How to pass basic authentication to API call in robotframework - python-3.x

I am trying to learn robot framework and I am trying to connect my https API using BASIC authentication. Can anyone help me to start with initial setup ?
Attached is the screenshot how Iam currently connecting the REST API.
An example I found on GITHUB looked promising but no idea how to use it in my case. https://github.com/jjwong/RESTinstance_starter_project/blob/master/tests/test_basic_authentication.robot

You might need to add your username and password in headers of your request like
Authorization Basic username:password
Note you need to encode it with base64.
In case of Token based authentication
Authorization Bearer ${jwt_token}

Related

How to make request to endpoints exposed with AWS using iAM authentication?

I'm new to AWS and I need help.
I have some endpoints (GET - POST /endpoint) that are exposed by AWS and my client documented for me.
To call any endpoint I need to authenticate with IAM (my client gave me the secret_key and the access_key).
I guess with those 2 keys I need to obtain an access token that I need to pass as header authorization to the request.
I'm using node.js. How can I obtain the access token so that I can make the request (I guess with some library like axios)?
Thanks for all the help
You could potentially use the AnomalyInnovations/sigV4Client and the related blog post:
A standalone client for signing API Gateway requests for Signature Version 4.

Access cognito related operations in server-side

According to my use case,
I want expose a REST api(auth micro-service) that allows users to signup, sign in and do basic auth operations. So basically when a client calls /auth/login endpoint with username, password server code should authenticate user against Cognito and send response back to client with JWT(access token). Rest api written in Node.js.
I have gone through various docs but I am only seeing examples of using the frontend/mobile SDKs to accomplish this. Is there a better way to accomplish this? or can use existing javascript SDK in Node.js to achieve this?
Thanks!

Validate LTPA token in nodejs

IS there any way to validate LTPA token previously generated from IBM Tivoli federated Websphere Application Server in my nodejs application.
I have checked "ldapjs", but I could not find something to validate LTPA token.
I have written a small library for this purpose: https://www.npmjs.com/package/ltpa
Once you've extracted your server key you can use the library to validate, and generate LtpaTokens.
There is an Java API related with WSLogin - which allows to validate LTPA. (Technically a re-login here)
But I dont think you can use this with Nodejs.
But my preferred way is to use the BASIC authentication using the URL post from your app.
This requires a provider (Websphere) to expose a URL for you.

Using Passport module in Nodejs for OAuth

I am new to Node.js, OAuth.
I am developing a web app using Nodejs. My application is interacting with the third party API to get data. Per documentation of API "All methods in this third party API take OAUTH authentication parameters in request header"(that's it no more details)
I decided to use Passport module of Node.JS to achieve this(http://passportjs.org/guide/oauth/).
My Problem is I am unable to understand how to proceed with this. Let say we have an API method "http://api.travel/getAllLocation" which returns all locations where user can travel.
Can someone pls help here by providing example how to use NodeJS, Passport to get required data from webservice .
[Update]
Have found this answer which is trying to achieve the same thing. But how to achieve the same using Passport
How to send the OAuth request in Node
It sounds to me as if you're trying to use Oauth to access someone else's API correct? If that's the case, you need to interact with the API by doing this:
Requesting an Oauth token given an API key.
Putting that token into your HTTP Authorization header so that the third-party API can identify and authenticate you.
The way you can request an API token (typically) via the command line using cURL is as follows:
$ curl -v --user api_key_id:api_key_secret -X POST https://api.something.com/v1/auth?grant_type=client_credentials
This will typically return some sort of token (hopefully a JSON web token!) that you can then use to identify yourself. Here's an example cURL request that properly specifies a token:
$ curl -v -H "Authorization: Bearer tokenhere" https://api.something.com/v1/blah
Using Node, you can craft these HTTP requests with the https://github.com/request/request library. Again, if you link us to the exact docs, I can help ya further =)

Does passport.js support 'Client Credentials Flow'?

I am creating a node.js webapp to access GettyImages API using 'Client Credentials Flow'
Does passport.js support it? if yes, how can I implement that?
passport is typically used to authenticate users on your web site. If your (web) app is calling an external API (e.g. gettyimages), and it is authenticating itself to such external system, then you probably don't need it (and won't need any framework either). The client credential flow is a simple POST:
This is taken from their docs:
POST https://api.gettyimages.com/oauth2/token HTTP/1.1
Host: api.gettyimages.com
Content-Type: application/x-www-form-urlencoded
client_id=abc123&client_secret=yoursecret&grant_type=client_credentials
Full docs here
The previous answer by #eugenio-pace is 6 years old, and since then a bunch of things have changed.
Regarding access to GettyImages API with client credentials you can either:
Still make a direct API call. This example (though in Python) shows how.
Use a GettyImages client SDK for your language. There are a number of them, but here in gettyimages-api_nodejs client credentials are explained for NodeJS.
Using option 2 above you can continue to work with the API client. If client credentials were obtained by a REST call you can use PassportJS with the passport-oauth2 to build your access logic.
PassportJS comes with many Strategies nowadays and it is worth checking first to see if other alternatives are a better choice for you.
Cool thing is that if you want to build a full OAuth2 provider solution then PassportJS can facilitate you too. Client credentials in that case are provided through the passport-oauth2-client-password strategy (based on oauth2orize) and is demonstrated in this example.
Another popular package to implement an OAuth server besides oauth2orize is oauth2-server.

Resources