发表新帖
发表新帖

Sending JWT token in the headers with Postman

后端 未结
关注
12 1741
借酒劲吻你
借酒劲吻你 2020-12-07 07:38

I\'m testing an implementation of JWT Token based security based off the following article. I have successfully received a token from the test server. I can\'t figure out ho

相关标签:
12条回答
  • 予麋鹿
    2020-12-07 07:55

    I did as how moplin mentioned .But in my case service send the JWT in response headers ,as a value under the key "Authorization".

    Authorization →Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpbWFsIiwiZXhwIjoxNDk4OTIwOTEyfQ.dYEbf4x5TGr_kTtwywKPI2S-xYhsp5RIIBdOa_wl9soqaFkUUKfy73kaMAv_c-6cxTAqBwtskOfr-Gm3QI0gpQ

    What I did was ,make a Global variable in postman as

    key->jwt
    value->blahblah

    in login request->Tests Tab, add

    postman.clearGlobalVariable("jwt");
postman.setGlobalVariable("jwt", postman.getResponseHeader("Authorization"));

    in other requests select the Headers tab and give

    key->Authorization

    value->{{jwt}}

    0 讨论(0)
  • 旧时难觅i
    2020-12-07 07:58

    For the request Header name just use Authorization. Place Bearer before the Token. I just tried it out and it works for me.

    Authorization: Bearer TOKEN_STRING

    Each part of the JWT is a base64url encoded value.

    0 讨论(0)
  • 北海茫月
    2020-12-07 08:06
    1. Open postman.
    2. go to "header" field.
    3. there one can see "key value" blanks.
    4. in key type "Authorization".
    5. in value type "Bearer(space)your_access_token_value".

    Done!

    0 讨论(0)
  • 一整个雨季
    2020-12-07 08:09

    Here is an image if it helps :)

    Postman

    Update:

    The postman team added "Bearer token" to the "authorization tab":

    0 讨论(0)
  • 傲寒
    2020-12-07 08:11

    I am adding to this question a little interesting tip that may help you guys testing JWT Apis.

    Its is very simple actually.

    When you log in, in your Api (login endpoint), you will immediately receive your token, and as @mick-cullen said you will have to use the JWT on your header as: 

    Authorization: Bearer TOKEN_STRING

    Now if you like to automate or just make your life easier, your tests you can save the token as a global that you can call on all other endpoints as:

    Authorization: Bearer {{jwt_token}}

    On Postman: Then make a Global variable in postman as jwt_token = TOKEN_STRING.

    On your login endpoint: To make it useful, add on the beginning of the Tests Tab add:

    var data = JSON.parse(responseBody);
postman.clearGlobalVariable("jwt_token");
postman.setGlobalVariable("jwt_token", data.jwt_token);

    I am guessing that your api is returning the token as a json on the response as: {"jwt_token":"TOKEN_STRING"}, there may be some sort of variation.

    On the first line you add the response to the data varibale. Clean your Global And assign the value.

    So now you have your token on the global variable, what makes easy to use Authorization: Bearer {{jwt_token}} on all your endpoints.

    Hope this tip helps.

    EDIT
    Something to read

    About tests on Postman: testing examples

    Command Line: Newman

    CI: integrating with Jenkins

    Nice blog post: master api test automation

    0 讨论(0)
  • 夕颜
    2020-12-07 08:11

    Everything else ie. Params, Authorization, Body, Pre-request Script, Tests is empty, just open the Headers tab and add as shown in image. Its the same for GET request as well.

    0 讨论(0)
 看不清?
提交回复
热议问题