Hi Daniel You can use the JWT token in the README of. Sorry, if it is not clearly documented, this will be improved upon further as I make more changes. https://github.com/girishvasmatkar/ofbiz-plugins/tree/trunk/ofbiz-rest-impl
I need to implement an API endpoint that eventually generates a JWT token that can be issued to the client to make subsequent API calls. Until then, please use the once mentioned in the README examples. That JWT has userId claim value as admin assuming admin would have got himself authenticated and a JWT was issued to him. I will soon add an API endpoint to issue JWTs and will update README accordingly. I hope that answers your question. Best Regards, Girish On Sun, Aug 2, 2020 at 3:21 PM Daniel Watford <d...@foomoo.co.uk> wrote: > Hi Girish, > > I wanted to try out some REST calls using Swagger-ui ( > https://localhost:8443/docs/swagger-ui.html) but don't know how to > authenticate to get a JWT. > > Apologies if I missed the instructions elsewhere but please could you > advise on how to authenticate against the REST api? > > Thanks, > > Dan. > > On Fri, 31 Jul 2020 at 09:34, Girish Vasmatkar < > girish.vasmat...@hotwaxsystems.com> wrote: > > > Greetings! > > > > I have created a PR to add a REST component - > > https://github.com/apache/ofbiz-plugins/pull/35 . Please take a look > > and let me know what you think and let me know if you face any issues. I > > intend to merge it in a week from now. > > > > With the PR (https://github.com/apache/ofbiz-framework/pull/214) to add > > "action" attribute to the service definition now merged, this above > > component should be able to expose exportable (export=true) and > > actionable(action=GET|POST) services via REST. > > > > Once the changes for nested attributes (OFBIZ-11902 > > <https://issues.apache.org/jira/browse/OFBIZ-11902>) are done, I will > also > > be making corresponding changes in the GraphQL plugin to account for > nested > > attributes. OFBIZ-11902 > > <https://issues.apache.org/jira/browse/OFBIZ-11902> will > > help in defining complex GraphQL mutations. > > > > I am parallelly also working on designing an XML DSL for REST that should > > allow tying up REST resources with OFBiz services. > > > > Best, > > Girish > > > > > > > > On Thu, Jul 9, 2020 at 6:27 PM Shi Jinghai <huaru...@hotmail.com> wrote: > > > > > Hi Girish, > > > > > > Yes, you got it. > > > > > > Web browser will popup a login dialog when response code is 401: > > > setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication > > > required\""); > > > > > > The popup is skipped and then react/vue/angular can handle the > response: > > > setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication > > > required\""); > > > > > > > > > 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com> > > > 发送时间: 2020年7月9日 14:54 > > > 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org> > > > 主题: Re: REST implementation > > > > > > Hi Shi > > > > > > Thanks for taking a look at it. I have a question on "WWW-Authenticate" > > > header so please clarify and I can make appropriate changes > accordingly - > > > > > > All I am finding is that to prevent the pop-up, either return 403 > (which > > I > > > do not want to do) or not include "WWW-Authenticate" header at all (not > > > inclined to do this as well because then we would be violating the > spec). > > > Do you mean to NOT start the value of the header with "Bearer" ? > > > so instead of below > > > > > > *WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > should we change it to > > > > > > *WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"* > > > > > > I did not test it, but I can just change it like this without testing > if > > > you can please confirm it will prevent the browser dialog. > > > > > > Thanks again for the review. > > > > > > Best, > > > Girish > > > > > > On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <huaru...@hotmail.com> > wrote: > > > > > > > Hi Girish, > > > > > > > > Excellent. > > > > > > > > Only one suggestion from my quick view, when response code is 401, > the > > > > "WWW-Authenticate" header should be set to start with a word NOT > > “Bearer > > > > …”, this can prevent web browser from popping up a login dialog. > > > > > > > > Kind Regards, > > > > > > > > Shi Jinghai > > > > > > > > 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com> > > > > 发送时间: 2020年7月8日 20:47 > > > > 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org> > > > > 主题: Re: REST implementation > > > > > > > > Hi Folks > > > > > > > > I have added support for OpenApi Integration. The updated code can be > > > found > > > > here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go > > > > through the changes and test at your end and let me know your > thoughts. > > > > > > > > I am planning to do some refactoring and then raise initial PR for > the > > > > plug-in if the changes look good to everyone. > > > > > > > > Best, > > > > Girish > > > > > > > > > > > > On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer < > > > > cars...@dcs-verkaufssysteme.de> wrote: > > > > > > > > > Hi Girish, > > > > > > > > > > Thanks to clarify :) > > > > > What caught me on the OpenAPI integration is the snippet quoted > below > > > and > > > > > I realize I should have read it in context. Actually then it is > > aligned > > > > > with my view. > > > > > > > > > > Warm regards > > > > > > > > > > Carsten > > > > > > > > > > >>>>> Initial implementation does not contain OpenApi integration > > yet. > > > > And > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Daniel Watford >
