I am trying to figure out how to add the OAuth Token to a Breeze-Sharp request. I am using Microsoft WebAPI and I want to use the OAuth token from OWIN to authorize all my query requests. I am not seeing where or how to change the request headers. I see that you can add parameters to a query using WithParameter but I am not seeing where I can change the header.
I am looking for something like this:
var query = new EntityQuery<TodoItem>().[AddHeader("Authorization","Bearer wkjksdjf...."];
You can add the authorization header to HttpClient used by EntityManager.
eq.
this.entityManager.DataService.HttpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(AuthenticationSetup.Bearer, authenticationHeader);
Related
my team and I are trying to embed a PowerBi Report using the PowerBiEmbed component in order to visualize it without repeating the signin procedure every time you access to the dashboard app in a Microsoft Teams context.
Basically, we are missing how to generate the Bearer access token to use in the API request https://api.powerbi.com/v1.0/myorg/groups/{MY_WORKSPACE_ID}/reports/{MY_REPORT_ID}/GenerateToken
to generate the actual token to use in embedding inside the component.
We figured out that using the token that PowerBi actually use when you login into its client, grabbed from the resource headers through inspection, has a particular scope (user_impersonation) that we are trying to replicate in some way because, using that token in Postman requests, we are obtaining the embed token correctly and everything works fine.
So our and my doubts are:
Microsoft has to generate this access token somewhere when i login, where and/or how?
which api do we need to call to get this bearer access token? is it https://login.microsoftonline.com/common/oauth2/authorize? Or is there an SDK or something that implements these calls?
do we need to configure an AAD client application? If so, what permission should we check?
is there a way to get this special access token with user_impersonation scope?
if i'm already in an authenticated context (i.e. Teams) can I skip this authentication step?
I really need some clarification about this kind of stuffs.
Could you please try use this requset to generate access token and use this token to take a try?
POST {tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=xxxx
&scope=https://analysis.windows.net/powerbi/api/Report.ReadWrite.All
&username=MyUsername#myTenant.com
&password=xxx
&grant_type=password
And app api permission in azure ad application.
I can call this api in my side:
I'm trying to add a bearer JWT token to a swagger request upon login of an account but I can't seem to get it working. The documentation leaves a lot to be desired.
const SWAGGER_CLIENT = SwaggerClient(".../api.yml");
const carsResponse = await SWAGGER_CLIENT.client.execute({ operationId: "getCars" }); // I need { Authorizations: Bearer ${token}} here
If it's not possible to add it there then I can always create the client above with the token upon a successful login.
I think the issue is the syntax more than anything. There is virtually no documentation on how to use the .execute() method which is very frustrating. FWIW; I'm using the execute method and passing in tag names to make it more reusable than using the generated functions e.g., getCars(), addCar() etc. I don't know if this is the "right" way to use Swagger but it makes sense to me.
Is is possible to add it globally so I needn't include it in every request? The token will need to be added upon a successful login. It's a CRA application using Redux.
If somebody could explain, or provide a small example of adding the authorization bearer token to the request above that be fantastic and greatly appreciated.
Thanks all.
We will be renaming Try It Out Executor to HTTP client for OAS operations. Thanks for your input!
How to add the authentication tokens in the angular $http call.
Planning to implement the identity and access management solution in later stage and like to make a provision to add the authentication token in the $http.
How can i do that?
That depends on how your API expects that information to be sent!?
Normally you would need to add a Authorization header like this:
$http.defaults.headers.common['Authorization'] = /* MY TOKEN */;
Can I use REST token as SOAP session ID? If so, is that a correct way of doing it? I have an App which consume SOAP and want to give an option to OAuth login to avoid user entering credentials to the App.
Thanks a lot.
You can take the access token resulting from your OAuth flow and use it in the same place that you'd use a sessionId in the SOAP API (i.e. you'd send it in the SessionHeader header in your soap requests). Remember that you'll need to include API scope when you start the OAuth flow.
I have a Backbone/RequireJS application built on top of .NET MVC4. I am using Forms Authentication to authenticate the user against our back end data store, and this is working great.
Our services layer is a .NET Web Api Project (RESTful API), and is using a tokenized approach to auth (initial request includes basic auth header. If auth is successful, response payload includes authentication token. Subsequent requests pass the token).
What I'm not sure about is how to now authenticate against our services layer. I'm sure I'll have to pass the auth header, but not sure how to generate the token, as I won't have username/password in my JS.
Should I bypass Forms auth altogether here, and simply make an ajax request over SSL? I can POST to the /Account/Login action just as well, and use the Membership Provider to validate credentials. If successful, I can add the Auth header for initial request & use auth token for subsequent requests.
Example of adding auth header / custom token here:
$.ajaxSetup({
'beforeSend': function (xhr) {
if($.cookie("AuthToken")) {
xhr.setRequestHeader("CustomTokenHeader", $.cookie("AuthToken"));
} else {
var token = methodToBase64EncodeUsernamePassword(username, password);
xhr.setRequestHeader("Authentication", "Basic " + token);
}
}
});
Take a look at this solution, which is based off a screencast I cannot seem to find again. If I can find it, I will update the answer. You should be able to follow the solutions easily though. The one you are looking for is PerRouteMHOwnershipSample. I believe the best practice is to 'bypass Forms auth altogether here, and simply make an ajax request over SSL'. Any api route you want to secure, will be filtered and a token will then need to be passed from your app and decoded on the server. I would personally not look at using Forms Authentication to secure your api.