Token not found yet setAuth seems working

[Kyosukeh]

Hi,

First time trying auth with HTTAPI,

im using http_setauth(HTTP_AUTH_USRDFN:'Token':'MyToken')
then http_req('GET':%trim(url):*OMIT:response);

it look like the token and auth is set

but i got a http 200 response with Token not found,

when i try the same thing in SoapUI it work

Anyone got an idea ?

Thanks

Code: Select all

************Beginning of data**************                                          
HTTPAPI Ver 1.45 released 2021-09-20                                                  
NTLM Ver 1.4.0 released 2014-12-22                                                    
OS/400 Ver V7R3M0                                                                     
                                                                                      
New iconv() objects set, PostRem=819. PostLoc=0. ProtRem=819. ProtLoc=0               
https_init(): entered                                                                 
QSSLPCL = *OPSYS                                                                      
SSL version 2 support enabled                                                         
SSL version 3 support enabled                                                         
Old interface to TLS version 1.0 support enabled                                      
TLS version 1.0 support enabled                                                       
TLS version 1.1 support enabled                                                       
TLS version 1.2 support enabled                                                       
Support for TLS 1.3 unavailable.                                                      
initializing GSK environment                                                          
GSK Environment now available                                                         
------------------------------------------------------------------------------------- 
Dump of local-side certificate information:                                           
http_setauth(): entered                                                               
http_persist_open(): entered                                                          
http_long_ParseURL(): entered                                                         
DNS resolver retrans: 2                                                               
DNS resolver retry  : 2                                                               
DNS resolver options: x'00000136'                                                     
DNS default domain: S783BA00                                                          
DNS server found: 8.8.8.8                                                             
DNS server found: 8.8.4.4                                                             
Nagle's algorithm (TCP_NODELAY) disabled.                                             
SNI hostname set to: MYHOST
------------------------------------------------------------------------------------- 
Dump of server-side certificate information:                                          
------------------------------------------------------------------------------------- 
Cert Validation Code = 6000                                                           
-----BEGIN CERTIFICATE-----                                                           
MIIE9zCCA9+gAwIBAgISA5H0TFB1gMowsWBQTUaZfd62MA0GCSqGSIb3DQEBCwUA                      
-----END CERTIFICATE-----                                              
Serial Number: 03:91:F4:4C:50:75:80:CA:30:B1:60:50:4D:46:99:7D:DE:B6   
Common Name: *.dev.odoo.com                                            
Issuer CN: R3                                                          
Issuer Country: US                                                     
Issuer Org: Let's Encrypt                                              
Version: 3                                                             
not before: 20231211055521                                             
Unknown Field: 05:55:21 11-12-2023                                     
not after: 20240310055520                                              
not after: 20240310055520                                 
Unknown Field: 05:55:20 10-03-2024                        
pub key alg: 1.2.840.113549.1.1.1                         
signature algorithm: 1.2.840.113549.1.1.11                
Unknown Field: 0382010F003082010A02820101009CB1B626F22A380
Unknown Field: 2048                                       
Unknown Field: 409CC7E9C83D7BBB95C330611ADBCAAC           
Unknown Field: 1.2.840.113549.2.5                         
Unknown Field: 956E5621328646DB0D25E76AB15436390F11B952   
Unknown Field: 50D677EBC7536E5C450AA9966578C20B3CE6023A5B4
Unknown Field: 5                                          
Unknown Field: *.dev.odoo.com                             
Unknown Field: 0                                          
Unknown Field: 1.3.6.1.5.5.7.3.2                          
Unknown Field: 1.3.6.1.5.5.7.3.1                          
Unknown Field: 2.23.140.1.2.1                             
Unknown Field: http://r3.o.lencr.org                      
                                                          
Protocol Used: TLS Version 1.2                                                                    
http_persist_req(GET) entered.                                         
http_long_ParseURL(): entered                                          
http_long_ParseURL(): entered                                          
do_oper(GET): entered                                                  
There are 0 cookies in the cache                                       
GET /api/res.partner/162?api_key=MYAPI HTTP/
Host: MyHOST
User-Agent: http-api/1.45                                              
Authorization: Token MyToken

recvresp(): entered                                            
HTTP/1.1 200 OK                                                
Date: Fri, 12 Jan 2024 16:53:44 GMT                            
Content-Type: application/json; charset=utf-8                  
Content-Length: 181                                            
Connection: keep-alive                                         
Strict-Transport-Security: max-age=600; includeSubDomains      
Set-Cookie: session_id=364784e291713c05f1c2c837d32ea7eb6947a520; Expires=Sat, 11 Jan 2025 16:53:44 GMT; Max-Age=6
X-Content-Type-Options: nosniff                                                                                  
Server: Odoo.sh                                                                                                  
                                                                                                                 
                                                                                                                 
SetError() £13: HTTP/1.1 200 OK                                                                                  
recvresp(): end with 200                                                                                         
recvdoc parms: identity 181                                                                                      
header_load_cookies() entered                                                                                    
cookie_parse() entered                                                                                           
cookie =  session_id=364784e291713c05f1c2c837d32ea7eb6947a520; Expires=Sat, 11 Jan 2025 16:53:44 GMT; Max-Age=604
cookie attr session_id=364784e291713c05f1c2c837d32ea7eb6947a520                                                  
cookie attr Expires=Sat, 11 Jan 2025 16:53:44 GMT                                                                
cookie attr Max-Age=604800                                                                                       
cookie attr HttpOnly=                                                                                            
cookie attr Path=/                                                                                               
cookie attr Secure=                                                                                              
cookie attr SameSite=Lax                                         
recvdoc(): entered                                                                     
SetError() £0:                                                                         
recvdoc(): Receiving 181 bytes.                                                        
{"success": true, "message": "Token not found", "responseCode": 200, "api_key": "XXXXX"
http_close(): entered                                                                                                                  

[Scott Klement]

I've not heard of 'Token' before. Did you mean Bearer?

Code: Select all

 http_setauth(HTTP_AUTH_USRDFN:'Bearer':'MyToken')
 

[Kyosukeh]

Hi Scott

Yes, Token = Bearer
in my case the API use the word Token
thats why i used HTTP_AUTH_USRDFN

in soapUI i do this

Capture d’écran 2024-01-13 101146.png (230.55 KiB) Viewed 1998 times

[Scott Klement]

Okay, it looks like they are using a completely separate header rather than the authorization one. As such, http_setAuth() is the wrong tool for the job.

You will need to write an "additional headers" exit procedure that adds the custom header.

Before calling http_req(), do this to tell it you want to add your own custom header:

Code: Select all

 http_xproc( HTTP_POINT_ADDL_HEADER: %paddr(MyHeaders) );        

When http_req() runs and is building the HTTP headers, it will now call MyHeaders. My headers can add the Token: header

Code: Select all

 dcl-proc MyHeaders;
   dcl-pi *n;
     header varchar(5000);
   end-pi;
  
   header = 'Token: ' + %trim(TheTokenValue) + x'0d25';
 end-proc;

[Kyosukeh]

Its working !

thanks a lot for the help (and the tool)