How to use Authorization in Postman collections? - postman

I have URL for get user details (GET method) while running the URL its showing the response below.
{
"message": "Invalid Basic Auth credentials"
}
URL details below
http://localhost:4567/v1/candidates
they mentioned following for authorization
-H "Authorization: Basic *********************************"
How can I use this in Postman collection?

Go to postman Authorization Tab and select Basic Auth as type and type the required credentials (username and password)

Add the Basic xxxxxxxxx to the Authorization header in your call:

Related

get auth token using dj-rest-auth when user logged in

Previously I was using django-rest-auth package and I was getting the auth token when user log in in response response.data.key and this auth token or key was working fine with the api calls as authentication auth
Previously for django-rest-auth:
"/rest-auth/login/"
was getting the response.data.key as auth token and that was working
I have stored in the cookie for later use
.get("/rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.key + "",
},
})
It was working to get info on user and also was working when used in other api calls by setting it in
Authorization: "Token " + response.data.key + ""
But now, I'm using dj-rest-auth package instead of django-rest-auth and shifted my urls to
/dj-rest-auth/login
and I'm not getting any key or auth token that I can use for authorization in header.
.get("/dj-rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.? + "",
},
})
It's not working because now I'm getting access_token , refresh_token and user info. I tried to use access_token and refresh_token for authorization in header but it's not working because I'm not getting key or auth token in response when user log in
Note: django-rest-auth is no more maintained and dj-rest-auth is forked from the previous one and have more functions (this is the reason why I'm switching)
How to get auth token or key by using dj-rest-auth package so that I can use it in the header of API calls for authorization?
Check that you don't have an REST_USE_JWT = True in your settings. That setting will enable JWT authentication scheme instead of a (default) token-based.
In django-rest-auth you get the key from a GET request, but according to dj-rest-auth's documentation, you get the token key as a response when you make a post request to /dj-rest-auth/login/.
When you make a POST request to /dj-rest-auth/login/, you can access the key at response.data. But now you need to store it so you can use it in your get requests.
I recommend checking out this question's answers to learn more about storing tokens. How you choose to do this will depend on how to the frontend of your application is built, as the javascript needs access to the token key.
I know I'm late to answer this, but hopefully I can help someone other folks who find this.

Cloud Endpoints Authentication

I am using App Engine Standard with the Python 2 runtime and Endpoints Frameworks.
When making a request, the app just returns "Successful" if the request was completed. I am trying to implement authentication so unauthenticated users are not able to complete the request. I've done the following:
Modified my main.py decorator to include issuers and audience:
issuers={'serviceAccount': endpoints.Issuer('[MYSERVICEACCOUNT]', 'https://www.googleapis.com/robot/v1/metadata/x509/[MYSERVICEACCOUNT]')},
audiences={'serviceAccount': ['[MYSERVICENAME]-dot-[MYPROJECT].appspot.com']}
Modifed my main.py method to check for a valid user:
user = endpoints.get_current_user()
if user is None:
raise endpoints.UnauthorizedException('You must authenticate first.')
Regenerated and redeployed my openAPI document. It now has security and securityDefinitions sections.
Updated my app.yaml to reference that Endpoints version.
Redeployed my app
To make an authorized request to my app, I have done the following:
I gave the service account the Service Consumer role on my Endpoints service.
Generate a signed jwt using the generate_jwt function from Google's documentation. I am passing in credentials using the service account's json key file.
payload = json.dumps({
"iat": now,
"exp": now + 3600,
"iss": [MYSERVICEACCOUNT],
"sub": [MYSERVICEACCOUNT],
"aud": [MYSERVICENAME]-dot-[MYPROJECT].appspot.com
})
Make the request using make_jwt_request function from Google's documentation.
headers = {
'Authorization': 'Bearer {}'.format(signed_jwt),
'content-type': 'application/json'}
I am getting 401 Client Error: Unauthorized for url error. Am I missing something?
Your audiences don't match; in your code, you are requiring an audience of [MYSERVICEACCOUNT], but when generating the JWT, your audience is [MYSERVICENAME]-dot-[MYPROJECT].appspot.com. These need to match.
There are few details, which might be worth checking:
The list of allowed audiences should contain the value of aud claim of a client-generated JWT token. This is what Rose has pointed out.
All of the JWT claims presented in sample client documentation are present. Your code is missing the email claim in the JWT payload dictionary.
The method you're accessing requires no specific OAuth scopes. The scopes are set as the scopes field of #endpoints.method decorator.
After opening a support ticket with Google, it turns out Google's documentation was incorrect. The main.py function needs to check for an authenticated user in the below manner:
providers=[{
'issuer': '[YOUR-SERVICE-ACCOUNT]',
'cert_uri': 'https://www.googleapis.com/service_accounts/v1/metadata/raw/[YOUR-SERVICE-ACCOUNT]',
}]
audiences = ['[YOUR-SERVICE-NAME]-dot-[YOUR-PROJECT-NAME].appspot.com']
user = endpoints.get_verified_jwt(providers, audiences, request=request)
if not user:
raise endpoints.UnauthorizedException
After making that change, I got the following error when trying to make an authenticated request:
Encountered unexpected error from ProtoRPC method implementation: AttributeError ('unicode' object has no attribute 'get')
This was caused by how I was generating the payload with json.dumps(). I generated without json.dumps() like below:
payload = {
"iat": now,
"exp": now + 3600,
"iss": [MYSERVICEACCOUNT],
"sub": [MYSERVICEACCOUNT],
"aud": [MYSERVICENAME]-dot-[MYPROJECT].appspot.com
}
These two changes fixed my issue.

Register REST client in WSO2 API Manager issue

1.
I've been looking through the doc of wso2 apim. https://docs.wso2.com/display/AM210/apidocs/publisher/index.html#guide
And use the postman to send the request:
But I got 401 error response. As expected I should get the correct response payload like:
{
"callBackURL": "www.google.lk",
"jsonString":
"{
\"username\":\"admin\",
\"redirect_uris\":\"www.google.lk\",
\"tokenScope\":[Ljava.lang.String;#3a73796a,
\"client_name\":\"admin_rest_api_store\",
\"grant_types\":\"authorization_code password refresh_token iwa:ntlm
urn:ietf:params:oauth:grant-type:saml2-bearer client_credentialsimplicit\"
}",
"clientName": null,
"clientId": "HfEl1jJPdg5tbtrxhAwybN05QGoa",
"clientSecret": "l6c0aoLcWR3fwezHhc7XoGOht5Aa"
}
2.
I have used the same method to call another URL the response is 403.The URL is correct to enter the publisher.
How to solve it? Thank you.
Request Header
Request
Response Body
Response Cookies
Response Header
Publisher Log
Is your Authorization header valid?
"YWRtaW46YWRtaW4= " is for default admin:admin credentials.
You should base64 encode your actual username:password and set the value as a header.

How to authenticate request in Django-rest-auth?

I am trying to integrate django-rest-auth package in my web application. So far i am able to register users, send password reset email and login using the API provided by django-rest-auth package.
Now when i send a login request, it returns "token" upon successful authentication.
How do i send authentication token in further requests? For example, i am trying to fetch user using GET /rest-auth/user but it is giving me a response Authentication credentials not provided. I have tried passing token via HTTP Basic Authentication (base64 encode token as username and leave password as empty). I am still not able to work.
Anyone knows how i am supposed to pass this token in requests?
If you want to use the Token Authentication you have to set the Authorization HTTP header. From the docs:
For clients to authenticate, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
In an ajax call you can a header like this:
$.ajax({
type: 'POST',
url: url,
beforeSend: function (request)
{
request.setRequestHeader("Authorization", "Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b");
},
});
HI
You need to send token in headers
$.ajax({
type:"POST",
beforeSend: function (request)
{
request.setRequestHeader("Authority", 'Bearer 33a95862173cc0565fe502eb062b2e7c67e23a3a');
},
and in django code use
user = request.user
if user:
return "User token verified"
elif :
return "User token not verified"
in django automaticaly find token in headers and using token fetch user data.

Django Rest Framework Postman Token Authentication

I am using Django Rest Framework Token authentication and if i do curl http://localhost:8000/api/v1/users/?format=json -H 'Authorization: Token 0a813fdcd3f8846d6fa376f2592bbc678b0b8e85' everything works fine.
But when i try to achieve that with Postman chrome client it nothing happens. What am i doing wrong??
You are setting the header to Authorization: Token when it really should just be Authorization. The header is actually just Authorization, but the value is Token [token_string], where [token_string] is the authorization token that you have obtained.
For the new version of postman it is necessary to choose Auth 2 type authentication in the left panel, then in the right panel, specify the DRf key which is "Token" and in the value the token itself.
In addition to the above answer, make sure to enable "Follow Authorization header" under setting (See below screenshot)
After Specifying Authorization and Token value try to add the token in an environment so that every time you don't have to copy the token value.
After get access token from http://127.0.0.1:8000/accounts/login/
such this :
{
"email": "user#example.com",
"tokens": {
"refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY2NjI2NTAxMSwiaWF0IjoxNjY2MTc4NjExLCJqdGkiOiJjZWM3MzJmNDZkMGE0MTNjOTE3ODM5ZGYxNzRiNzMxZCIsInVzZXJfaWQiOjcwfQ.5Rd25s6msp72IHyU1BxE4ym24YIEbhyFsBdUztGXz0I",
"access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjY2MjY1MDExLCJpYXQiOjE2NjYxNzg2MTEsImp0aSI6IjgyOWFmZGE5MWY2ODRhNDZhMDllZGMzMmI0NmY0Mzg5IiwidXNlcl9pZCI6NzB9.TYhi0INai293ljc5zBk59Hwet-m9a1Mc1CtA56BEE_8"
},
"id": 70
}
copy content of "access" key in response, then in post man in Headers add new item by key : Authorization and value such this:
Bearer eyJ0eXAi....
that eyJ0eXAi.... is value of access key.
then send the request.