Support Intellij env file configuration for Oauth2 with redirection

AnWeber / vscode-httpyac

Quickly and easily send REST, Soap, GraphQL, GRPC, MQTT and WebSocket requests directly within Visual Studio Code

https://marketplace.visualstudio.com/items?itemName=anweber.vscode-httpyac

MIT License

245 stars 23 forks source link

Support Intellij env file configuration for Oauth2 with redirection #309

Open Laurent-PRP opened 4 months ago

Laurent-PRP commented 4 months ago

Hello,

After the issue #275, it seems that the Oauth2 with redirection does not work.

Firstly the provided Token URL appears to be ignored and http://localhost:3000 is always used instead

Secondly I still have an error $auth is not defined after the successful authentication.

My http-client.env.json :

{
    "XXXXX": {
        "Security": {
          "Auth": {
            "XXXXX": {
              "Type": "OAuth2",
              "Grant Type": "Authorization Code",
              "Client ID": "XXXXX",
              "Client Secret": "XXXXX",
              "Scope": "XXXXX",
              "Token URL": "XXXXX",
              "Auth URL": "XXXXX",
              "Redirect URL": "XXXXX"
            }
          }
        },
        "BaseUrl": "XXXXX"
    }
}

My QueryTest.http :

GET {{BaseUrl}}/XXXXX
Authorization: Bearer {{$auth.token("XXXXX")}}

AnWeber commented 2 months ago

@Laurent-PRP Unfortunately, I cannot support Redirect URL. I deviate here from the way in which Postman and Intellij Http Client determine the token. Both basically perform a Man In The Middle attack by controlling the browser that performs the requests. This allows you to intercept the redirect and the actual URL is irrelevant. I have deliberately not chosen this approach, as it would also allow me to intercept the password, which I don't want to be able to do. That is why the redirect URL is important for me, as I receive the parameters via this.

Secondly I still have an error $auth is not defined after the successful authentication.

I have added logging to a few central places, which may help to find the problem.

Laurent-PRP commented 2 months ago

@AnWeber ok I understand, thanks for you help. In my situation the remote server is only allowing specific redirect URI, but I'll manage.

But for educational purpose could you explain to me how do you handle the redirect URL ? Do you temporary listen to the 3000 port to receive the answer ? If so what happen in the 3000 port is already in use ?

Thanks for the extra logging, I'll look into it.

AnWeber commented 2 months ago

I start a small http Server on the Port, which will shutdown after Access Token is received. If Port is not available, an error will be thrown. You can configure the Port which will be used

haringsrob commented 1 month ago

I am also getting the $auth is not set error when running any http request.

AnWeber commented 1 month ago

@haringsrob

I am also getting the $auth is not set error when running any http request

It would be interesting to see how the $auth variable is used. I am trying to recognize this using regex, but this seems to fail.