I just want to access ALM via local written javascript in the browser (IE11, Firefox, Chrome) via the REST API but I can not login.
I tried to use the code shown in How to access HP ALM using REST and local javascript? , but there is always the same Error: OPTIONS https://alm.....net/qcbin/authentication-point/authenticate 401 (An Authentication object was not found in the SecurityContext)
Maybe the problem is, that I don't know how to
submit my credentials via XML
as mentioned in the link. Could you please help me?
Me Code is:
function signinTest() {var auth = btoa(name + ":" + password);
$.ajax({
type: "POST",
url: 'https://alm.....net/qcbin/authentication-point/authenticate',
headers: {
"Authorization": "Basic " + auth
},
xhrFields: {
withCredentials: true
},
success: function (data) {
console.log("succes " + data);
},
error: function (data) {
console.log("error ");
console.log(data);
}
});
}
Seems like you have mixed
/authentication-point/alm-authenticate
and
/authentication-point/authenticate
REST resources.
If you want to log in using credentials in XML you need to use alm-authenticate resource (see alm-authenticate doc).
For authenticate you need to send user information in headers and use GET method (see Authenticate doc).
Use data and contentType to send XML via Ajax in the POST.
For example:
function signinTest() {var auth = btoa(name + ":" + password);
$.ajax({
url: 'https://alm.....net/qcbin/authentication-point/alm-authenticate',
data: "<alm-authentication><user>USERNAME</user><password>PASSWORD</password></alm-authentication>",
type: "POST",
contentType: "text/xml",
...
Related
as a beginner, I have some problems in using Ajax (with Discogs API) .. to get a discogs request token, discogs is saying
Include the following headers with your request:
Content-Type: application/x-www-form-urlencoded
Authorization:
OAuth oauth_consumer_key="your_consumer_key",
oauth_nonce="random_string_or_timestamp",
oauth_signature="your_consumer_secret&",
oauth_signature_method="PLAINTEXT",
oauth_timestamp="current_timestamp",
oauth_callback="your_callback"
User-Agent: some_user_agent
https://www.discogs.com/developers#page:authentication,header:authentication-discogs-auth-flow
but, how to write this header?
below is my trying code, but I know this is not proper.
$.ajax({
type: "GET",
url: "https://api.discogs.com/oauth/request_token",
dataType: 'jsonp',
headers: {
ContentType: "application/x-www-form-urlencoded",
Authorization: OAuth oauth_consumer_key="your_consumer_key",
oauth_nonce="random_string_or_timestamp",
oauth_signature="your_consumer_secret&",
oauth_signature_method="PLAINTEXT",
oauth_timestamp="current_timestamp",
oauth_callback="your_callback",
UserAgent: some_user_agent,
}
success: function (data) {
console.log(data);
document.getElementById("content").innerHTML += "<br>" + `${data}`;
},
error: function (error) {
console.log(error);
}
});
You said:
dataType: 'jsonp',
It isn't possible to specify headers for JSONP requests.
The API can't be using JSONP. Set the dataType to the format they are using.
The documentation says:
When you create a new application, you’ll be granted a Consumer Key and Consumer Secret, which you can plug into your application and start making authenticated requests. It’s important that you don’t disclose the Consumer Secret to anyone.
Putting those in your client-side code will disclose them to all your visitors.
The request to that end point should be made from server-side code.
I've been trying to get an XML response from a Dynatrace server using REST api. I have no trouble getting an XML response when I put the url through Postman, and I am able to receive a 'text' datatype response from ajax, but not an 'xml' response. I plan to parse this data into json for future use.
The code I am using so far is:
function getXML() {
basicAuth = "Basic " + id + ":" + password;
$.ajaxSetup({
async: false
});
$.ajax({
type: 'GET',
url: dynUrl, //this is the function we defined above
dataType: 'xml',
headers: {
'Authorization': basicAuth //this is for basic authentication, you've already provided UID and PWD above.
},
//when we succeed, the function below will be called.
success: function(respt)
{
data = respt;
}
});
}
This is called in the following function.
function XMLRespond()
{
getXML();
//dom = parseXml(data);
//json = xmlToJson(dom);
return data;
}
data is called and displayed by an html hosted on localhost. However, when I run this, I get a blank screen and the console says "Permission Denied". My debugger gives me:
Failed to open http://localhost:8080/api/Test.html
Any help on this issue would be greatly appreciated!
Solved the issue. Turns out IE (and I suspect other Browsers) can't straight up display data. Converting data to a string bypassed this problem.
I am trying to do a simple JWT Authentication using only JQuery. I have already tested the backend with postman and everything seems to work in there.
Here's how my frontend code looks like
$("#send").click(function(){
var name = $('#name').val();
var password = $('#password').val();
var token = ''
$.ajax({
type: 'POST',
url: '/authenticate',
data: { name: name , password: password },
success: function(resultData){
var token = resultData.token;
// console.log(token);
$.ajax({
type: 'GET',
url: '/memberinfo',
headers: {"Authorization": token},
success: function(data){
$(location).attr('href', '/memberinfo')
}
});
}
});
});
so when I get redirected to the memberinfo page it shows me I am unauthorised. Not quite sure if I am doing the Ajax calls properly. Would be really helpful if some one could direct me the right way. Thanks
For simple use case just retrieve a token in the login request response and save it to the localStorage or sessionStorage. Then use the token from the localStorage inside every request header.
Please, have a look at an example code here.
https://github.com/chaofz/jquery-jwt-auth
On the other hand that is not secure to store a token in these storages as it is not protected from XSS attacks.
You better store token in cookies and check your cookies policies to prevent CSRF attack.
Please read more here
i may be wrong, but a quick look of your code it might be because you set the api call for GET request and your client page the same url /memberinfo. your test result using Postman is working and also you are properly redirected to the /memberinfo upon success validation, however, since you are redirected to the same /memberinfo url and your browser didn't send headers: {"Authorization": token} you received unauthorised result.
try to make the api call url different with the client member page.
You need to add word "Bearer":
headers: {"Authorization": "Bearer " + token}, // note the space after Bearer
so far as I can tell my issue is that my GET request is not authorised. But my attempts to add authorisation in headers or as values in the URL (api key, username, password) are not being successful.
eg.
$.ajax({
type: 'get',
async: false,
beforeSend: function(xhr){
xhr.setRequestHeader('Authorization', 'Basic encodedusername:passwordhere');
},
url: "https://api.pingdom.com/api/2.0/checks",
success: function(Data) {
console.log(Data);
},
error: function(Data) {
}
});
Can anyone advise as to correct Javascript syntax for interacting with the Pingdom API? I believe I'm trying to authorize incorrectly Their documentation focuses on PHP which I'm unable to use in this situation.
https://www.pingdom.com/services/api-documentation-rest/#authentication
I don't think it's possible to use the Pingdom API from Javascript in a web browser.
You'll need to use jsonp to get your browser to allow ajax requests across sites, but according to this response it's impossible to set headers in a jsonp request.
Use CORS Anywhere.
I wanted to get a simple jQuery request working that checked the last Pingdom result for our platform. Because of CORS and the need to specify custom headers for authentication, this didn't seem possible.
I didn't want to setup a proxy server for something so simple so I found this answer and was able to use the CORS Anywhere method, which looks something like this:
// Will use the cors-anywhere proxy if jQuery supports it and crossDomain option is passed in.
$.ajaxPrefilter( function (options) {
if (options.crossDomain && jQuery.support.cors) {
var http = (window.location.protocol === 'http:' ? 'http:' : 'https:');
options.url = http + '//cors-anywhere.herokuapp.com/' + options.url;
// options.url = "http://cors.corsproxy.io/url=" + options.url;
}
});
// Use ajax requests as normal.
$.ajax({
type: 'get',
async: false,
crossDomain: true,
beforeSend: function(xhr){
xhr.setRequestHeader('Authorization', 'Basic encodedusername:passwordhere');
},
url: "https://api.pingdom.com/api/2.0/checks",
success: function(Data) {
console.log(Data);
},
error: function(Data) {
}
});
NOTE: Do not use this if you're passing or retrieving confidential information. You should use your own proxy if you're doing that. But if you're just getting public data, like we were, then this should be a nice and clean method to get around the CORS limitation.
I'm trying to write a javascript/jquery plugin to access a webDav storage with JSON-data only and am struggling to get it to work.
The webDav will be a remote storage, so I need to make a cross-domain ajax request, passing along authentication data.
I have tried various versions, but I'm always failing on the preflight authentication, while I can access the file correctly, when I enter the URL in the browser directly (and provide login credentials).
This is what I have tried:
$.ajax({
url: priv.url + '/' + priv.user + '/' +
priv.foldertree + '/' + docid,
type: "GET",
async: true,
crossdomain : true,
headers : {
Authorization: 'Basic ' + Base64.encode(
priv.user + ':' + priv.password
)
},
success: function (content) {
console.log( content );
}
});
I have also set the following without luck:
xhrFields: {withCredentials: 'true'}
contentType: 'text/plain'
or:
datatype: "jsonp"
or:
username: priv.user
password: priv.password
or:
beforeSend: function (xhr) {
xhr.setRequestHeader ('Authorization',
"Basic" + Base64.encode( priv.user + ':' + priv.password )
);
}
but all I'm gettin is a 401 authorization failed response from the remote server on my preflight options request.
Question:
I don't have access to the remote server, but since it's a remote WebDav Storage-as-a-Service, it should be possible to access the files I'm planning to store there. Can someone give me a pointer on how to correctly make a request to GET my JSON data (I will also need to post, propfind, remove, but first things first...)?
Thanks!
Figured it out. Provider settings did not allow to use webDAV/Ajax/preflight/authentication.
Switched provider (Otixo) - now it works.