Reputation: 1400
JHipster authentication using Postman and JWT
I'd been using the Postman in-tab extension to tests calls to call JHipster resource API's and found that it worked great (JHipster setup to use OAuth2). I authenticated using the JHipster login page, then opened up a new tab with the Postman extension.
I just switched my JHipster application to use JWT and this method of using Postman no longer works, I get permission denied when calling the API. Moreover, the in-tab extension for Postman is being deprecated in favor of the stand-alone app.
Question: Is there any documentation on setting up Postman for authenticating against JHipster/JWT?
Upvotes: 22
Views: 19211
Answers (5)
Reputation: 1
I am able to find another way, inspired by @xonya and take advantage of postman's JWT Bearer support, get secrete from application-dev.yml and configure JWT Bearer on a collection, make sure the payload is configured as well, individual request then inherit from parent
Upvotes: 0
Reputation: 2474
If you have deployed a single microservice and you want to test it in isolation you can configure Postman to build a JWT token using a pre-request script.
- Go to the
application-dev.ymlfile generated by JHipster and grab thebase64-secretvalue:
security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
base64-secret: N2Y2MmFkNzg2ZTI4NTZiZGEwMTZhYTAzOTBhMjgwMzlkMzU2MzRlZjJjZDA2MzQ0NGMxOGFlZThjOWY0MjkzNGVlOGE3ZjkxZGI5ZTQxOGY3MjEwNWUwYTUxMTUxODYxY2U4ZWMzZjVhMjg0NTZkNzlhNWUyMmEyNjQ5NzkxZmI=
Put the value in a variable named
jhipster_jwt_secretinside the Postman Environment.Configure your pre-request script (this is largely copied from a Gist):
function base64url(source) {
// Encode in classical base64
encodedSource = CryptoJS.enc.Base64.stringify(source);
// Remove padding equal characters
encodedSource = encodedSource.replace(/=+$/, '');
// Replace characters according to base64url specifications
encodedSource = encodedSource.replace(/\+/g, '-');
encodedSource = encodedSource.replace(/\//g, '_');
return encodedSource;
}
var header = {
"typ": "JWT",
"alg": "HS256"
};
var payload = {
"sub": "user",
"auth": "role"
};
var secret = CryptoJS.enc.Base64.parse(postman.getEnvironmentVariable("jhipster_jwt_secret"));
// encode header
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header));
var encodedHeader = base64url(stringifiedHeader);
// encode data
var stringifiedPayload = CryptoJS.enc.Utf8.parse(JSON.stringify(payload));
var encodedPayload = base64url(stringifiedPayload);
// build token
var token = encodedHeader + "." + encodedPayload;
// sign token
var signature = CryptoJS.HmacSHA256(token, secret);
signature = base64url(signature);
var signedToken = token + "." + signature;
postman.setEnvironmentVariable("jwt_token", signedToken);
- Inside the Authorization tab select "Bearer token" and write
{{jwt_token}}in the Token input field.
Upvotes: 12
Reputation: 31885
The easiest way for me is
log into your Jhipster Web app with the admin credential
Select Administration > API
- Then choose any of existing API and click 'Try it out' button
It will list a curl action with the token, now you can grab the token and use it in Postman
Upvotes: 2
Reputation: 2684
- Make a POST request to
/api/authenticatewith the following body:{"password":"admin","username":"admin"}. You will receive the following response:{"id_token":"aabbccddeeff"} - Make your subsequent requests using the value of the token received in the previous call and put in into an
Authorization: Bearer aabbccddeeff - You can check the status of the authentication, making a GET request to
/api/authenticateendpoint
Upvotes: 28
Reputation: 6342
It is possible to use Postman with a JWT JHipster app.
- First, authenticate with the JHipster app
- Inspect any API request for the
Authorizationheader. The JWT token is the value to the right of "Bearer ". You can also find this token in the browser's localStorage under the keyjhi-authenticationToken. Edit the headers in Postman and add the
Authorizationheader. The value should look like the following:Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJydRkZWxsIiwiYXV0aCI6IlJPTEVfQURNSU4sUk9MRV9U0VSIiwiZXhwIjoxNDgzOTg1MDkzfQ.1A13sBvr3KDWxJQpKDKOS33KAVjWIb3mS_qfxLBOCq_LbMwNHnysAai0SNXXgudMOulAnXYN9_Mzlcv1_zctA
Upvotes: 17
Related Questions
- How to get and use authentication token for JHipster Microservice JWT
- i want get token Oauth2 by postman
- accessing jhipster demo app with postman
- how to test jwt authentication using Postman
- How access to the JHipster API when authentication is managed by Keycloak
- JWT authentication of jhipster application
- Create a PostMan GET Request with JWT
- Where is the authentication (user/password check) in Jhipster with JWT
- How to call JHipster (Spring) OAuth2 Rest server using Postman Authentication helpers
- Jhipster Jwt Authentication for Mobile API