cloudcontrol REST API.
Has anybody used that API? I did not find out how to authenticate.
As an example, I tried https://api.devcctrl.com/app/APPMNAME/deployment/default/error/
I found : https://api.devcctrl.com/doc/#Token but I don't understand how exactly to use it.
An example would be great.
What I really want to do: I want to deploy an app using REST API. I cannot use the CLI tools due to missing python installation.
Thanks
Mike
First, in order to get the token, you need to send a HTTP POST request to api.cloudcontrol.com/token/using Basic Authentication using the email and password of your cloudControl account. You will get a JSON response like this:
{"token": "<TOKEN_KEY>"}'
You need this token key to authenticate for all other requests to the API. To do so, add an Authorization Header to your request with this content:
Authorization -> "cc_auth_token="<TOKEN_KEY>""
Furthermore, you might also need to set up some other headers for PUT or POST requests, like:
Content-Type -> "application/x-www-form-urlencoded"
Content-Length -> <length of your parametrized url values, e.g. bar=baz&foo=qux>
Accept-Encoding -> "compress, gzip"
You can find examples of this usage in the pycclib (Python) or gocclib (Go) libraries.