Could do with some advice if anyone can help or shed light on an error I am getting.
My process is as follows:
1.) Create JWT to get OAUTH2 token, supplying user id and password
2.) Apply token
3.) Call webservice to use the applied token
I create a JWT to be able to get an OAUTH2 token, this works fine and gives me the OAUTH2 token, to get this I do the following
Get the OAUTH2 Token
Code: Select all
http_setAuth( HTTP_AUTH_BASIC
: %trim(client_id)
: %trim(client_secret) );
sendData = 'grant_type=' + %trimr(http_urlEncode(%trimr(GrantType))) +
'&scope='+ %trimr(http_urlEncode(%trimr(wScope))) +
'&assertion=' +%trimr(JsonWebToken);
rc = http_req( 'POST' // Type
: tokenendpoint // Url
: *omit // Result Stmf
: resultStr // String to receive the results
: *omit // Send Stmf
: sendData // Send String
: 'application/x-www-form-urlencoded'); // Content
If rc <> 1;
wAuthMsg = http_error(*omit: wErrorStatus);
Oauth2Error = 'Y';
Else;
data-into AuthResultDs %DATA(resultStr) %PARSER('YAJLINTO');
Endif;
// Remove user and password from memory
http_setauth(http_auth_none: '':'');
// Set authority
HTTP_setAuth( HTTP_AUTH_BEARER: '':
%trimr(AuthResultDs.access_token));
Code: Select all
// --------------------------------------------------
// Add headers...
// --------------------------------------------------
http_xproc( HTTP_POINT_ADDL_HEADER: %paddr(AddHeaders));
// --------------------------------------------------
// Perform the http request and get back the response
// --------------------------------------------------
Monitor;
wResponse = http_string('POST': wUrl: JsonRequest: 'application/json');
// Monitor for error in calling request..
On-error;
.... Process the error etc
Endmon;
// ------------------------------
// Clear Oauth2 token from memory
// ------------------------------
rc = http_setAuth(HTTP_AUTH_NONE : ' ' : ' ' );
// ---------------------------------------------------------------------
// Delete the additional header added so not to confuse the next request
// ---------------------------------------------------------------------
http_xproc( HTTP_POINT_ADDL_HEADER : *NULL );
// ---------------------------------------------------------------------
// Free up Json processor
// ---------------------------------------------------------------------
yajl_tree_free(docNode);
In the log you can see the Authorization: Bearer One2EiN1Oag1WAbRXAnr06Z50sEQ which proves the Oauth2 token was applied.
Header values can be seen also, these are correct and have been verified (Values takes out for security)
IvUserKey:cn=xxxx
ivUserBic:xxxxx
senderBic:xxxxx
pri:xxxx
X-Request-Timestamp:2025-09-12T11:09:37.693+02:00
is the error I am not authorised or that the site needs a user and password?
I saw somewhere Scott commented that the user and password message is sometimes confusing and sometimes not correct.
That said, I am looking at the "not authorised message".
The log looks as follows:
Code: Select all
HTTPAPI Ver 1.49 released 2024-04-16
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R5M0
2025-09-12-11.09.37.725587: http_persist_open(): entered
2025-09-12-11.09.37.729251: http_long_ParseURL(): entered
2025-09-12-11.09.37.729307: DNS resolver retrans: 2
2025-09-12-11.09.37.729320: DNS resolver retry : 2
2025-09-12-11.09.37.729332: DNS resolver options: x'00000136'
2025-09-12-11.09.37.729352: DNS default domain: ENI.COM
2025-09-12-11.09.37.729366: DNS server found: 10.10.10.140
2025-09-12-11.09.37.729378: DNS server found: 10.10.10.10
2025-09-12-11.09.37.729393: Resolving host api-test.xxxx.sipn.xxxx.com
2025-09-12-11.09.37.729411: inet_addr return value for this host is 4294967295
2025-09-12-11.09.37.729440: gethostbyname() returned 2508603163
2025-09-12-11.09.37.729453: Looking up service https
2025-09-12-11.09.37.729472: Service table returns port 443
2025-09-12-11.09.37.729514: Nagle's algorithm (TCP_NODELAY) disabled.
2025-09-12-11.09.37.741421: SNI hostname set to: api-test.xxxx.sipn.xxxx.com
2025-09-12-11.09.37.821113: -------------------------------------------------------------------------------------
2025-09-12-11.09.37.821141: Dump of server-side certificate information:
2025-09-12-11.09.37.821153: -------------------------------------------------------------------------------------
2025-09-12-11.09.37.821166: Cert Validation Code = 6000
2025-09-12-11.09.37.826436: -----BEGIN CERTIFICATE-----
Taken out for log for security=
2025-09-12-11.09.37.826541: -----END CERTIFICATE-----
Serial Number: 67:5E:49:88
Common Name: api-test.xxxx.sipn.xxxx.com
Country: ww
Org Unit: swift
Org: operational
Issuer Org: xxxx
Version: 3
not before: 20250107064759
Unknown Field: 06:47:59 07-01-2025
not after: 20290107071759
Unknown Field: 07:17:59 07-01-2029
pub key alg: 1.2.840.113549.1.1.1
signature algorithm: 1.2.840.113549.1.1.11
Unknown Field: 0382010F003082010A0282010100BCD9A30C8E46883477E4C458EA3BF78349ED3C2A492059DE376624606A9D2B8F37C65218457A7E7924D1A52768D3C4B1803DC29E27CB24A9278705CBECB1EB29908806DA60DDE6A9119534E757B4C8226B387EB501A6CDF0E409CCFDD24A0E967A4CABFE4D18A019A70421881856B7BB15CC4AC52A8DCD703EB57F9E72014CE32869392A633A0ECC38FB05B92AA28A2695BA76F7D7019A96CD8D36FD8D249F1276B100793C009665D938849425D0612F2185F980DE08EDA73645E0C5304C0C476D546C06A33785A5AE0B286F96A65459206C6E987A8D7567217AF356B0EC044AFC49ADDB478FFF6250E56F1B514462E8E42C9FEB145596F058D96DF9D7096E1F0203010001
Unknown Field: 2048
Unknown Field: 940C10B26892F5ABDA2415504600C851
Unknown Field: 1.2.840.113549.2.5
Unknown Field: 5C9263F27D1E6A02A43A4EC7EA809E48DFE72D11
Unknown Field: 3E9D67428382498148E8D9F17F2908CBB7D49BACCF285B28F8A0BF3B4993A087
Unknown Field: 5
Unknown Field: api-test-nl-mon.xxxx.sipn.xxxx.com
Unknown Field: api-test-ch-mon.xxxx.sipn.xxxx.com
Unknown Field: api-test.xxxx.sipn.xxxx.com
Unknown Field: 0
Unknown Field: 1.3.21.6.6.10.100.5
Unknown Field: CN=CRL5855,O=SWIFT
2025-09-12-11.09.37.827542: Protocol Used: TLS Version 1.2
2025-09-12-11.09.37.827565: http_persist_req(POST) entered.
2025-09-12-11.09.37.827592: http_long_ParseURL(): entered
2025-09-12-11.09.37.827625: http_long_ParseURL(): entered
2025-09-12-11.09.37.827718: do_oper(POST): entered
2025-09-12-11.09.37.827753: CommSSL_BlockWrite(): gsk_secure_soc_write socket fd=1, flags=00000084, blocking=0
2025-09-12-11.09.37.827791: CommSSL_BlockWrite(): gsk_secure_soc_write rc=0, len=234
POST /xxxx-xxxx-pilot/v1/xxxx/xxxx/vop HTTP/1.1
Host: api-test.xxxx.sipn.xxxx.com
User-Agent: http-api/1.48
Content-Type: application/json
Content-Length: 5000
Authorization: Bearer One2EiN1Oag1WAbRXAnr06Z50sEQ
2025-09-12-11.09.37.827811: CommSSL_BlockWrite(): gsk_secure_soc_write socket fd=1, flags=00000084, blocking=0
2025-09-12-11.09.37.827831: CommSSL_BlockWrite(): gsk_secure_soc_write rc=0, len=187
IvUserKey:cn=xxxx
ivUserBic:xxxxx
senderBic:xxxxx
pri:xxxx
X-Request-Timestamp:2025-09-12T11:09:37.693+02:00
2025-09-12-11.09.37.827850: CommSSL_BlockWrite(): gsk_secure_soc_write socket fd=1, flags=00000084, blocking=0
2025-09-12-11.09.37.827869: CommSSL_BlockWrite(): gsk_secure_soc_write rc=0, len=2
2025-09-12-11.09.37.827886: senddoc(): entered
2025-09-12-11.09.37.827899: senddoc(): data left=5000, chunk size=5000, timeout=30, calling comm_blockWrite...
2025-09-12-11.09.37.827912: CommSSL_BlockWrite(): gsk_secure_soc_write socket fd=1, flags=00000084, blocking=0
2025-09-12-11.09.37.827941: CommSSL_BlockWrite(): gsk_secure_soc_write rc=0, len=5000
*****Request body was here, taken out for security****
2025-09-12-11.09.37.827956: senddoc(): comm_blockWrite returned 5000
2025-09-12-11.09.37.827968: recvresp(): entered
2025-09-12-11.09.37.827981: recvresp: reading response header, space left=32767
HTTP/1.1 401 Unauthorized
2025-09-12-11.09.38.231087: recvresp: reading response header, space left=32740
Date: Fri, 12 Sep 2025 09:09:38 GMT
2025-09-12-11.09.38.231121: recvresp: reading response header, space left=32703
Content-Type: application/json
2025-09-12-11.09.38.231136: recvresp: reading response header, space left=32671
Content-Length: 0
2025-09-12-11.09.38.231152: recvresp: reading response header, space left=32652
Connection: keep-alive
2025-09-12-11.09.38.231167: recvresp: reading response header, space left=32628
Strict-Transport-Security: max-age=31536000; includeSubDomains
2025-09-12-11.09.38.231961: recvresp: reading response header, space left=32564
X-XSS-Protection: 1; mode=block
2025-09-12-11.09.38.231978: recvresp: reading response header, space left=32531
X-Content-Type-Options: nosniff
2025-09-12-11.09.38.231993: recvresp: reading response header, space left=32498
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
2025-09-12-11.09.38.232008: recvresp: reading response header, space left=32417
X-Frame-Options: SAMEORIGIN
2025-09-12-11.09.38.232022: recvresp: reading response header, space left=32388
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
2025-09-12-11.09.38.232037: recvresp: reading response header, space left=32313
x-content-type-options: nosniff
2025-09-12-11.09.38.232051: recvresp: reading response header, space left=32280
x-xss-protection: 0
2025-09-12-11.09.38.232066: recvresp: reading response header, space left=32259
cache-control: no-cache, no-store, max-age=0, must-revalidate
2025-09-12-11.09.38.232080: recvresp: reading response header, space left=32196
pragma: no-cache
2025-09-12-11.09.38.232094: recvresp: reading response header, space left=32178
expires: 0
2025-09-12-11.09.38.232109: recvresp: reading response header, space left=32166
strict-transport-security: max-age=31536000 ; includeSubDomains
2025-09-12-11.09.38.232123: recvresp: reading response header, space left=32101
x-frame-options: DENY
2025-09-12-11.09.38.232138: recvresp: reading response header, space left=32078
x-envoy-upstream-service-time: 49
2025-09-12-11.09.38.232152: recvresp: reading response header, space left=32043
Set-Cookie: 9dd82f42f18f840982bf322df7490b52=d9146d194789702345cdc3f9901f4f83; path=/; HttpOnly; Secure; SameSite=None;HttpOnly;Secure
2025-09-12-11.09.38.232166: recvresp: reading response header, space left=31907
X-Request-ID: nlartl52-1055975-47977092-1
2025-09-12-11.09.38.232181: recvresp: reading response header, space left=31864
Set-Cookie: TS013f97cf=01d40caef1d62f6d7aa2959361c0a192333386f886cfe20e0046e06643eb4c9177b6c5eab694fb89f8a1d3aa1d1efded8f87e59c45; Path=/; Secure; HttpOnly
2025-09-12-11.09.38.232196: recvresp: reading response header, space left=31707
2025-09-12-11.09.38.232210: recvresp: empty line, ending header, number of eol chars=2
2025-09-12-11.09.38.232228: recvresp: header resp code = 401 repeating=0
[b]2025-09-12-11.09.38.232244: SetError() £13: HTTP/1.1 401 Unauthorized[/b]
2025-09-12-11.09.38.232256: recvresp(): end with 401
2025-09-12-11.09.38.232279: recvdoc parms: identity 0
[b]2025-09-12-11.09.38.232295: SetError() £36: This page requires a user-id & password[/b]
2025-09-12-11.09.38.232339: recvdoc(): entered
2025-09-12-11.09.38.232351: SetError() £0:
2025-09-12-11.09.38.232363: recvdoc(): Receiving 0 bytes.
2025-09-12-11.09.38.232374: recvdoc(): Nothing to receive, exiting...
[b]2025-09-12-11.09.38.232386: SetError() £36: This page requires a user-id & password[/b]
2025-09-12-11.09.38.232411: http_close(): entered