1

I've been able to successfully get a JWT token from my spring application using postman, but I'm not able to do so with axios. With axios I'm receiving a 401.

My code is as follows:

axios.post("http://localhost:5000/oauth/token",{
          client_id: 'myClient',
          client_secret: 'superSecretKey',
          scope: 'write',
          grant_type: 'password',
          username: 'myUser',
          password: 'myPassword'
        })

I'm putting the following values in Postman:

Token Name: My Token
Grant Type: Password Credentials
Access Token URL: http://localhost:5000/oauth/token
Username: myUser
Password: myPassword
Client ID: myClient
Client Secret: superSecretKey
Scope: write
Client Authentication: Send as Basic Auth header

Because of that last bit, I have also tried: 

axios.post("http://localhost:5000/oauth/token",{
          client_id: 'myClient',
          client_secret: 'superSecretKey',
          scope: 'write',
          grant_type: 'password',
          auth: {
              username: 'myUser',
              password: 'myPassword'
          }
        })

The log in Postman shows me this:

Request Headers:
undefined:undefined
Request Body:
grant_type:"password"
username:"myUser"
password:"myPassword"
scope:"write"

However, not using client_id and client_secret in my request from axios still results in a 401. Also, I get a 401 if I attempt to retrieve the token without client and secret.

Another update: I installed a plugin in Intellij to show me requests as they come in.

For starters, Postman shows method of POST, while my Axios request shows a method of OPTIONS, despite that I'm clearly using axios.post.

Postman - Request Headers:

Authorization: Basic SomeEncodedLookingStringThatsNotMySecret
content-length: 64
Accept: */*
User-Agent: PostmanRuntime/7.6.0
Connection: keep-alive
Host: localhost:5000
accept-encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded

Postman - Request Content:

grant_type=password&username=akroft&password=slivers&scope=write

Axios - Request Headers:

Origin: http://localhost:8080
Accept: */*
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 
Safari/537.36
Referer: http://localhost:8080/login
Host: localhost:5000
Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Accept-Language: en-US,en;q=0.9
Content-Length: 0

Axios - Request Content: [empty]

drew kroft
  • 910
  • 1
  • 14
  • 28
  • 1
    Compare request body differences between Postman and axios. We can't see them because you haven't posted any. – Mjh Apr 15 '19 at 12:44
  • So, from the Postman console, the request appears to only include: scope: 'write', grant_type: 'password', username: 'myUser', password: 'myPassword', but if I exclude the client id and client secret, that request from Postman won't work. Is there a better way for me to see that exact request from Postman? – drew kroft Apr 15 '19 at 13:11
  • Part of my frustration with this is, I don't seem to be able to see the full request as postman is sending it. I'm not able to see the request in the network tab of one of the dev tools, and the postman console appears incomplete to me. It would undoubtedly be very useful if I could see the request exactly as postman is sending it out. – drew kroft Apr 15 '19 at 21:38
  • `axios.post()` defaults to sending an `application/json` formatted request body but it looks like your server is expecting `application/x-www-form-urlencoded` given that's what Postman is sending and it works. – Phil Apr 16 '19 at 00:00
  • The `OPTIONS` request is a cross-origin [pre-flight request](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests). You would need to enable CORS support in your Spring Boot app. – Phil Apr 16 '19 at 00:02
  • 1
    Those two other questions were able to address my issues, thank you. – drew kroft Apr 16 '19 at 00:41

0 Answers0