JWT Between HTTP Requests with curl

Identity Security Cloud (ISC) ISC Discussion and Questions
, , , ,
1

Hello devs! I’m trying to figure out if there’s a way to extract a JWT token from the response of an HTTP request — specifically from a “Test Connection” type request (or should I be using a different type instead?). I’d then like to use that token in a subsequent request using curl. Is there a standard or recommended approach for handling this kind of flow?

2

@stefanoperetti - Could you please elaborate on this point and the context? Are you trying to achieve this using an HTTP Action request within a workflow

4

I wasn’t using a workflow, I was trying to get the JWT in a variable with curl. If that doesn’t work, should I use a workflow or rules for getting the JWT and using it in another HTTP requests?

5

HI @stefanoperetti

You have to implement custom authentication :

1 Like
6

Hi @sidharth_tarlapally . I have three endpoints, and the connection test works fine(first one). However, when I try to use JWT in the Users endpoint, I get a 401 error saying no token was provided.

image
image798×397 6.5 KB

I’m saving the JWT from the second endpoint like this:
image
image896×171 3.34 KB

Then, I’m using it in the third endpoint like this.
image
image1214×257 9.56 KB

But still unauthorized saying that JWT is not well formed

7

Hi @stefanoperetti ,
Can you remove the Bearer from value and try. Header

image
image1035×219 11.7 KB

8

Hi @Kiran001 . I already tryed it out, but nothing happened

9

Hello,

For getting the Authorization Token using WebService Connector, you have to do the below.

  1. Create an HTTP Operation Named as “Custom Authentication”.

  2. Use this method in “Connector Settings” page as well so that whenever that source is called, it will always generate a new token.

    image
    image1918×331 22.9 KB

  3. In the custom authentication method, provide the details as below.

image
image1347×765 26.9 KB

image
image1402×587 20.4 KB

Provide the required parameters to generate the token in body as shown below

image
image1403×811 35.9 KB

image
image1380×507 10.1 KB

image
image1417×552 21.1 KB

Note that before doing these configurations on ISC, try them out first in POSTMAN and see whether you are able to fetch the Bearer Token or not. If yes, then, how you are getting Bearer Token Response in Response Body and accordingly make the changes in your Custom Authentication HTTP Method.

1 Like
10

Hello @rohit_wekhande Thank you for your response! It not unauthorized anymore, but I didn´t get the step of the second image. The one that you say that “Content-type” got a value as “.application/x-www-form-urlencoded” I´m not sure what to replace there.

11

Hello,

If you are talking about this step.

image
image1782×742 72.9 KB

Then, these are nothing by Header Details which are required for your API which is Generating Authz Token. Now, in my case, as I need to provide data in JSON Body as “x-www-form-urlendcoded”, hence, in the header section, I need to explicitly mention what is the JSON Body type supported by the API. Refer the below Screenshot from POSTMAN for your reference.

image
image1200×677 47.5 KB

So the header section will depend upon how you are passing the JSON Body in the API request to get the Bearer Token.

1 Like