Login/Register
JHipster authentication using Postman and JWT
Asked Answered
Solved jwtjhipsterpostman
H

5

22

I'd been using the Postman in-tab extension to tests calls to call JHipster resource API's and found that it worked great (JHipster setup to use OAuth2). I authenticated using the JHipster login page, then opened up a new tab with the Postman extension.

I just switched my JHipster application to use JWT and this method of using Postman no longer works, I get permission denied when calling the API. Moreover, the in-tab extension for Postman is being deprecated in favor of the stand-alone app.

Question: Is there any documentation on setting up Postman for authenticating against JHipster/JWT?

Hysteric answered 12/12, 2016 at 18:43 Comment(0)
H
28
  1. Make a POST request to /api/authenticate with the following body: {"password":"admin","username":"admin"}. You will receive the following response: {"id_token":"aabbccddeeff"}
  2. Make your subsequent requests using the value of the token received in the previous call and put in into an Authorization: Bearer aabbccddeeff
  3. You can check the status of the authentication, making a GET request to /api/authenticate endpoint
Howitzer answered 24/4, 2017 at 17:22 Comment(4)
unfortunately, I get an error 403 when I try to use the default admin credentialsHanako
For me it says, { "type": "jhipster.tech/problem/problem-with-message", "title": "Unauthorized", "status": 401, "detail": "Full authentication is required to access this resource", "path": "/api/authenticate", "message": "error.http.401" }Identification
For me returns success (200) but without token.Carven
I put example curl calls for this check blog.mascix.com/2021/10/…Pelvis
G
17

It is possible to use Postman with a JWT JHipster app.

  1. First, authenticate with the JHipster app
  2. Inspect any API request for the Authorization header. The JWT token is the value to the right of "Bearer ". You can also find this token in the browser's localStorage under the key jhi-authenticationToken.

  3. Edit the headers in Postman and add the Authorization header. The value should look like the following:

    Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJydRkZWxsIiwiYXV0aCI6IlJPTEVfQURNSU4sUk9MRV9U0VSIiwiZXhwIjoxNDgzOTg1MDkzfQ.1A13sBvr3KDWxJQpKDKOS33KAVjWIb3mS_qfxLBOCq_LbMwNHnysAai0SNXXgudMOulAnXYN9_Mzlcv1_zctA
Garneau answered 12/12, 2016 at 19:57 Comment(2)
This works but it's a pain in the you-know-what. Having to copy paste in the authorization for each request after a new login slows one down and one loses the ability to iterate quickly.Deflexed
@Deflexed use a environment variable. Then you can have all of your apis like Bearer {{token}}.Frailty
H
12

If you have deployed a single microservice and you want to test it in isolation you can configure Postman to build a JWT token using a pre-request script.

  1. Go to the application-dev.yml file generated by JHipster and grab the base64-secret value:
security:
    authentication:
        jwt:
            # This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
            base64-secret: N2Y2MmFkNzg2ZTI4NTZiZGEwMTZhYTAzOTBhMjgwMzlkMzU2MzRlZjJjZDA2MzQ0NGMxOGFlZThjOWY0MjkzNGVlOGE3ZjkxZGI5ZTQxOGY3MjEwNWUwYTUxMTUxODYxY2U4ZWMzZjVhMjg0NTZkNzlhNWUyMmEyNjQ5NzkxZmI=

  1. Put the value in a variable named jhipster_jwt_secret inside the Postman Environment.

  2. Configure your pre-request script (this is largely copied from a Gist):

function base64url(source) {
    // Encode in classical base64
    encodedSource = CryptoJS.enc.Base64.stringify(source);

    // Remove padding equal characters
    encodedSource = encodedSource.replace(/=+$/, '');

    // Replace characters according to base64url specifications
    encodedSource = encodedSource.replace(/\+/g, '-');
    encodedSource = encodedSource.replace(/\//g, '_');

    return encodedSource;
}

var header = {
    "typ": "JWT",
    "alg": "HS256"
};

var payload = {
  "sub": "user",
  "auth": "role"
};

var secret = CryptoJS.enc.Base64.parse(postman.getEnvironmentVariable("jhipster_jwt_secret"));

// encode header
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header));
var encodedHeader = base64url(stringifiedHeader);

// encode data
var stringifiedPayload = CryptoJS.enc.Utf8.parse(JSON.stringify(payload));
var encodedPayload = base64url(stringifiedPayload);

// build token
var token = encodedHeader + "." + encodedPayload;

// sign token
var signature = CryptoJS.HmacSHA256(token, secret);
signature = base64url(signature);
var signedToken = token + "." + signature;

postman.setEnvironmentVariable("jwt_token", signedToken);
  1. Inside the Authorization tab select "Bearer token" and write {{jwt_token}} in the Token input field.
Hypothetical answered 27/3, 2019 at 9:28 Comment(2)
Just what I was looking for, since I have a microservice with JWT authentication. and it works perfectly. Many thanks.Hardfeatured
This is a good advice. Thank you. But here I have to take the secret from jhipster-registry configuration. How are you developing a microservice without a jhipster-registry instance?Tetragonal
T
2

The easiest way for me is

  1. log into your Jhipster Web app with the admin credential

  2. Select Administration > API

enter image description here

  1. Then choose any of existing API and click 'Try it out' button enter image description here

It will list a curl action with the token, now you can grab the token and use it in Postman

Tithable answered 19/10, 2018 at 15:45 Comment(0)
G
0

I am able to find another way, inspired by @xonya and take advantage of postman's JWT Bearer support, get secrete from application-dev.yml and configure JWT Bearer on a collection, make sure the payload is configured as well, individual request then inherit from parent

Godding answered 9/5 at 7:18 Comment(1)
Note that linked content is not considered part of an answer post on StackOverflow. Your post hence shrinks to "use postman's JWT Bearer support". You might want to elaborate. Please, edit and try for How to Answer, describe the effect of what you propose and explain why it helps to solve the problemMiraflores

© 2022 - 2024 — McMap. All rights reserved.