Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API / Collection Authorization #119

Closed
7 of 8 tasks
rsb-23 opened this issue Mar 6, 2023 · 47 comments
Closed
7 of 8 tasks

API / Collection Authorization #119

rsb-23 opened this issue Mar 6, 2023 · 47 comments
Milestone

Comments

@rsb-23
Copy link

rsb-23 commented Mar 6, 2023

This issue has been closed, If you'd like an auth method to be supported, please create a new issue

Authorization

If you'd like an auth method to be supported, please create a new issue

@helloanoop
Copy link
Contributor

Hi @rsb-23

Supporting Auth is a huge priority, and I plan to have it developed and released within the next 10 days.
The api's I have mostly work on have api key based auth that is passed in the headers.

Planning to get a release out with these 2 Auths

  1. Bearer Token Auth
  2. API Key based auth (passed in headers/query params/cookies)

Is there a specific auth that you'd like us to prioritise to build ?

@rsb-23
Copy link
Author

rsb-23 commented Mar 6, 2023

These two are mostly used, hence this plan is perfect.

@faolitarna
Copy link

Is OAuth 2.0 support planned? That's the only thing missing that stops us to move to Bruno.

@muser1492
Copy link

Will OAuth 1.0a and Basic Authorization be supported?

@helloanoop
Copy link
Contributor

Auth is a key feature that is remaining to be implemented. I will be spending some time this week to get this completed.

@markwimpory
Copy link

Im sure many many people are looking for a Postman alternative right now. Bruno looks great to us we just need that auth stuff in particular oauth2 but im sure everyone has their favourite. I will hold on making a decision until we hear more.

@ChristianSch
Copy link

Just wanted to add my +1. We're exploring alternatives to Insomnia and oauth2 is a must for us to use our APIs properly.

@helloanoop
Copy link
Contributor

I will be releasing support for these Auth's tomorrow (Fri 29 Sep)

  • Basic Auth
  • Bearer Auth
  • OAuth2.0

@yjlcoder
Copy link

Hello. Do you have any plan to implement cookies? i.e. set-cookies, cookies management, and automatically send the cookies under the same domain

@jthln
Copy link

jthln commented Sep 29, 2023

OAuth 1.0a support would be great, too.
Used by Magento 2, for example.
Since OAuth 2.0 is not backwards compatible to OAuth 1.0.

@helloanoop
Copy link
Contributor

Got busy with reviewing and merging PR's. Will be working over the weekend to get the auth support completed.

@DJphilomath
Copy link

Will this also cover sending an auth bearer token when fetching a Graphql schema?

@helloanoop
Copy link
Contributor

Hello. Do you have any plan to implement cookies? i.e. set-cookies, cookies management, and automatically send the cookies under the same domain

@yjlcoder Yes, we will support this. Its crucial.

Will this also cover sending an auth bearer token when fetching a Graphql schema?

@DJphilomath Yes, we will

OAuth 1.0a support would be great, too.

@jthln Yes, We will support it after completing Oauth2.0

@ChadDa3mon
Copy link

Just came here to say thanks a ton for this, I'm looking forward to trying it out. Seems like you're hard at work on the Auth issue, and that was my only big nag so far. I'm coming from Insomnia and I really like how they handled Authentication options via a dedicated tab. Being able to specify a username/password for basic auth, or various token options was quite helpful.

I see you make mention of it in your documentation, but I can't see any easy way to implement this in the GUI.

@helloanoop
Copy link
Contributor

Support for Bearer and Basic Auth is now available in v0.18.0

Hoping to have Oauth 2.0 shipped in another 2 days time. I appreciate your patience.

@danielraab
Copy link

Thanks for this cool new feature.
Now it would be perfect if the fields would be filled on an import (from e.g. Insomnia) :)

@fuxx
Copy link

fuxx commented Oct 4, 2023

Cool! Thanks for the update @helloanoop - This will be a massive forward for bruno :)

@dahlsin
Copy link

dahlsin commented Oct 4, 2023

Hi! This was exactly what we were waiting for! It seems like it doesn't work to use collection variables for the auth values though, is that right or am I doing something wrong?
auth_var_bruno

@lared
Copy link
Contributor

lared commented Oct 4, 2023

@dahlsin tracked under #329

@Finkregh
Copy link

Finkregh commented Oct 5, 2023

Reading authentication from ~/.netrc would be quite helpful as it allows sharing the config as well as usage of the same credentials by i.e. curl -n.

Thanks!

@helloanoop helloanoop added this to the v1 milestone Oct 5, 2023
@rmueller83
Copy link

Currently, the Auth credentials are stored in plain text in the bru file of the request. I do not think that this is a good idea, since projects are shared via Git.
The credentials should be encrypted or put into a separate file which can be excluded from git via .gitignore.

@helloanoop
Copy link
Contributor

@rmueller83 You'll be happy to see https://docs.usebruno.com/secrets-management/overview.html !

@helloanoop
Copy link
Contributor

Thank you @petoc for updating the insomnia importer to import basic and bearer auth strategies
PR: #380

@olekyd
Copy link

olekyd commented Oct 6, 2023

Hello, it would be nice to add AWS IAM auth method to the list

@helloanoop
Copy link
Contributor

I could not work on OAuth 2.0 auth as Ive been busy with adding Collection Level Headers, Auth, Scripts and Tests #334

Looking forward to get Oauth 2.0 done on priority in the next 2-3 days

@bmrodgers148 looking forward to your PR 😊 to add AWS IAM support.

@matbgn
Copy link

matbgn commented Oct 9, 2023

Is there any chance to see Digest Auth implemented in Bruno?

@WtfJoke
Copy link

WtfJoke commented Oct 10, 2023

Do you think it would make sense to split the issue? I could imagine it would be easier to track the different progress.
For example I am mainly interested in OAuth 2.0 (and the progress is quite mixed, what I can totally understand but its a bit harder to follow) :)

@premeaswaran
Copy link
Contributor

premeaswaran commented Oct 16, 2023

Hey there @helloanoop , any update on this regarding Oauth 2.0?

@nomorsug
Copy link

What happend with the API Key based auth (passed in headers/query params/cookies) ?

@Pessiun
Copy link

Pessiun commented Oct 26, 2023

When do we expect the JWT Bearer Auth to be in place?

@JoshatPNNL
Copy link

JoshatPNNL commented Oct 26, 2023

Hi! This was exactly what we were waiting for! It seems like it doesn't work to use collection variables for the auth values though, is that right or am I doing something wrong? auth_var_bruno

@dahlsin Try putting it in the body
image

Then in Vars write the response to a new variable and reference that in your next call
image
image

@Pessiun
Copy link

Pessiun commented Oct 27, 2023

I managed to fix my JWT issue. It worked! Sometimes we need to apply try and error technique to succeed.

@markwimpory
Copy link

Do we have an oauth2 update? this is the only thing stopping us adopting Bruno right now.

@nickheniser
Copy link
Contributor

Not yet, but I think it is on the horizon soon. For a workaround see this post: #385 (comment)

helloanoop added a commit that referenced this issue Nov 3, 2023
@palhal
Copy link

palhal commented Nov 4, 2023

As others have mentioned, I would like to see a static API Key that can be included either as a header or in the query. I guess a screenshot from Postman will explain it:

image

My specific use case is the Mapbox API.

Btw, I just switched from Postman and I'm loving Bruno so far.

@gagan1393
Copy link

Hi, Right now Oauth 2.0 is not available in bruno. Any idea when it is going to available? Or is there any alternative we can pass Oauth2.0 for a time being in bruno?

Thanks!!

@mmornati
Copy link

mmornati commented Nov 8, 2023

Acutually, for the oAuth2, client_credential is possible with a simple script already shared on GitHub.
The real missing part is with other auth methods, even trying to simulate it, when you need to open a webpage to fillup the credentials, Bruno is not letting you a lot of latitude (I think it is not executing JS in the page preview, right?).

@gousse
Copy link

gousse commented Nov 9, 2023

Hi, for OAuth2.0, if the issue is the browser interaction, the easiest way is to use the device grant.
https://www.rfc-editor.org/rfc/rfc8628
it let you use any browser in another network/technical context to interact with the human user, while the "code on bruno side = device client" is just polling the token endpoint with a simple POST request. The ascii schem on rfc illustrate this.

@gagan1393
Copy link

Acutually, for the oAuth2, client_credential is possible with a simple script already shared on GitHub. The real missing part is with other auth methods, even trying to simulate it, when you need to open a webpage to fillup the credentials, Bruno is not letting you a lot of latitude (I think it is not executing JS in the page preview, right?).

Yes.. for client_credential its working fine. I am able fetch the token. But i need it for implicit grant type. If it is possible, let me know??

@joe-gre
Copy link

joe-gre commented Nov 17, 2023

@helloanoop Any update on cookie support, including signed cookies? Our team uses this for authentication so its blocking us from adopting Bruno. I got parsing the cookie and setting it in a context variable in a post script working, but its not sending the cookie correctly. I hope this feature gets added so we can migrate. I've been waiting for an API client that integrates with git in this way for a while and I love the scripting support.

@joe-gre
Copy link

joe-gre commented Nov 17, 2023

I got cookie authentication working. It would be nice to have it as an out-of-the-box feature though. Here is what I did: #968 (comment)

@osminogin
Copy link

I would also like to suggest implementing an SSL/TLS client authentication method or any way to add and manage digital certificates in Bruno. This is a fairly popular way to authenticate clients to private APIs.

This functionality is also available in Postman:

certificates-add-client-cert-v10-16a

@helloanoop
Copy link
Contributor

I would also like to suggest implementing an SSL/TLS client authentication method or any way to add and manage digital certificates in Bruno. This is a fairly popular way to authenticate clients to private APIs.

@osminogin This is already available.

You can click on client certificates inside the collection settings (click on gear icon on top right corner once you open a collection)
image

@helloanoop
Copy link
Contributor

@yjlcoder @nomorsug @joe-gre
Cookie support has landed in v1.2.0

If you encounter any issues or have additional feedback, please comment on #968

@helloanoop
Copy link
Contributor

helloanoop commented Nov 20, 2023

This thread has become unmaintainable. I have created separate issues to track each kind of Auth.

Locking this thread. If you'd like an auth method to be supported, please create a new issue

PS: I appreciate the patience of folks waiting for OAuth 2.0.

@usebruno usebruno locked and limited conversation to collaborators Nov 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests