0Auth 2 session cookie extraction and redirect issues

[PatrickMunsey]

Description

I'm trying to sign into my api using thunder client however I'm unable to do so through the extension and need to manually copy session cookie details from browser devtools into the request header. I am able to login to my application normally through the browser. Is there an existing method to authenticate Thunder Client this may?

• I'm using nestjs with passportjs (google strategy) and sessions for auth
  • I've tried changing the passport redirect url to the following and whitelisting them in google cloud console
  • https://www.thunderclient.com/oauth/callback
  • http://localhost:6789/callback
  • I'm now able to login to google when clicking the "generate token" button in thunder client. After logging into google sucessfully then being redirect back to either of the two above urls, A white screen with a success message is shown however A poppup appears in vscode

When using Got in Thunder client settings

When using Axios in Thunder client settings

What does work

• Click sign in button on my front end login page and go to /api/auth/google-login
• Get redirected to sign into google
• Once signed in, I get redirected to my login redirect url '/api/auth/google-redirect' which in turn redirects to applicaiton home page
• Open dev tools and look for connect.sid under Application>cookies
• Create new request in thunder client and add a header "Cookie" with value "connect.sid="

I'm able to login to my applicaiton and manually setup the auth in Thunder client but I'm wondering if there's a quicker way to generate the auth settings in thunder client like the "Generate Token" from and redirect without having to keep on opening and copying details from browser devtools.

Platform:

• OS: Windows 10, vscode running in WSL2 Kali remote
• vscode version: 1.71.2
• extension version: 1.19.1

[rangav]

@PatrickMunsey thanks for reporting the issue.

can you share your oauth tab screenshot with masking any sensitive data

[PatrickMunsey]

[rangav]

You need to enter token url field value

[rangav]

Is your issue resolved?

[PatrickMunsey]

Hi @rangav,

I still haven't been able to figure this out. To clarify, I'm using cookie sessions and passportjs google strategy to authenticate, not JWTs, so i'm not sure how token url applies to this or what the value should be in my case.

I'm still able to manually copy the session id from my browser into the Cookie field in the header so the issue isn't urgent but it would be nice to at some point to figure out a way to login to my api through the extension.

[rangav]

See below links https://stackoverflow.com/a/53529534

https://infinitecoder.github.io/posts/2017-12-22-how-to-authorize-using-oauth-2-0-in-postman/

[PatrickMunsey]

It works!!!

Thank you so much for helping me through that.

My confusion came from the 'token_url' not being displayed in the google cloud console dashboard under the 0Auth client credentials tab.

I had to download the full json for the client ID in order to see the field. It turned out being https://oauth2.googleapis.com/token in my case which appears to be a general url for anyone attempting this in the future for google auth.

[typytypytypy]

This issue was really helpful for me in debugging my setup. I wanted to add that I am using an SSH connection in VSCode and to get the token generation to work I had to run a separate instance locally.