Geek Answers Handbook

Client + RIP Client Authentication

I need to understand how to authenticate a REST client (maybe Paw, maybe an Android application, an iOs application using AFNetworking with jHipster, and I think in general with spring-boot, of which I am not an expert).

While I can get the token when registering in the browser and subsequently use this token in the following requests, I don’t understand how I can authenticate first of all using the best RESTful methods.

For example, in Paw.app, I can pass basic authentication or Oauth2, but I don’t understand how to get a session token that just authenticates like I do in a web browser.

Similarly, in AFNetworking I can go through basic authentication, for example.

NSString*auth=[NSString stringWithFormat:@"%@:%@", @"admin", @"admin"]; NSString *authValue = [NSString stringWithFormat:@"Basic %@", [auth base64EncodedString]]; [manager.requestSerializer setValue:authValue forHTTPHeaderField:@"Authorization"];

But I'm struggling to figure out how to authenticate using session security, which is related to loading jHipster / spring.

+6
source share
2 answers

Here is a summary of how I implemented the solution. Its real quick code, but please take it as a pseudo code, as this may be incorrect.

  • make a call to any method that you need to call, passing in this method a callback (block or equivalent) for success and one for failure

     func action( URLString:String, method:Method, encoding:Encoding = .JSON, parameters:[String : AnyObject]?, success:(statusCode:Int, responseObject:AnyObject)->Void, failure:(statusCode:Int, error:NSError)->Void )

  • Inside the es method. /events you handle a specific case of failure, that is, when the status code is 401.

      if(r!.statusCode==ResponseCodes.HTTP_UNAUTHORIZED.rawValue){ loginAndAction(URLString, method: method, encoding: encoding, parameters: parameters, success: success, failure: failure) }else{ failure(statusCode: response.response!.statusCode, error:response.result.error!) }

  • In this particular case, instead of returning the result and calling the failure callback, you call the login () method, which after the necessary parameters accepts the initial success() callback

     func loginAndAction( URLString:String, method:Method, encoding: Encoding, parameters:[String:AnyObject]?, success:(statusCode:Int, responseObject:AnyObject)->Void, failure:(statusCode:Int, error:NSError)->Void )->Void

  • if authentication is successful

     var d:[String:AnyObject] = response.result.value as! [String:AnyObject] self.authToken = d["access_token"] as! String action(URLString, method: method,encoding:encoding, parameters: parameters, success: success, failure: failure)

at this point, the method action can use the correct working token.

This should happen only once a day (based on the expiration of the token), and this is the mechanism applicable to calling oauth2 refresh_token .

+1
source

First of all, do not use HTTP session authentication for mobile applications.

Oauth2 or JWT, on the other hand, work great with mobile apps. The main idea is to get a token from jhipster to mobile, the token has an expiration time. During this time, you can use the token to access any REST API for jhipster to access data.

below. I am showing a code snippet of how I used jipster rest api in my angularjs based application. Hope this gives you an idea of ​​what you need to do.

uncomment cors in application.yml inside jhipster

 cors: #By default CORS are not enabled. Uncomment to enable. allowed-origins: "*" allowed-methods: GET, PUT, POST, DELETE, OPTIONS allowed-headers: "*" exposed-headers: allow-credentials: true max-age: 1800

To access the REST API with Oauth2 authentication in ionic form, you must first get the token in the ionic application

  $http({ method: "post", url: "http://192.168.0.4:8085/[Your app name]/oauth/token", data: "username=admin&password=admin&grant_type=password&scope=read write&client_secret=my-secret-token-to-change-in-production&client_id=auth2Sconnectapp", withCredentials: true, headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json', 'Authorization': 'Basic ' + 'YXV0aDJTY29ubmVjdGFwcDpteS1zZWNyZXQtdG9rZW4tdG8tY2hhbmdlLWluLXByb2R1Y3Rpb24=' } }) .success(function(data) { alert("success: " + data); }) .error(function(data, status) { alert("ERROR: " + data); });

here "YXV0aDJTY29ubmVjdGFwcDpteS1zZWNyZXQtdG9rZW4tdG8tY2hhbmdlLWluLXByb2R1Y3Rpb24=" is equal to (clientId + ":" + clientSecret)--all base64-encoded

you can use https://www.base64encode.org/ to check or recreate it for yourself

aboue $ http if successful will give you this JSON which contains a token and time runs out

 { "access_token": "2ce14f67-e91b-411e-89fa-8169e11a1c04", "token_type": "bearer", "refresh_token": "37baee3c-f4fe-4340-8997-8d7849821d00", "expires_in": 525, "scope": "read write" }

pay attention to "access_token" and "token_type", if you want to access any API, this is what you should use. We send a token with api to access the data until the token expires, we either update it or get access to a new one.

eg

 $http({ method: "get", url: "http://192.168.0.4:8085/auth-2-sconnect/api/countries", withCredentials: true, headers: { 'Authorization':' [token_type] + [space] + [access_token] ' } }) .success(function(data) { alert("success: " + data); }) .error(function(data, status) { alert("ERROR: " + data); });
+2
source

More articles:


All Articles