Open cloudlena opened 9 years ago
:+1: This is a great question. I'd also like to know the answer.
@mastertinner
Try making a POST
request to /auth/local
. Set the data type to x-www-form-urlencoded
. POST
the user name and password. The response should include the token.
Next, try making a GET
request to /api/users/me
(or your protected route), by adding the Authorization header with the value Bearer <token>
, where <token>
is the value from the first request.
That is maybe working for me, but I'd like somebody else to validate it.
Here's a Postman collection that you can import and try. Don't forget to update the token (marked INSERT_TOKEN_HERE
).
@dustinboston making the POST
request with Content-type set to x-www-form-urlencoded
does succeed.
But where does the <token>
come from?
I am having the same issue. Is there anything else that can be tried? When I try to get the token, I simply get a full HTML of my login page.
When I POST
the user name and password using passport, it sets up a session which uses cookies. If you use postman to test, you can see the cookie by installing a separate add-on called the Interceptor. This allows you to see the cookie. Some postman docs indicate you can 'manage cookies' from postman, but I just go to my chrome and go to chrome://settings/cookies
. If I remove the cookie I can see in the postman, my next request to my server will report that I am no longer logged in.
Here is some example according to @dustinboston's awesome answer. (Based on this example app)
First you login with POST
request:
Once login is succeeded, you will get _id
as token
Then you can do whatever with the token
:
Hi all
I've tried to test a route protected with passport-local using Postman. Hitting the route from my browser when logged in I get a 200 but when I try the same with postman using the Basic Auth helper or inputting my credentials (email and password) using the header fields or body I always get a 401. Can you tell me how I have to send my credentials to passport-local from Postman so that I get a 200?
Many thanks, Toby