I'm using Postman v7.23.0 and I have a kind of problem with the environment variables. I've set token to be saved in an env variable, It gets value each time but when I use it as a Bearer Authentication It doesn't work. when I set the token in header authentication everything is fine. I'll appreciate any suggestions about the problem.
Postman env variable
successful request
Related
I am using the Http Request plugin in Jenkins to run HTTP Request towards an API.
I need to use a token for the authorization. So I configured on Jenkins global configuration a secret text credential with the token and gave it the id segron.
Then I run the API Call in Jenkins like this
httpRequest url: "http://10.10.10.10:8080/api/run/", httpMode: 'POST', contentType:'APPLICATION_JSON',authentication: 'segron'.
But when I run the pipeline I got this error.
java.lang.IllegalStateException: Authentication 'segron' doesn't exist anymore
I use the same plugin to run other API Call using username / password as credentials, and it works perfectly fine.
Any help/experience regarding this?
I had a similar issue. In my case the Http Request plugin did not like the API-token stored as "secret text" in Jenkins.
After changing it to a username/password credential type it worked for me.
username set to the user that owns the API-token
password field gets the API-token from Bitbucket
This is a bit unexpected as Bitbucket related APIs like notfiyBitbucket worked perfectly fine with API-token in secret text credentials, but Http Request plugin does not seem to support that.
It does work the other way around though, notifyBitbucket also works with username/password credential type, so no need to store the API token twice now.
I assume this is the place where the exception is thrown: https://github.com/jenkinsci/http-request-plugin/blob/master/src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java#L239
Looking at the lines above that, only a limited set of credential types seem to be supported. The exception should probably at least emit a more descriptive error message to understand what is wrong.
I am working on setting up a load test suite for a site which has an OAuth2 login mechanism on another server (PKCE I believe it is), so when I click login-button I am tranfered to another site to perform the actual login, which then transfers med back to the main site.
This login site takes my credentials and in return gives the browser a code_challenge and some .js-files, from which I believe the browser later on create a Bearer token and place it in the browsers Session Storage.
This, as I understand it, cannot be replicated in JMeter alone, but it can be done if using Webdriver. Therefore I've set up a webdriver testcase in JMeter which performs the login and saves the used state, code_challenge and Bearer token in JMeter User Variables to be used later on in the load test (this all works fine).
The issue here is when I try to use the bearer token in a JMeter HTTP(S) Request I get the following error in response header:
WWW-Authenticate: Bearer error="invalid_token", error_description="The audience '<censored>' is invalid"
These are the headers for one of the GET requests with bearer token (which is previously recorded)
The bearer is collected with this piece of code
It doesn't matter if I'm using Firefox or Chrome webdrivers, the issue is the same.
So either I am trying to do something which cannot be done (re-use generated Bearer from Webdriver in JMeter), or I am missing something I do not understand. Help please?
I think you need to add Bearer to the value of the Authorization header like:
Also I don't think you need to kick off the real browser, well-behaved JMeter script is supposed to act like a real user using a real browser so my expectation is that you should be able to extract the token using HTTP Request samplers and suitable Post-Processors
For a single thread (functional test) the browser is okayish, but modern browsers are very resource intensive (one instances takes a CPU core and a couple of gigabytes of RAM) so when it comes to real load test execution you will need really powerful hardware in order to handle this authentication mechanism so it's better to stick to JMeter's HTTP Request samplers
I found the issue!
I had extracted the id_token and not access_token from the Session storage which of course was not valid as a Bearer token. They looked very much alike but was not the same, and I missed that.
I am doing a Backend rails thinkster tutorial that involves creating a clone of medium. I am at a step that requires testing the routes in Postman. Thinkster provides an API that has built in requests and pre-made connections.
But the tutorial goes from step "download Postman" to step "send request." There's no explanation about how to initially start using Postman.
So the first test is to test if you can create a new user with a Register request. I am guessing this is in the Auth folder of the API as there is a Post request called "Register".
I am not seeing an area though that suggests I can make a user. All of the items in my collection are have a request Url that starts with {{apiUrl}}. Example: login's POST request is {{apiUrl}}/login. And if I hover over {{apiUrl}}, it says "unresolved variable: variable is not defined in current environment."
Could anyone help me get going with these tests? Below is a gif of my Postman setup as well as the list of tests the tutorial wants run. I am sure I am not providing something that I may need to in order to get help on this. Please let me know if you are not being presented with all info needed! Thanks.
Test out Postman authentication functionality using Postman
You should be able to:
Create an account using the Register request in Postman
Test the Login endpoint using Postman
Try registering another user with the same email or username, you
should get an error back from the backend
Test the Current User endpoint using Postman
Try logging in to the user you created with an invalid password, you
should get an error back from the backend
Try updating the email, username, bio, or image for the user
My friend I will try to answer at least the question about {{apiUrl}}
This are variables that can be global or environment, obviously global apply to all projects and environment, you will need to select the environment in which they apply.
Now to make it work, do the following.
Copy the url to your API server.
Replace it with the magic variable between {{}}
Go to the gear where you manage this global or environment variables «lest make a local one»
Click on add
first name your environment however you like, the go to the grid and make a variable placing the name inside the key and your servir url on the value side. Then save.
Don't forget to select the environment where you are working.
Thats it now your {{variable}} should work. Now you can use this variables all over postman, they are very helpful. If you are using a JWT token, you will be able to assign it to a variable and the use it on your postman api.
I am trying to create a Rails app under Phusion Passenger, and have run into the missing secret_key_base error. I have Googled this error and found no clear explanation of what the secret token/key is, how I set it, or what it's for -- only scraps here and there all assuming that I already know something else, making it impossible to really figure out what's going on. Nor do either of the two books I bought on Rails discuss this.
What is the secret token?
What is it for?
How do I set it upon creating a new app?
Secret token is a string with random characters which looks like this
82d58d3dfb18768b495n311eb8539edf5064784h1d58994679db8363ec241c745cef0b419bfe44d66cbf91a2f4e497d8f6b1ef1226e3f405b0d263a9617ac75e
when you create a new rails application, this token is created by default and stored here <application folder>/config/initializers/secret_token.rb. This token is used to verify the integrity of signed cookies (Any cookie set by your rails application is signed using this token)
Like I pointed out, its usually created in a new rails application, but if you face any issues with the tokens, you may try creating a new token and manually pasting it your secret_token.rb file. Use this command rake secret to create a new secret token.
This is probably a simple question but I can't seem to wrap my head around on how OAuth2 works. So I got upto the point where I can request a token and start pulling data in Ruby console. But after I exit out of Ruby console, I tried requesting data (.rb script) from API again using the same token but it says expired/invalid. Am I suppose to store this token somewhere permanently like in a database or cookie?
Not sure if this matters but when I request a token, it brings me to the OAuth2 page to allow or deny a token request. How do you bypass this in Ruby code? From what I'm reading, you use the token.refresh! method?
Can you please share your insights on what I'm not understanding or missing?