I have started the Gateway and tried to interact through some HTTP requests sent from VScode thanks to REST Client extension.
What happens is that I successfully perform the login and get the jwt object. But then, even though in the request I specified to keep-alive the session, if I try to get something I result as unauthorized.
Some example for the sake of clarity:
-
Request:
POST http://localhost:8080/login Connection: keep-alive Content-type: application/json { "email" : "don@joe.com", "password" : "foobar" }
-
Response:
HTTP/1.1 200 OK X-Powered-By: Express Content-Security-Policy: frame-ancestors 'none' Vary: Accept, Accept-Encoding Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Surrogate-Control: no-store Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Pragma: no-cache Expires: 0 X-RateLimit-Limit: 10 X-RateLimit-Remaining: 9 Date: Mon, 28 Nov 2022 23:15:46 GMT X-RateLimit-Reset: 1669678005 Content-Type: application/json; charset=utf-8 Content-Length: 268 ETag: W/"10c-PhHtPdzblZfpxMeWzPwFM1y8LMg" Connection: keep-alive { "jwt" : "eyJcCI6IkpXVCIsImtpZCINGNkYi1iMjU2LTBlaefjifijrsnz.eyJyb2xlIjoidXNlcl90b2tlbiIsImlhdCI6MTY2OTY3NzM0NiwiaXNzIjoiTm90IHNldC4ifQ.bBsjWzmL7-Wgv7mIMdcLJ9MrS2pBasdaiefofimskdmk6q4JYAmrPsFQOFzL0nL_qtSIfsWLw" }
-
Requests:
GET http://localhost:8080/things/virtual-things-7/properties/on Accept: application/json Authorization: { "jwt" : "eyJcCI6IkpXVCIsImtpZCINGNkYi1iMjU2LTBlaefjifijrsnz.eyJyb2xlIjoidXNlcl90b2tlbiIsImlhdCI6MTY2OTY3NzM0NiwiaXNzIjoiTm90IHNldC4ifQ.bBsjWzmL7-Wgv7mIMdcLJ9MrS2pBasdaiefofimskdmk6q4JYAmrPsFQOFzL0nL_qtSIfsWLw" } ### GET http://localhost:8080/things/virtual-things-7/properties/on Accept: application/json ### GET http://localhost:8080/things/virtual-things-7/properties/on Content-type: application/json
-
Response:
HTTP/1.1 401 Unauthorized X-Powered-By: Express Content-Security-Policy: frame-ancestors 'none' Vary: Accept Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Surrogate-Control: no-store Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate Pragma: no-cache Expires: 0 Date: Mon, 28 Nov 2022 23:22:50 GMT Connection: close Transfer-Encoding: chunked
What am I doing wrong? Suggestions? Better ways to perform these tests?