Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Intellij env file configuration for Oauth2 with redirection #309

Open
Laurent-PRP opened this issue Jul 15, 2024 · 5 comments
Open

Support Intellij env file configuration for Oauth2 with redirection #309

Laurent-PRP opened this issue Jul 15, 2024 · 5 comments

Comments

@Laurent-PRP
Copy link

Hello,

After the issue #275, it seems that the Oauth2 with redirection does not work.

Firstly the provided Token URL appears to be ignored and http://localhost:3000 is always used instead

Secondly I still have an error $auth is not defined after the successful authentication.

My http-client.env.json :

{
    "XXXXX": {
        "Security": {
          "Auth": {
            "XXXXX": {
              "Type": "OAuth2",
              "Grant Type": "Authorization Code",
              "Client ID": "XXXXX",
              "Client Secret": "XXXXX",
              "Scope": "XXXXX",
              "Token URL": "XXXXX",
              "Auth URL": "XXXXX",
              "Redirect URL": "XXXXX"
            }
          }
        },
        "BaseUrl": "XXXXX"
    }
}

My QueryTest.http :

GET {{BaseUrl}}/XXXXX
Authorization: Bearer {{$auth.token("XXXXX")}}
AnWeber added a commit to AnWeber/httpyac that referenced this issue Aug 22, 2024
@AnWeber
feat: add some logging to $auth replacement (AnWeber/vscode-httpyac#309)
d1628a5
@AnWeber
Copy link
Owner

AnWeber commented Aug 22, 2024

@Laurent-PRP Unfortunately, I cannot support Redirect URL. I deviate here from the way in which Postman and Intellij Http Client determine the token. Both basically perform a Man In The Middle attack by controlling the browser that performs the requests. This allows you to intercept the redirect and the actual URL is irrelevant. I have deliberately not chosen this approach, as it would also allow me to intercept the password, which I don't want to be able to do. That is why the redirect URL is important for me, as I receive the parameters via this.

Secondly I still have an error $auth is not defined after the successful authentication.

I have added logging to a few central places, which may help to find the problem.

@Laurent-PRP
Copy link
Author

@AnWeber ok I understand, thanks for you help. In my situation the remote server is only allowing specific redirect URI, but I'll manage.

But for educational purpose could you explain to me how do you handle the redirect URL ? Do you temporary listen to the 3000 port to receive the answer ? If so what happen in the 3000 port is already in use ?

Thanks for the extra logging, I'll look into it.

@AnWeber
Copy link
Owner

AnWeber commented Aug 26, 2024

I start a small http Server on the Port, which will shutdown after Access Token is received. If Port is not available, an error will be thrown. You can configure the Port which will be used

@haringsrob
Copy link

I am also getting the $auth is not set error when running any http request.

@AnWeber
Copy link
Owner

AnWeber commented Oct 13, 2024

@haringsrob

I am also getting the $auth is not set error when running any http request

It would be interesting to see how the $auth variable is used. I am trying to recognize this using regex, but this seems to fail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@haringsrob @AnWeber @Laurent-PRP