Reputation: 12200
REST - How to use auth token in subsequent requests
I'm using a java application the provide a REST interface for mongodb database called "RESTHeart"
When I make a normal GET request.
http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin
I get an auth token Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23, how can I use it subsequent requests?
Here is the full response
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
Auth-Token-Location: /_authtokens/admin
Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 109
Content-Type: application/hal+json
Date: Mon, 25 Apr 2016 14:22:22 GMT
X-Powered-By: restheart.org
{
"_links": {
"self": {
"href": "/_logic/roles/admin"
}
},
"authenticated": true,
"roles": [
"ADMIN"
]
}
I have tried the following:
http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23'
Response:
HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org
I'm not sure what I'm doing wrong here, any ideas?
Upvotes: 0
Views: 595
Answers (3)
Reputation: 681
Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request. RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request.
Of course, it means you must secure your communications with HTTPS.
There's documentation on how the authentication process works in restheart at https://softinstigate.atlassian.net/wiki/x/JgDM
Upvotes: 1
Reputation: 1253
with httpie you can simply do:
http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users
Upvotes: 1
Reputation: 12200
I found the solution for this question, all what I needed was to pass authorization header along with 'username:password' encoded in base64 format
http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='
Upvotes: 1
Related Questions
- Should I use Singular or Plural name convention for REST resources?
- Use of PUT vs PATCH methods in REST API real life scenarios
- If REST applications are supposed to be stateless, how do you manage sessions?
- How to implement REST token-based authentication with JAX-RS and Jersey
- woocommerce rest api: can't get preflight request to pass
- How to call an ArcGIS rest service using Fiddler?
- Spring @RestController not returning plain text response