Postman Stuck Sending Request - postman

I'm not sure if this is the appropriate place for this, but I am trying to load a particular site in postman, but it is stuck in "Sending Request"
The site is https://disneyworld.disney.go.com/. Does anyone have any advice on how I can get it to return the html for the site via a get call in the postman desktop app?

Related

Authentication with Postman on a SAML/shibboleth based website without using browser

I'm trying to understand the process of login to a website using the Network tab on Google Chrome because I have to use that process for autenticate accounts on an mobile application.
The login is completed when I reach the page "HomepageStudente.do", but I don't understand how to replicate all this on Postman. I've tried to do this:
Right-click on the SSO request
Copy as Curl (bash)
And it seems to work, but when I do the same thing with the second request (POST) I get a different message compared to the one on the Network tab.
Those 3 calls are based on automatic redirect by the browser, and I don't understand how to replicate it on Postaman. Is this possibile to do? Any other suggestion on how to use those requests for authenticate an account outside the website (example mobile app)?.
Thanks

Identify URL of webpage when I can only receive API calls from the websites backend server

So I have a tricky problem of trying to somehow identify the url of a webpage, but I only have info on it's backend server that makes API calls to my server.
I have a server that receives API calls from another server running PHP. The clients PHP server receives information from a webform on their website. I am trying to the match API calls I receive with the webpage that submitted the data. Requesting the client to add a url in the API call will not guarantee that they haven't provided a fake one.
I was wondering if there is something I could do with a hidden iframe that could receive some sort of token or cookie from my server, then pass it to the PHP server who then includes it in the API call. Then I could match the url of the page I sent the token to with the API call.
Is this practical / possible? Any other suggestions of how to solve this problem??

How to return 401 authentication from flask API?

I have developed an API in flask which is using HttpBasicAuth to authenticate users. API is working absolutely fine in fiddler and returning 401 when we pass wrong credential but when I am using the same on login page I am getting extra pop up from browser. I really don't want to see this extra pop-up which is asking for credential (default behaviour of browser when returning
401
with
WWW-Authenticate: Basic realm="Authentication Required"
).
It is working fine when deployed locally but not working when hosted on remote server.
How can we implement 401 which will not let browser to display popup asking for credentials.
So, flask return statements are actually processed again before sending the data off to the client. You can actually send a tuple of two elements as a return statement. The second element is the status (https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) If you are using the auth library, you can change this:
#auth.error_handler
def unauthorized():
response = jsonify({'message':'Failed'})
return response
To this:
#auth.error_handler
def unauthorized():
response = jsonify({'message':'A winner is you'})
return response, 404
If you don't want the popup message, change 401 to anything else.
This is a common problem when working with REST APIs and browser clients. Unfortunately there is no clean way to prevent the browser from displaying the popup. But there are tricks that you can do:
You can return a non-401 status code. For example, return 403. Technically it is wrong, but if you have control of the client-side API, you can make it work. The browser will only display the login dialog when it gets a 401.
Another maybe a bit cleaner trick is to leave the 401 in the response, but not include the WWW-Authenticate header in your response. This will also stop the login dialog from appearing.
And yet another (that I haven't tried myself, but have seen mentioned elsewhere) is to leave the 401 and the WWW-Authenticate, but change the auth method from Basic to something else that is unknown to the browser (i.e. not Basic and not Digest). For example, make it CustomBasic.
The following works. See docs.
from flask import Flask, abort
app = Flask(__name__)
#app.route('/api/endpoint/', methods=['GET'])
abort(401, description="Error message you want the reader to receive.")

Google oAuth request

I try to add an event in my calendar by an installed application.
The problem: I didn't get the success-code to change for an access token.
My request seems like following:
accounts.google.com:80/o/oauth2/auth?scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=73561***.apps.googleusercontent.com
If i send this request at the browser it works. Like the example.
But i wanted my application to do everything for me. That means, that the User only give his login dates and he is able to add as an example an event. Without giving the agreement. Well, if my application send the same request i get an answer: "moved temporarily". But i need the key (success code) from the title bar.
I should add, that i use c++ so i can't use the Google Api. Therefore, i use cURL to send my request.
Anyone able to help me?

Django openid authentication with google

I am looking into authenticating via google.
I dont understand how it works:http://code.google.com/apis/accounts/docs/OpenID.html#Samples
If i do that 2nd request by entering the data as one url with params into browser i get back XML file. Should i not get back sample response nr3?
Can somebody explain this to me?
The problem is, that im trying to sort through some third party app that uses google openid authentication and its not recieving authenticated users e-mail back, like in sample response 3.
Alan
PS i have read through similar questions and their responses and gone through pages like:
How does OpenID authentication work?
http://www.windley.com/archives/2006/04/how_does_openid.shtml
http://tinisles.blogspot.com/2008/02/how-does-openid-work.html
http://openid.net/pres/protocolflow-1.1.png
What sort of XML file?
Remember that a checkid_setup request like that isn't something your application is meant to make with a direct connection, it's a request that's sent from the user's browser. So the response is going to be something for the browser to parse, prompt the user to log in if necessary, maybe ask the user for permission or which values it should send back, and only after all of that send back a redirect like in the sample response.