使用Auth0获取登录的访问令牌以供Postman使用。

huangapple go评论157阅读模式
英文:

getting login acess_token with auth0 to postman

问题

我用Go语言创建了一个应用程序,其中包括一个基于Angular2的客户端的https服务器,该客户端使用auth0进行身份验证。
我还有另一个用Go语言编写的应用程序,这是API服务器,该API服务器配置了用于auth0的jwt中间件,详细说明请参见https://auth0.com/docs/quickstart/backend/golang。

现在...我想使用Postman来测试对我的API服务器的请求,但首先我需要进行身份验证。我该如何在我的网站上添加身份验证以获取访问令牌或其他内容,以便在我的API请求中进行转发?

我阅读了文档,但感到非常困惑。
对于这个问题的任何信息将不胜感激。

使用的是Postman Mac App 4.4.2

更新

所以我在登录到我的auth0帐户时,在我的Postman Mac App上安装了Authentication API Collections。

现在我正在尝试获取一个访问令牌,以便在向我的API服务器发送请求时使用身份验证头。

我不知道在集合中应该使用哪种方法来获取访问令牌。

英文:

I created an app in Go that includes https server with angular2 based client that uses auth0 for authentication,
I have another app written in Go which is the API Server, this API Server has jwt middleware configured for auth0 at explained at https://auth0.com/docs/quickstart/backend/golang.

now... I want to use postman to test requests o my API Server but first I need to authenticate. how do I add authentication to my website to get an access token or something to forward with my API request?

I read the docs but I got really confused.
any information regarding the issue would be greatly appreciated.

Using Postman Mac App 4.4.2

thanks!

update

so I installed Authentication API Collections on my Postman Mac App while being logged in to my auth0 account.

now I'm trying to get an access token to be used with the authentication header while posting to my Api Server.

I don't know which method I should use in the collection in order to get an access token.

答案1

得分: 7

这是要翻译的内容:

这个问题非常有趣,同时也有些棘手 使用Auth0获取登录的访问令牌以供Postman使用。

首先,你需要使用Postman从Auth0获取令牌,记住你可以从Auth0的应用设置中获取任何信息。
使用Auth0获取登录的访问令牌以供Postman使用。

在上面的图片中,你可以看到id_token和access_token。这里的诀窍是使用id_token而不是access_token来发送请求。按照以下步骤进行:
使用Auth0获取登录的访问令牌以供Postman使用。

如你所见,对于发送到API的任何请求,我们需要添加一个名为Authorization的头部,值为"Bearer {id_token}"。完成了...工作完成了 使用Auth0获取登录的访问令牌以供Postman使用。 希望能有所帮助。

英文:

It's quite interesting and tricky at the same time 使用Auth0获取登录的访问令牌以供Postman使用。

First you need to get the token from Auth0 using Postman, remember you can get any info from App Settings in Auth0
使用Auth0获取登录的访问令牌以供Postman使用。

In above picture, you see id_token and access_token. The trick here is to use Id_token to send with your requests, not Access_token. Do it as follow:
使用Auth0获取登录的访问令牌以供Postman使用。

As you can see, for any request sending to API, we need to add a header called Authorization with value="Bearer {id_token}". Boom...Job's done 使用Auth0获取登录的访问令牌以供Postman使用。 Hope it helps

答案2

得分: 1

以下是测试基于JWT的API的几种方法:

  1. 手动生成一个带有所需数据的JWT,并使用Auth0应用程序的客户端密钥进行签名。如果在令牌中省略了exp声明,大多数JWT库将将其解释为永不过期的令牌,尽管可能会有一些库拒绝它。这种方法的好处是不需要任何互联网访问或Auth0的干预。

  2. 在数据库连接中创建一个虚拟用户,并通过资源所有者端点以编程方式使用此用户进行登录。为了获得JWT,确保设置正确的scope值。这种方法的好处是它将执行您在Auth0帐户上配置的任何规则。

  3. 使用浏览器机器人(例如Selenium),该机器人登录一个虚拟用户并检索JWT。这种方法可能需要一些开发和维护的工作,但它也将执行您在Auth0帐户上配置的任何重定向规则或MFA提示。

英文:

Here are a few approaches to test JWT-based APIs: https://auth0.com/docs/local-testing-and-development#client-side-applications-and-jwt

> # Client-side applications and JWT
>
> This is usually the easiest scenario to test. One of the benefits of
> JSON Web Tokens is that they are stateless, which means that an
> application that consumes them only cares about the JWT's contents and
> not any previous state such as a session cookie.
>
> There are mainly three approaches to obtaining JWTs for testing:
>
> 1. Manually generate a JWT with the needed data, and sign it with your
> Auth0 application's client secret. If you omit the exp claim from a
> token, most JWT libraries will interpret it as a token which never
> expires, though it's possible some libraries might reject it. The
> benefit of this approach is that it does not require Internet access
> or intervention from Auth0 at all.
>
> 2. Create a dummy user in a database connection, and programatically log
> in with this user through the resource owner endpoint. In order to get
> a JWT back, make sure to set the correct scope value. The benefit of
> this approach is that it will execute any rules that you have
> configured on your Auth0 account.
>
> 3. Use a browser bot (e.g. Selenium) which logs a dummy user in and
> retrieves a JWT. This approach may take some effort to develop and
> maintain, but it will also execute any redirection rules or MFA prompts that you have configured on your Auth0 account.

答案3

得分: 1

我在YouTube上找到了一个关于如何使用Postman使用用户名和密码凭据登录到DB连接的教程。

https://www.youtube.com/watch?v=VDUzBn6SzIY

所以我安装了Auth0身份验证API集合,并打开了DB连接->使用用户名和密码登录。

然后,我保存了带有相关参数(client_id,username,password,connection)的POST请求,首先使用它来获取访问令牌,然后将其粘贴到授权标头中,以便从Api服务器获取信息。

英文:

I found a tutorial on youtube on how to use postman to login with username and password credentials to a DB Connection.

https://www.youtube.com/watch?v=VDUzBn6SzIY

so I installed the Auth0 Authentication API collection, and opened DB Connections -> Login using username and password.

so I saved the post request with the relevant params (client_id,userame,password,connection) and I just use it first to get the access token, and then paste it to Authorization header in order to fetch information from the Api Server.

huangapple
  • 本文由 发表于 2016年7月21日 00:44:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/38486272.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定