After logging into the website, I need to make a POST call in Postman but the URL requires an userID which is stored in the browser's localStorage after login (refer to screenshot). The login API call does not return the userID in the response. Is there a way to fetch this value in Postman?
Related
Please note: I am not trying to get an access token to be used in a subsequent request to a different API!
Use case:
I have an app running locally that requires an authenticated session. Accessing any URL for this app (eg. http://localhost:3000/some/endpoint) will redirect to a "Sign in with Google" page. Once OIDC authentication is successful and a session has been created, requests will be handled by my app as expected.
I'd like to be able to use Postman to send requests to my app (eg. GET http://localhost:3000/some/endpoint), but doing so redirects to Google and the response HTML is rendered by Postman, but is non-functional, so I can't authenticate to create a session.
Is this a use case that Postman supports?
I am making a request through the Fetch API.
The response tries to set a cookie.
But the cookie does not seem to be storing in the browser.
Do I have to save it manually?
I'm looking for any tutorials or blogs related to Auth and Cookie managemnt in postman app. I'm new to Postman so need some guidance.
I'm currently testing an API that follows the following workflow.
visiting portal.site.com it redirects to login.site.com and sets X-csrf token & cookies to it, The login is performed in two steps 1 verify email and then verify password to login and once login is validated you're redirets back to portal.site.com
I have created a postman collection it has 5 total requests
1) GET Visiting portal.site.com
2) POST Login Email Validation on login.site.com
3) POST Login Password Validation on login.site.com
4) GET Redirected back to portal.site.com
5) POST Get Profile Data in JSON response on portal.site.com
I need to validate the last request and get the data in response. This can only happen when login is done properly in above requests and cookies are set properly on portal.site.com via login at login.site.com.
If you can share any options on how to do it, I'll be really thankful.
What you are describing is the authorization-code workflow of OAuth2.
https://auth0.com/docs/flows/authorization-code-flow
Postman supports it as a built-in feature.
I have implemented an endpoint for login, using the django-rest-framework and TokenAuthentication. What i want, is after the login, the user to be authenticated and can navigate on the website.
I know that any get request on any protected using authentication uri should contain the token in the headers, so that the user can be authenticated. Everything is fine with that, if i could do all the get requests adding the token manually.
But what i do not understand is, how can i add the token in the headers when for example the user manually does the request by writing the url?
Let's say that the uri /api/ is protected and requires an authenticated user.
The user logs in, and i save the token either on the cookies or in the localstorage.
Now the user does a http get request on /api/. The token is not placed in the headers, so the response is: "Not authenticated".
So the question is, how can i add the token on any subsequent request after user logs in successfully? Maybe the backend could check the cookies for a valid token, but isn't there any better and safer solution than this?
As I believe from the question you want to add the token to all API which is consumed by your client whether App/Web. So in both people prefer to store that token either in cookies or in local storage. Once user logged out api consumer also flush that key.
I want to use token authentication with HTML frontend (like in this tutorial http://www.django-rest-framework.org/topics/html-and-forms/ where they show how to render login form, but not how to actually login).
I have already a login function that returns token, but I don't know how to make web browser remember it and redirect somewhere else.
It is probably possible to pass the token to every template, but it seems a terrible practice
I have taken the help of Sessions in the browsers. You can store your token in the session of the browser and whenever you need it just fetch it.
$window.sessionStorage["token"] = response.data.token;
this is how I am storing it after my LOGIN API and store the token into session. To retrieve I use something like below:
headers: {
'Authorization': 'Token ' + $window.sessionStorage['token']
}
You can look into how to secure your sessions into the browser, also when logging out you can just destroy the session values.