Keep getting 401 Unauthorized answer for requests in Newman.
I have a collection in Postman which I'm trying to execute in Newman. I exported it and tried to execute using this command:
newman run collection.json -g globals.json --insecure
Collection.json being the collection which I'm trying to run and globals.json containing the bearer token which I give to collection and is being inherited from folder brand for each request.
The same collection runs perfectly with this token in Postman but when I try in Newman it keeps giving 401.
What's the issue? Should I put directly the bearer token in each request and not use it separately as a global?
Related
I am trying to get setup so that I can view my Nest equipment on my home automation system. Now with the Google Device Access, I have multiple steps that must be completed. I have created the project in Device Access. I setup the OAuth2 credentials. I enabled the api in the Google Cloud Portal. I "linked" the account / OAuth2 cred to my project to get the "authorization-code".
Now I am failing to "Get an Access Token".
When I try to use Google's Template and fill in the OAuth2-Client-ID, OAuth-Client-Secret and Authorization Code, the copy/paste it into a terminal session, I get: "curl: (3) URL using bad/illegal format or missing URL".
If instead I create my curl statement myself, using the data, I get '{
"error": "invalid_client",
"error_description": "Unauthorized"
}'
How do I get to the next step to get an Access Token?
I just had the same problem. The curl command automatically generated on the Google instruction page https://developers.google.com/nest/device-access/authorize did not work.
From Google (and not working) :-
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?
client_id=oauth2-client-id&
client_secret=oauth2-client-secret&
code=authorization-code&
grant_type=authorization_code&
redirect_uri=https://www.google.com'
This did work:-
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?' -d 'client_id=oauth2-client-id' -d 'client_secret=oauth2-client-secret' -d 'code=authorization-code' -d 'grant_type=authorization_code' -d 'redirect_uri=https://www.google.com'
Just replace oauth2-client-id, oauth2-client-secret, authorization-code with your values.
If the requested access token is not passed back to you and you get this response instead :-
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
This means the authorisation code has been used or has been passed in a request that failed and you need to regenerate the device authorisation code - the authorisation_code in the curl request - using the same process you followed to get it the first time.
I am trying to use curl via bash script to store cookies using curl -c cookies.txt https://www.mydjangoapp.com/ so that I can use the CSRF token in subsequent curl requests (using the -b cookies.txt option in subsequent commands).
However, when I run cat cookies.txt to view the contents, the file only contains the following:
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
Additionally, the cookies aren't viewable in the response when using the verbose -v option either.
When I check the cookies returned via Chrome Developer Tools, I see all the cookies that I expect.
I have verified that cookies.txt is populated with cookies when running the curl command against other endpoints.
Any ideas about how this might happen? In particular, I'm trying to get the CSRF token, but this seems to be a more general cookie retrieval issue with curl and my Django application.
This was happening because in the browser, I have already been navigating around as an authenticated user.
When I used curl to visit the login endpoint, cookies.txt was finally populated with the cookies I needed.
This StackOverflow post was essential to figuring this out.
Im trying to automate postman tests with Newman. There is an issue with authorization. The authorization bearer token changes and it is dynamic. Does anyone know how to automate this?
Postman has this nice feature of variables.
You can read more about them here:
https://www.getpostman.com/docs/v6/postman/environments_and_globals/variables
You can store the bearer token in a variable and update it periodically as per your requirement.
You can modify this token in the pre-request script / tests script as per your needs.
For eg:
let token = pm.globals.get('dynamic_token');
token = 'newModifiedToken90332'; // Perform some operations here..
pm.globals.set('dynamic_token', token);
You can export the collection and globals into Newman and use them.
From Newman documentation you could do the following:
$ newman run mycollection.json -e dev_environment.json
-e is for using environment variables in which you can store your bearer token
Recall that you can export your collection and your environment variables as well.
I'm trying to run newman with postman collection from a url as mentioned in this link .
newman run http://localhost:62254/api/postman
Only catch is that the url is under windows authentication, so I'm getting a 401 Unauthorized response, causing newman to fail with below error.
the url "http://localhost:62254/api/postman" did not provide valid JSON data
I tried passing the credentials with the request like below. But it didn't work.
http://username:password#localhost:62254/api/postman
If I directly hit the endpoint with Postman using 'NTLM Authentication' feature it works fine. But I'm not sure if I can use this with newman to get the collection itself.
We were not able to find any option in Postman/Newman. So finally we made this URL alone (http://localhost:62254/api/postman) open to Anonymous Authentication in the web server.
Im using django-oauth2-provider to build a authorization server. When i try to get access_token by using this command:
curl -d "client_id=513204402d4b4f4d62e2&grant_type=authorization_code&response_type=code" http://127.0.0.1:8000/oauth2/access_token
i get an error: invalid_client
I have been created my client with client_type is Confidential
How can i fix it?
If your client is confidential, you must authenticate to issue an access token.
I suppose that it is a password client. You just have to add the client_secret=CLIENT_SECRET_HERE parameter in your POST request or set your client credentials in the authorization header.
Example:
curl -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&...
or
curl --user CLIENT_ID_HERE:CLIENT_SECRET_HERE -d "...
The authorization code grant type is a two step flow.
You get an authorization code just after the resource owner allowed your client.
You get an access token using the authorization code.
You are trying to send a POST request so I suppose that if you already have an authorization code.
You get an invalid_request because you do not set the code parameter in your curl command:
curl -X POST -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&grant_type=authorization_code&code=AUTHORIZATION_CODE_HERE&redirect_uri=REDIRECT_URI_HERE" http://127.0.0.1:8000/oauth2/access_token