How to get Postman to retrieve token with JwtAuthProvider?

softwareguy741 · July 18, 2019, 12:03pm

I’m able to get a token using the following client side code:

var centralAuthBaseUrl = "http://localhost:1337/";
var authClient = new JsonServiceClient(centralAuthBaseUrl);
var authResponse = authClient.Post(new Authenticate
{
    provider = "credentials",
    UserName = "username",
    Password = "password",
    RememberMe = true,             
});

I can then grab the authResponse.BearerToken and paste that into the Bearer Token auth type in Postman and it works.

However, I can’t figure out how to use Postman to retrieve a new Bearer Token. Everything I try fails.

My auth provider setup is a follows:

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
    new IAuthProvider[] {
        new JwtAuthProvider(AppSettings) {
            AuthKey = AesUtils.CreateKey(),
            AllowInQueryString = true,
            AllowInFormData = true,
            RequireSecureConnection = false,
        },
        new CredentialsAuthProvider(AppSettings),
        //new BasicAuthProvider(),
    }));

What am I missing?

EricMunn · July 18, 2019, 3:48pm

You should be able to

send a POST request to your app’s auth endpoint
(http://localhost:1337/auth) with the username/password/provider as
the payload, or
send a POST request to your app’s credentials auth endpoint (http://localhost:1337/auth/credentials) with the username/password as the payload.

Basically you are duplicating the request the JsonServiceClient sends.

mythz · July 18, 2019, 3:50pm

You can also click on POST Authenticate after importing /postman collection and populate the request in the Body tab, e.g:

For faster editing you can click on Bulk Edit and enter key/value pairs:

provider:credentials
UserName:test@user.com
Password:test
RememberMe:true

softwareguy741 · July 18, 2019, 4:35pm

Great, thanks to both of you! All three methods worked!

I think I was confused by all the available options.

So, I can see the difference between /auth and /auth/credentials in that you’re just specifying the provider within the URL. But what’s the difference between /auth and /authenticate?

mythz · July 18, 2019, 4:37pm

Nothing, they’re just aliases for each other.

softwareguy741 · July 18, 2019, 5:07pm

So now I’m confused. After doing this now when I call the /hello service which is decorated with [Authenticate] it returns 200 without providing any credentials. Before I called /auth or /authenticate, I’d get a 403. I can’t see anywhere I’m providing credentials in Postman, even started a new session. Does Postman somehow remember the credentials when calling /auth or /authenticate and apply that to any call to that url? If so, how to “reset” this for testing?

mythz · July 18, 2019, 5:27pm

If it works after authentication it’s using cookies, you can manage cookies with:
https://learning.getpostman.com/docs/postman/sending_api_requests/cookies/

Otherwise you can call /auth/logout to clear the current session or just restart the Postman App.

softwareguy741 · July 18, 2019, 5:29pm

Brilliant! Works like a charm! Thanks