ply icon indicating copy to clipboard operation
ply copied to clipboard

Published 20 hours ago verified publisher icon ply-ct

Authorization headers are ignored

Open osechet opened this issue 1 year ago • 1 comments

Hello, I'm trying to test successive queries that use JWT. The first query generate a token that must be passed as an "Authorization: Bearer" to the following queries. Here is an example of what I do:

login:
  url: https://localhost:8443/api/v1/login
  method: POST
  headers:
    Accept: application/json
    Content-Type: application/json
  body: |-
    {
      "username": "user1",
      "password": "password1"
    }

listFeatures:
  url: https://localhost:8443/api/v1/features
  method: GET
  headers:
    Authorization: Bearer ${@login.response.body.token}

The second query always failed because the Authorization header is removed from the actual run (notice the headers: {}):

listFeatures:  # 1/3/2024, 16:52:26:528
  request:
    url: https://localhost:8443/api/v1/features
    method: GET
    headers: {}
…

What did I miss?

osechet avatar Jan 03 '24 16:01 osechet

Your syntax is correct. The Authorization header is redacted from console output and from actual results. In your scenario, if the response body contains a token property, it should be included in the listFeatures request's Authorization header. If you have a way of checking what the target API receives at the server, you should be able to confirm this.

donaldoakes avatar Apr 13 '24 16:04 donaldoakes