Token Exchanged-based auth: How to execute a pre request #765
Replies: 2 comments 1 reply
-
|
There are 2 ways that you could go about this @natalie-o-perret but like you mentioned requires Vars or Scripts to get working. Method 1The easy way to do this is to go to the Vars tab and define a collection variable like Then go to API call Repeat this step to save access_token_2 as a collection variable so that every API call in the collection can it for their Authorization Header. Annoyingly, each time you open this collection you will have to do auth API call Method 2The more difficult way but more convenient once set up would be to use the collection pre-script to do both authorization steps together. It can be found by going to the gear icon next to the environment selection dropdown. Here is the basic format for the script: const axios = require("axios");
const url = require("url");
const btoa = require("btoa");
var path = bru.getEnvVar("ssoBaseUrl")+"/auth/realms/"+bru.getEnvVar("ssoRealm")+"/protocol/openid-connect/token";
var creds = btoa(bru.getEnvVar("Username")+":"+bru.getEnvVar("Password")); //set environment variable for username and password
var headers = {"Authorization": "Basic "+creds, "Content-Type": "application/x-www-form-urlencoded"};
var params = new url.URLSearchParams({grant_type: "client_credentials"});
const auth1 = await axios.post(path,
params.toString(),
{headers: headers}).then((response) => {
bru.setVar("access_token_1",response.data.access_token); //save access_token_1 for use elsewhere
});
params = new url.URLSearchParams({
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
audience: "some target audience",
subject_token: bru.getVar("access_token_1")
});
const auth2 = await axios.post(path,
params.toString(),
{headers: headers}).then((response) => {
bru.setVar("access_token_2",response.data.access_token);
});Lastly, use access_token_2 in the collection Headers tab as ConsiderationsIf you would like to test multiple environments quickly then consider changing all collection level variables to be environment variables by changing all instances of |
Beta Was this translation helpful? Give feedback.
-
|
Hey @n00o, thanks a ton 🙏, will try this out tomorrow 🌞 |
Beta Was this translation helpful? Give feedback.
-
|
@n00o thanks a lot for your example. |
Beta Was this translation helpful? Give feedback.
-
I really enjoy Bruno 🐶, great work and kudos to the maintainers 💪🎉.
But I'm struggling when it comes to the pre-request stuff with both Vars and Script.
So, long story short, I often have to deal with APIs that rely on exchange token-based auth grants (via keycloak + open id) which usually translates to the workflow below:
POST:{{ssoBaseUrl}}/auth/realms/{{ssoRealm}}/protocol/openid-connect/tokenauthorization: Basic auth'content-type:application/x-www-form-urlencodedgrant_type:client_credentials1.POST:{{ssoBaseUrl}}/auth/realms/{{ssoRealm}}/protocol/openid-connect/tokenauthorization: Basic auth' (same header as in 1.)content-type:application/x-www-form-urlencodedgrant_type:urn:ietf:params:oauth:grant-type:token-exchangeaudience:some target audiencesubject_token: ❌this is where I'm struggling to pass theres.body.access_tokenof the Request1.as thereq.body.subject_tokenof the request2.😕🤔2.as a Bearer Token authorize header value for leveraging some other APIsI'm used to work with Postman and Insomnia in which 1. is run automatically whenever 2. is being executed and there is like some way of passing certain pre-request field via the UI, e.g.,
As far as I understand this is not something support in Bruno and I have to rely on either on Script or Vars tab (I'm fine with that), but I haven't managed to work it (what I mentionned in 2.`) out so far.
Beta Was this translation helpful? Give feedback.
All reactions