Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escape special characters +-&|!(){}[]^"~*?:\ - e.g. \+ \* \!
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Using Postman for accessing local application APIs

With Postman I am able to get a valid access token for my local app.
I am using for co-loc-checkin-app-user with PKCE challenge.

However when I send the request I get the following response

{
"auth": true,
"debug": "idp login required",
"next": {
"href": "http://localhost:4200/coloc/checkin/api/auth/authn/login/{frontend-redirect-url}"
},
"type": "NO_AUTHN",
"useAjax": false
}

Below is the curl from postman:
curl --location --request GET 'http://localhost:8080/coloc/checkin/api/greetings'
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiVV9PNDJfbVBibEN1Zk9EOHEyZE5JeVIyT2FGOWNvMktZSVRHWEZ5OW44In0.eyJleHAiOjE2NjE0MzEzMjQsImlhdCI6MTY2MTQzMTAyNCwiYXV0aF90aW1lIjoxNjYxNDMxMDIzLCJqdGkiOiJiNDhjZjIyZC04ZDczLTRlNzctYmQxYi03NmFmYzhmNWE4MmYiLCJpc3MiOiJodHRwczovL3FsaW5lLnVuaS1ncmF6LmF0L1FTWVNURU1fS0ZVL2NvL3B1YmxpYy9zZWMvYXV0aC9yZWFsbXMvQ0FNUFVTb25saW5lIiwic3ViIjoiZjpjby1pZHAtVUI6MjlGNEIxQTRBOTAzRkVDOCIsInR5cCI6IkJlYXJlciIsImF6cCI6ImNvLWxvYy1jaGVja2luLWFwcC11c2VyIiwic2Vzc2lvbl9zdGF0ZSI6IjFjMGFmZmM1LTVhNGEtNGZlMy05NzJlLWRhNjRkZTUzYTNmNiIsImFjciI6IjEiLCJzY29wZSI6Im9wZW5pZCBjby1hdXRoLXNlc3Npb24ud3JpdGUifQ.WxWtsj4jL_PV25dupkLOzWhsV2-agozz9HJuhzs0SuEXA1QKLT8TAlw1JYs5fxWIGY4Svhd4xtUX-yxnrXnI33ie5N0aSB1AC6ECEjzW58fPntEDAe4HkV1phxoUhPuVbj44EV68H2T2jGvyLIUmYItH84BSTlcTqBVF8lhqXTCyFJGXWgm2m4LYx1RVQmAjpQz82fHbj03PWO_PKn3YdLtbZ3UonsrZ0cxMS2AgoKasLijEmbkbUhQ3HWXWhq9jRJn5SteJ_csKWOPTnSKUpk6_H6TEIcN44RrzgiDyacOdpTu6NLu1MTaTkpdkloV8k6UNUeINy_JuinHq9wnKpA'

Is it at all possible to access the APIs using postman? Because on the other hand, I am able to access the APIs as long as I log in to the web application on the browser.
Maybe I am missing some fundamental concept here?

1
1
Posted 2 years ago
Votes Newest

Answers 2


Which conx version are you using?

What is annotated on your Rest-APIs? @Authenticated (quarkus is expecting jwt as cookie in dot seperated format), @RolesAllowed (quarkus is expecting jwt as bearer in auth head).

Is your JWT a user session or back-channel auth?

Last check your setting in application.yml "conx->auth->session-type".

  
  
Posted 2 years ago
Lucas Reeh
108 × 4 Administrator
  
  

@Authenticated cookie format for quarkus "Cookie: q_session_user={{access_token}}|{{refresh_token}}|{{session_state}"}

Lucas Reeh   2 years ago Report
1
1

Von Postman musste ich {{access_token}}|{{refresh_token}}|{{id_token}}.{{session_state}} holen, damit es funktioniert.

Anand Natampalli   2 years ago Report

Thank you. This worked. I was using JWT with Bearer and didn't realize I need to use q_session_user since I am using @Authenticated.

1
1
Posted 2 years ago
2K Views
2 Answers
2 years ago
2 years ago
Tags