abbadon420

I get postman exports from students which I use to check their work. The authorisation of those requests now often contain hardcoded jwt tokens that are invalid by the time I get to checking them and I have to change every individual request with a global variable.

I do instruct my students to use variables, but there's always a couple who just don't, but that's a whole different issue.

Right now I'm using a regex find and replace to remove the Request authorization header in the json export file (which than defaults to 'inherit from parent'). This sort of works, but isn't ideal.

Do any of you know if postman offers an easier solution for this?

The world has always been going the shit and will continue to go to shit until the end of time. It takes mountains to influence the tides of nations. You should take the responsibilities you can bear, but no more.

The added image is a screenshot of how I see gifs in connect. There's supposed to be buttons in the bottom right corner, I've been told. But I can't see them. Do I need to add them in some setting somewhere?

I know how to implement basic oauth. My problem is that if I make a simple security filter like:

` @Bean

public SecurityFilterChain configure(HttpSecurity http) throws Exception {
    http
            .authorizeHttpRequests(authorize -> authorize
                    .anyRequest().authenticated()
            )
            .oauth2Login(withDefaults());
    return http.build();
}`

Than I can adress @GetMappings in my browser and get prompted a oauth login screen and login there, but I can't adress a PostMapping or GetMapping in postman, because it doesn't redirect to a login screen (you get the html for the login screen as the ResponseBody in postman)

I can get a valid acces token from auth0 via 'https://{yourDomain}/oauth/token', but if I simply pass that jwt along as a "Bearer token" in postman, it doesn't work. It still shows me the login-screen-html in the response body.

It seems to me there's two things I can do:

• Make sure postman bypasses the login screen. I maybe don't really want to do that, since I want my backend and frontend to communicate their security through jwt. Or else I have to convince other people (from a different department) to change the way they implement frontend security, which is a pain for everyone. (If it needs to happen, it needs to happen though)
• Make sure the backend parses the jwt somehow. Maybe an extra Filter that checks the jwt's validity with the provider? I'm not sure how to tackle this.

P.s I'm not gonna handwash. That's too much

For me it's definitely the Dark Tower, but the Golden Compas was also a huge letdown.