Within flow POST to external REST API using JWT authentication

General
1

Hi there,

I have a flow that catches json payloads, splits them in seperate key-value pairs.
What I would like to do now is to forward the new json by HTTP POST to a REST API that uses JWT authentication.

I managed to connect (received a token) to this API using a first message containing basic authentication - username and password - that was injected. I created the same type of message within my flow - by adjusting the payload, but for some reason it does't connect that way. It is no option to store the token manually.

Question 1: what can be the difference in the message coming from an inject node or coming from the full flow? In debug it looks exactly the same: containing username, password and _msgid.

Question 2: How can I send the first message to connect and get the JWT token in the response - how can I store this token to send a second message containing the full payload and the token in the header of the request all in the same flow?

Note: I am rather new to coding and development, but try to learn.

2

New developments:

From inject node - succesfully added token into headers with function node. Using it again in a request gives an error 503. Not sure why.
Using postman the jwt token allows posting.

Two problems: request node in flow throws error.
Second request with token included throws 503 error.

3

You will need to share a flow I think. Hard to visualise otherwise.

You mean that you send 2 requests with the same JWT header, the first works and the second fails? If so, could the remote end be refreshing the JWT after each request? That would make sense from a security perspective since JWT is pretty naff for security unless you wrap some processes around it.

4 
[{"id":"84e70b23.7ce728","type":"http in","z":"241c41a6.95cfae","name":"Lora Post Catcher","url":"/lorapost","method":"post","upload":false,"swaggerDoc":"","x":408,"y":331,"wires":[["4d575fdc.0b32a"]]},{"id":"4d575fdc.0b32a","type":"function","z":"241c41a6.95cfae","name":"Parse Catch Input","func":"// Check if the body has a payload_raw parameter (ThingsNetwork)\n if (msg.payload.hasOwnProperty(\"payload_raw\")){\n   \n    body = msg.payload;\n}else{\n    node.error(\"Not a valid Things Network\", msg);\n    return;   \n}\n\nmsg.lorapayload = body.payload_raw;\nmsg.body = body;\n\n\n\n\nreturn msg;","outputs":1,"noerr":0,"x":658,"y":353.99999809265137,"wires":[["f6b32bea.048e48","c7bcd197.3204f"]]},{"id":"f6b32bea.048e48","type":"function","z":"241c41a6.95cfae","name":"Create post response","func":"if (msg.topic === \"error\"){\n    // In case of an error, do nothing with the message and\n    // pass it on to the reponse node. The msg.payload\n    // already contains the right information\n    return msg;\n}else{\n    // We know we have received a valid message\n    // Let's just pass back the lora data we have received\n    msg.payload = \"Received payload: \" + msg.lorapayload;\n}\n\nreturn msg;","outputs":1,"noerr":0,"x":934.0000305175781,"y":270.99999809265137,"wires":[["8ccf7c06.58991"]]},{"id":"8ccf7c06.58991","type":"http response","z":"241c41a6.95cfae","name":"HTTP response Lora Post Catcher","statusCode":"","headers":{},"x":1258.9999694824219,"y":269.99999809265137,"wires":[]},{"id":"9bcbedc3.d3427","type":"catch","z":"241c41a6.95cfae","name":"","scope":null,"uncaught":false,"x":491,"y":216.99999809265137,"wires":[["245cc2b.8066c3e"]]},{"id":"245cc2b.8066c3e","type":"function","z":"241c41a6.95cfae","name":"Handle error","func":"\n// Add a topic property to our message to let other nodes know\n// that this message is an error.\nmsg.topic = \"error\";\n\n// The payload of this error message should say something \n// about the error. This payload is going to be passed back\n// to our HTTPS Response node. Note that the msg.error.message\n// is the message we gave as input in the node.error()\nmsg.payload = \"Encoutered Error: \"+ msg.error.message;\n\nreturn msg;","outputs":1,"noerr":0,"x":699.0000305175781,"y":216.99999809265137,"wires":[["f6b32bea.048e48"]]},{"id":"c7bcd197.3204f","type":"function","z":"241c41a6.95cfae","name":"Format Database","func":"\n\n\nNewMsg = {\n    \"payload\" : {\n \n        \"_id\": Newid,\n       \n\t\t\"Temperature\": temperature,\n\t\t\n    }\n};\n\nreturn NewMsg;","outputs":1,"noerr":0,"x":1042.0000305175781,"y":408.99999809265137,"wires":[["8d53b777.c2e108"]]},{"id":"8d53b777.c2e108","type":"switch","z":"241c41a6.95cfae","name":"seperator","property":"payload._id","propertyType":"msg","rules":[{"t":"eq","v":"00","vt":"str"},{"t":"eq","v":"01","vt":"num"},{"t":"eq","v":"02","vt":"num"}],"checkall":"true","repair":false,"outputs":3,"x":1226.2000198364258,"y":452.60007667541504,"wires":[[],["b1228c38.1a95"],[]]},{"id":"82517114.ff783","type":"debug","z":"241c41a6.95cfae","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"false","x":1910.4000663757324,"y":397.0000023841858,"wires":[]},{"id":"b1228c38.1a95","type":"function","z":"241c41a6.95cfae","name":"Basic auth","func":"msg.topic=\"\";\n\n\n\nNewMsg = {\n    \"topic\": \"\",\n    \"payload\" : {\n        \t\"username\": \"username\",\n\t        \"password\": \"password\"\n}};\nreturn NewMsg;","outputs":1,"noerr":0,"x":1523.8000564575195,"y":495.00000286102295,"wires":[["c97b2b23.b01c08","465cbf5d.c4bc9"]]},{"id":"c97b2b23.b01c08","type":"debug","z":"241c41a6.95cfae","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"headers","targetType":"msg","x":1785.800064086914,"y":519.0000038146973,"wires":[]},{"id":"465cbf5d.c4bc9","type":"http request","z":"241c41a6.95cfae","name":"Get token","method":"POST","ret":"obj","paytoqs":false,"url":"https://domain.com/wp-json/jwt-auth/v1/token","tls":"","persist":false,"proxy":"","authType":"","x":1696.800064086914,"y":431.00000190734863,"wires":[["82517114.ff783"]]}]

I hope this is pasted in right. This is the (incomplete) flow I need to get functioning.
Thank you for responding.

BTW, I use node-red starter-kit on IBM Cloud and want to forward to a wordpress REST API with JWT. The JWT token is valid 24 hours.

5 
[{"id":"717aba99.62f504","type":"http request","z":"241c41a6.95cfae","name":"Get JTW token","method":"POST","ret":"obj","paytoqs":false,"url":"https://domain.com/wp-json/jwt-auth/v1/token","tls":"","persist":false,"proxy":"","authType":"","x":619.9999771118164,"y":769.5999412536621,"wires":[["538213d9.fee86c","c689e49a.c86ed8"]]},{"id":"fcb31f05.f21cf","type":"debug","z":"241c41a6.95cfae","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","x":1288.1999588012695,"y":899.5999031066895,"wires":[]},{"id":"f4a28ef2.e238d","type":"inject","z":"241c41a6.95cfae","name":"","topic":"","payload":"{\"username\":\"username\",\"password\":\"password\",\"title\":\"My Nice New Title\"}","payloadType":"json","repeat":"","crontab":"","once":false,"onceDelay":0.1,"x":435.89996337890625,"y":835.999942779541,"wires":[["717aba99.62f504","21a26cb4.d64d04","783bdb3f.f5e1f4"]]},{"id":"21a26cb4.d64d04","type":"debug","z":"241c41a6.95cfae","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"headers","targetType":"msg","x":594.4000244140625,"y":921.9999437332153,"wires":[]},{"id":"f3f5063d.157938","type":"function","z":"241c41a6.95cfae","name":"add token","func":"msg.headers[\"Authorization\"] = 'Bearer ' + msg.payload[1].token;\n\n\n\nmsg.payload = msg.payload[0];\n\n\nreturn msg;","outputs":1,"noerr":0,"x":1044.9999771118164,"y":750.9999408721924,"wires":[["c72785da.471588","79a29d8e.a857e4"]]},{"id":"783bdb3f.f5e1f4","type":"function","z":"241c41a6.95cfae","name":"Add data","func":"msg.payload.title = \"New nice Title\";\n\nreturn msg;","outputs":1,"noerr":0,"x":618.5999755859375,"y":845.9999418258667,"wires":[["c689e49a.c86ed8"]]},{"id":"c689e49a.c86ed8","type":"join","z":"241c41a6.95cfae","name":"Combine","mode":"custom","build":"array","property":"payload","propertyType":"msg","key":"topic","joiner":"\\n","joinerType":"str","accumulate":false,"timeout":"","count":"2","reduceRight":false,"reduceExp":"","reduceInit":"","reduceInitType":"","reduceFixup":"","x":851.5999755859375,"y":882.999942779541,"wires":[["11a31f0a.fbe3b1"]]},{"id":"79a29d8e.a857e4","type":"http request","z":"241c41a6.95cfae","name":"Post new title","method":"POST","ret":"txt","paytoqs":false,"url":"https://domain.com/wp-json/wp/v2/posts/1","tls":"","persist":false,"proxy":"","authType":"","x":1128.0000801086426,"y":855.9999656677246,"wires":[["fcb31f05.f21cf"]]},{"id":"538213d9.fee86c","type":"debug","z":"241c41a6.95cfae","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","x":813.9999771118164,"y":751.9999408721924,"wires":[]},{"id":"c72785da.471588","type":"debug","z":"241c41a6.95cfae","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","x":1253.9999809265137,"y":755.9999389648438,"wires":[]},{"id":"11a31f0a.fbe3b1","type":"change","z":"241c41a6.95cfae","name":"","rules":[{"t":"delete","p":"statusCode","pt":"msg"},{"t":"delete","p":"responseUrl","pt":"msg"},{"t":"delete","p":"redirectList","pt":"msg"}],"action":"","property":"","from":"","to":"","reg":false,"x":912.3999786376953,"y":804.999942779541,"wires":[["f3f5063d.157938"]]}]

And this a test part where I use an inject node to start asking for a JWT token - with username and password. This succeeds - I get a token back. I now placed that token in the headers, but the second request with the token instead of the username and password gives a 503 back. Sorry for being unclear in my last reply.

(in both flows I removed some privacy and non relevant content parts, hence some empty function nodes)

6

I deleted the header items in the second request with the token, that were coming along with the first request, logging in to get the token, in the response. Now I get a 403 error saying ''jwt_auth_bad_auth_header', 'Authorization header malformed.' ?

In Postman the authentication process still works fine.

7

Sorry Laura but I don't use the IBM Cloud so I don't know what might be happening.