I\'d been using the Postman in-tab extension to tests calls to call JHipster resource API\'s and found that it worked great (JHipster setup to use OAuth2). I authenticated
/api/authenticate
with the following body:
{"password":"admin","username":"admin"}
. You will receive the following response: {"id_token":"aabbccddeeff"}
Authorization: Bearer aabbccddeeff
/api/authenticate
endpoint If you have deployed a single microservice and you want to test it in isolation you can configure Postman to build a JWT token using a pre-request script.
application-dev.yml
file generated by JHipster and grab the base64-secret
value:security:
authentication:
jwt:
# This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
base64-secret: N2Y2MmFkNzg2ZTI4NTZiZGEwMTZhYTAzOTBhMjgwMzlkMzU2MzRlZjJjZDA2MzQ0NGMxOGFlZThjOWY0MjkzNGVlOGE3ZjkxZGI5ZTQxOGY3MjEwNWUwYTUxMTUxODYxY2U4ZWMzZjVhMjg0NTZkNzlhNWUyMmEyNjQ5NzkxZmI=
Put the value in a variable named jhipster_jwt_secret
inside the Postman Environment.
Configure your pre-request script (this is largely copied from a Gist):
function base64url(source) {
// Encode in classical base64
encodedSource = CryptoJS.enc.Base64.stringify(source);
// Remove padding equal characters
encodedSource = encodedSource.replace(/=+$/, '');
// Replace characters according to base64url specifications
encodedSource = encodedSource.replace(/\+/g, '-');
encodedSource = encodedSource.replace(/\//g, '_');
return encodedSource;
}
var header = {
"typ": "JWT",
"alg": "HS256"
};
var payload = {
"sub": "user",
"auth": "role"
};
var secret = CryptoJS.enc.Base64.parse(postman.getEnvironmentVariable("jhipster_jwt_secret"));
// encode header
var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header));
var encodedHeader = base64url(stringifiedHeader);
// encode data
var stringifiedPayload = CryptoJS.enc.Utf8.parse(JSON.stringify(payload));
var encodedPayload = base64url(stringifiedPayload);
// build token
var token = encodedHeader + "." + encodedPayload;
// sign token
var signature = CryptoJS.HmacSHA256(token, secret);
signature = base64url(signature);
var signedToken = token + "." + signature;
postman.setEnvironmentVariable("jwt_token", signedToken);
{{jwt_token}}
in the Token input field.The easiest way for me is
log into your Jhipster Web app with the admin credential
Select Administration > API
It will list a curl
action with the token, now you can grab the token and use it in Postman
It is possible to use Postman with a JWT JHipster app.
Authorization
header. The JWT token is the value to the right of "Bearer ". You can also find this token in the browser's localStorage under the key jhi-authenticationToken
.Edit the headers in Postman and add the Authorization
header. The value should look like the following:
Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJydRkZWxsIiwiYXV0aCI6IlJPTEVfQURNSU4sUk9MRV9U0VSIiwiZXhwIjoxNDgzOTg1MDkzfQ.1A13sBvr3KDWxJQpKDKOS33KAVjWIb3mS_qfxLBOCq_LbMwNHnysAai0SNXXgudMOulAnXYN9_Mzlcv1_zctA