JHipster authentication using Postman and JWT

Question

I'd been using the Postman in-tab extension to tests calls to call JHipster resource API's and found that it worked great (JHipster setup to use OAuth2). I authenticated using the JHipster login page, then opened up a new tab with the Postman extension.

I just switched my JHipster application to use JWT and this method of using Postman no longer works, I get permission denied when calling the API. Moreover, the in-tab extension for Postman is being deprecated in favor of the stand-alone app.

Question: Is there any documentation on setting up Postman for authenticating against JHipster/JWT?

Answer 1

1. Make a POST request to /api/authenticate with the following body: {"password":"admin","username":"admin"}. You will receive the following response: {"id_token":"aabbccddeeff"}
2. Make your subsequent requests using the value of the token received in the previous call and put in into an Authorization: Bearer aabbccddeeff
3. You can check the status of the authentication, making a GET request to /api/authenticate endpoint

Answer 2

It is possible to use Postman with a JWT JHipster app.

1. First, authenticate with the JHipster app
2. Inspect any API request for the Authorization header. The JWT token is the value to the right of "Bearer ". You can also find this token in the browser's localStorage under the key jhi-authenticationToken.

3. Edit the headers in Postman and add the Authorization header. The value should look like the following:

   Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJydRkZWxsIiwiYXV0aCI6IlJPTEVfQURNSU4sUk9MRV9U0VSIiwiZXhwIjoxNDgzOTg1MDkzfQ.1A13sBvr3KDWxJQpKDKOS33KAVjWIb3mS_qfxLBOCq_LbMwNHnysAai0SNXXgudMOulAnXYN9_Mzlcv1_zctA