I’m looking for some advice on retrieving a CRSF token and using the token for connector operations. The token is retrieved using basic auth username/password. Then if using postman the token is placed into a header x-crsf-token.
You can use the Custom Authentication option. For an example of how to set the “accesstoken” attribute in the application see the “No/Custom Authentication” section in the Web Services Connector Guide.
That said, the configuration of the Custom Authentication operation might be interesting and might require a
-
Before Operation rule:
- generate a Base64 encoded value for the token call
- call the token service with the Base64 encoded value for Basic Auth
-
After Operation rule:
- fetch the token value from the response (body, header (cookie), wherever the token value is available
- return the token value as the “accesstoken” attribute
Note that the UI does not present a config option for the Before/After rules for the Custom Authentication operation. You can however set the rules in the application XML under the operations config section.
Use the stored token value in the other Operations config as a headers
- “x-csrf-token” ← $application.accesstoken$
- “Authorization” ← either a stored application attribute value or one that is calculated in each operation’s before operation rule.
The Basic Auth’s username and password can be stored in the application config using the “_CA” mechnanism and retrieved in the Before Operation rules; $application.username_CA$ and $application.password_CA".