httpie-jwt-auth icon indicating copy to clipboard operation
httpie-jwt-auth copied to clipboard
verified publisher icon teracyhq

Fetch token dynamically

Open jayvdb opened this issue 5 years ago • 4 comments

It would be helpful if a URL can be specified (using an env var) which is used to obtain the token. Ideally then use the username and password provided via --auth=.

The token fetch and use sequence would then be triggered upon response header Www-Authenticate:, which also typically contains keyword JWT or Bearer to indicate which prefix was expected.

jayvdb avatar Apr 10 '20 15:04 jayvdb

See also https://github.com/teracyhq/httpie-jwt-auth/issues/4#issuecomment-579893723

jayvdb avatar Apr 10 '20 15:04 jayvdb

@jayvdb I'm not sure if we should include this into the plugin. Do you know any other similar mechanism from other plugins? I doubt that it is out of this plugin scope, maybe you can create another wrapper or lib from this plugin instead?

hoatle avatar Apr 11 '20 04:04 hoatle

Sure, https://github.com/httpie/httpie-ntlm/blob/master/httpie_ntlm.py and https://github.com/requests/requests-ntlm/blob/v1.1.0/requests_ntlm/requests_ntlm.py do something similar.

I expect https://github.com/ndzou/httpie-negotiate/blob/master/httpie_negotiate.py will be doing the same inside of requests_kerberos

The primary difference is that ntlm and kerberos know the 'endpoint' where they can convert user/pass to get the tokens needed. For JWT, that endpoint could be anywhere on the same host.

I understand if you still would rather that this plugin doesnt attempt this, in which case I'll try to build my own.

jayvdb avatar Apr 11 '20 05:04 jayvdb

@jayvdb thank you for your information, it's cool if you could try and send a PR for this.

hoatle avatar Apr 12 '20 06:04 hoatle