0

I'm trying to authenticate to comodo's platform (partner portal) via their API using their documentation. as my understanding goes I need to authenticate with a user/pass in order to get a bearer token so that I can user their API endpoints the problem is, although I can get authenticated and get the bearer token via postman or their swagger-ui page or even their web partner portal, I can't get a simple Google apps script to do the same via their API.

comodo's doc shows this curl command

curl -k -X POST https://partner.cwatch.comodo.com/login -H 'Cache-Control: no-cache' -H 'Content-Type: application/json' -d '{"username":"myuser","password":"mypass" }'

Here's the JavaScript code I got from Postman when I imported the curl command above (which worked fine):

var myHeaders = new Headers();
myHeaders.append("Cache-Control", "no-cache");
myHeaders.append("Content-Type", "application/json");

var raw = JSON.stringify({
  "username": "myuser",
  "password": "mypass"
});

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://partner.cwatch.comodo.com/login", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

which I, sort of, translated to Google app script as follows:

function getAuthorizationBearerToken() {
  var url = "https://partner.cwatch.comodo.com/login"
  
  var myHeaders = {
    'Cache-Control': 'no-cache',
    'Content-Type': 'application/json'
  };

  var raw = JSON.stringify({
    "username": "myuser",
    "password": "mypass"
  });

  var requestOptions = {
    method: 'POST',
    headers: myHeaders,
    body: raw,
    redirect: 'follow',
    muteHttpExceptions: true
  };

  var response = UrlFetchApp.fetch(url, requestOptions)
    Logger.log(response.getContentText())
}

The problem is that in my Google app script the response I get is:

{"path":"/login","code":{"code":"E13000","message":"Fail Message: {1}"},"message":"Fail Message: Invalid login parameters! Please provide a valid username (or email) and password.","error":"Unauthorized","timestamp":1691083985106,"status":401}

On their page the E13000 code refers to 'JWT Login Filter', which I have no clue what that is. My guess is that somehow the user/pass I'm sending through my script is not being sent in a proper manner to the point that it can be seen as valid for authentication by comodo.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Francisco Cortes
  • 1,121
  • 10
  • 19

1 Answers1

0

I think I figure it out postman has other key-value pairs added to the request send which apparently make the difference, one in particular is content-lenght which postman appears to generate for me without having to enter it or calculate it, I found this by deactivating the automatically generated headers setup by postman and trying out what makes it work

to resolve I calculate content-lenght by stringify the body (payload) and taking the lenght of it, I also change the contentlenght key name as well as the body key name, as suggested on the sources checked as noted further below

my updated code that seems to work has the following and updated lines

var body = JSON.stringify({"username":"myuser","password":"mypass"});

  var myHeaders = {
    'Cache-Control': 'no-cache',
    'Content-Type': 'application/json',
    'contentLength': body.length, //this key name was updated from Content-Lenght to 'contentLength'
    'Accept': 'application/json' //this was added as well.
  };

  var requestOptions = {
    method: 'POST',
    headers: myHeaders,
    payload: body, //this was changed from 'body' to 'payload'
    redirect: 'follow',
    muteHttpExceptions: true
  };

hope this helps someone

sources consulted: how to calculate content lenght

use contentLenght instead of Content-Lenght

Changing the name of the option "body" to "payload"

Francisco Cortes
  • 1,121
  • 10
  • 19