It's all about the answers!

Ask a question

Nodejs Authentication to access REST APIs


Leonardo Schuler (113) | asked Oct 26 '18, 1:27 p.m.
edited Oct 26 '18, 1:29 p.m.
I am working on a node js automation to retrieve data from RTC, thru OSLC API or report API.

right now I am having trouble authenticating. my server uses a form base authentication, I have created a simple code to test that, based on what I could gather from the documentation and forum. the code and the credential seems ok, but I am keeping getting the authentication fail header message
 'x-com-ibm-team-repository-web-auth-msg': 'authfailed', I am posting the code here to see if someone can help me:



var request = require('request');

var cookies = request.jar();
var SERVER_BASE_URL = "-----------------------"; //removed PI
var USERNAME = "-----------------";  //removed PI
var PASSWORD = "----------------";  //removed PI


BaseRequest = request.defaults({
    headers: {
        //'Accept': 'application/rdf+xml',  // reliably available RDF representation
        //'OSLC-Core-Version': '2.0'
        "X-Requested-With":"XMLHttpRequest"
    },
    strictSSL: false,         // could not make it work with stricSSL
    jar: cookies,                // use the cookie jar to save cookies
    followAllRedirects: true  // for FORM based authentication
})

var LoginOptions = {
  url: SERVER_BASE_URL +'/authenticated/j_security_check',
  method:"POST",
  formData:{"j_username": USERNAME, "j_password": PASSWORD},
  resolveWithFullResponse: true ,
  headers:{
      "X-Requested-With":"XMLHttpRequest",
      'OSLC-Core-Version': '2.0',
      "Cache-Control":"no-cache,no-store,must-revalidate",
      "Pragma":"no-cache",
      "Expires":"-1"
    }
};

// setRequestHeader("X-jazz-downstream-auth-client-level","4.0"); 

    BaseRequest({
        url:SERVER_BASE_URL + "/authenticated/identity",
        method:"POST"
        }, function( err1, iResp, body1 ) {


            console.log(iResp.headers);
            console.log("indetity body:");
            console.log(body1)

            BaseRequest( LoginOptions , function ( error, response, body ) {
                if( error ) {
                    console.log("error")    
                } else {
                    console.log("sucess Login request");
                    console.log(response.headers);
                    //console.log("body:");
                    //console.log(body);
                }




                var myOptions = {
                        method:"GET",                       
                        url:SERVER_BASE_URL + "/authenticated/identity",
                }

                BaseRequest(myOptions ,  function(err2, resp2, body2) {
                    if( err2 ) {
                        console.log("Error 2");
                        console.log(err2)
                    } else {
                        console.log("sucess2");
                        console.log(resp2.headers);
                        console.log(body2);
                    }



                });
            });
        });



here is the log information:

{ 'x-powered-by': 'Servlet/3.1',
'content-type': 'text/json; charset=utf-8',
'content-language': 'en-US',
'set-cookie':
[ 'X-com-ibm-team-foundation-auth-loop-avoidance=false; Secure; HttpOnly' ],
'transfer-encoding': 'chunked',
connection: 'Close',
date: 'Fri, 26 Oct 2018 17:14:47 GMT',
expires: 'Thu, 01 Dec 1994 16:00:00 GMT',
'cache-control': 'no-cache="set-cookie, set-cookie2"' }
indetity body:
{
"userId": null,
"roles": [
]
}

sucess Login request
{ 'x-powered-by': 'Servlet/3.1',
'x-com-ibm-team-repository-web-auth-msg': 'authfailed',
'content-type': 'text/html; charset=UTF-8',
'content-language': 'en-US',
'transfer-encoding': 'chunked',
connection: 'Close',
date: 'Fri, 26 Oct 2018 17:14:49 GMT' }
sucess2
{
"userId": null,
"roles": [
]
}
 

One answer



permanent link
Leonardo Schuler (113) | answered Oct 30 '18, 8:59 a.m.
I was able to make the code work, the problem was in the form login submission, I will post the working code here, nothing fancy, just a place to start, I will probably create a module for this and share when it is done:



var request = require('request');

var cookies = request.jar();
var SERVER_BASE_URL = "______________________"; //SPI
var USERNAME = "_____________"; //SPI
var PASSWORD = "________"; //SPI


BaseRequest = request.defaults({
    headers: {
        "X-Requested-With":"XMLHttpRequest"
    },
    strictSSL: false,         // could not make it work with stricSSL
    jar: cookies,                // use the cookie jar to save cookies
    followAllRedirects: true  // for FORM based authentication
})

var LoginOptions = {
  url: SERVER_BASE_URL +'/authenticated/j_security_check',
  method:"POST",
  jar:cookies,

  form:{"j_username": USERNAME, "j_password": PASSWORD},
  resolveWithFullResponse: true ,
  headers:{
      'Content-Type' : 'application/x-www-form-urlencoded' ,
      'OSLC-Core-Version': '2.0',     
    }
};


    BaseRequest({
        url:SERVER_BASE_URL + "/authenticated/identity",
        method:"GET",
        jar:cookies,
        }, function( err1, iResp, body1 ) {


            console.log(iResp.headers);
            console.log("identity body:");
            console.log(iResp.body);


                BaseRequest( LoginOptions , function ( error, response, body ) {
                    if( error ) {
                        console.log("error")    
                    } else {
                        console.log("sucess Login request");
                        console.log(response.headers);
                    }




                    var myOptions = {
                            method:"GET",
                            jar:cookies,
                            url:SERVER_BASE_URL + "/authenticated/identity",
                    }

                    BaseRequest(myOptions ,  function(err2, resp2, body2) {
                        if( err2 ) {
                            console.log("Error 2");
                            console.log(err2)
                        } else {
                            console.log("sucess2");
                            console.log(resp2.headers);
                            console.log(body2);
                        }



                    });
                });

        });




Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.