search

launchiamenterprise / keyrunner

KeyRunner: A secure, codeless VS Code extension for API testing & Designing. Features include data encryption at rest, sensitive data masking, and the innovative Playground for chaining API requests without coding
https://keyrunner.app
MIT License
15 stars 1 forks source link

Unable to inherit parent authorization with environment variables #27

Closed Mayo-API-Management closed 4 months ago

Mayo-API-Management commented 4 months ago

Issue was encountered under version 1.0.52. We are setting up a POST API call that relies on Bearer authorization, with the token value provided by an environment variable. This works fine when specified on the Authorization tab of the API.

However, if the API is set for authorization to inherit from parent, and the parent sets the Authorization to be type Bearer with value provided by the environment variable, the API receives a '401 unauthorized' error.

launchiamenterprise commented 4 months ago

@Mayo-API-Management Issues has been identified and fixed. Please update to v1.0.53 .

frank-duq commented 1 month ago

hi @launchiamenterprise, I'm currently using v 1.0.67, and it seems like I'm having the exact same behaviour described by current issue, shall we re-open it?

This issue becomes quite important when you have dozens of requests in your collections..

Here's my flow, which you'll see is quite similar (pretty much the same) as described here:

First of all, my collection is a folder, which contains sub-folders, each sub-folder containing 1 or more requests regrouped together by theme.

1- The first post request in my collection (sits in its own auth sub-folder of that overall grand-father collection folder) is used to get a beater token from auth0.com (post request to /auth/token) 2- In the "post-script" of the above request, I save the received auth0 token as a keyrunner env variable. 3- In the main "grand-father" collection folder, I set the authorization to use bearer token, and the value is taken from the saved env var from step 2- above. 4- After that, ALL my subsequent requests under the same grand-father collection - BUT, under their own child/sub-folders - use as their authorization "Inherit from parent". 5- All those requests currently fail with 401; they are not seeing/using the "grand-father" folder's authorization.

Could my situation be different in that, the requests only check for their immediate folder, and not their grand-father one perhaps?

If so, I can create a new feature request ticket for this maybe? That is definitely a great to have for my use cases, perhaps for others as well?

thanks

frank-duq commented 1 month ago

UPDATE: I was wrong about my previous comment, please ignore it, after some more thorough testing, it seems to be working just fine, sorry about the false alert.