I am going to call api of different modules, and I saw there is RequestVerificationToken on swagger API, like /api/file-management/file-descriptor/content API
I have 2 cases,
- my project dont have identity server
- my project have identity server
How to obtain the API Token for the above cases? I need to call module api in many cases
- ABP Framework version: v4.4.3
- UI type: MVC
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace:
- Steps to reproduce the issue:"
8 Answer(s)
-
0
Hi @LawrenceKwan
It's not related with ABP. You can do it configuring Serilog like below: https://stackoverflow.com/a/28334074/7200126
-
0
Serilog
Hello Enisn Token and Serilog are different thing. I am asking the API token not the loging, how to get token?Thanks
-
0
I find that when I login to admin account, token is valid but When I logoff, token is invalid that cannot get response.
-
0
Firstly I'm sorry about my first mismatching answer to you. It has been posted by a mistake to this thread.
I am going to call api of different modules, and I saw there is RequestVerificationToken on swagger API, like /api/file-management/file-descriptor/content API
If you send requests via using client proxies, you don't need to get any of token manually. Client proxy handles them.
I find that when I login to admin account, token is valid but
When I logoff, token is invalid that cannot get response.If your endpoint requires authentication, you won't be able to access that endpoint when you logged out.
Can you share more info about which endpoint you are trying to access with token?
-
0
Firstly I'm sorry about my first mismatching answer to you. It has been posted by a mistake to this thread.
I am going to call api of different modules, and I saw there is RequestVerificationToken on swagger API, like /api/file-management/file-descriptor/content API
If you send requests via using client proxies, you don't need to get any of token manually. Client proxy handles them.
I find that when I login to admin account, token is valid but
When I logoff, token is invalid that cannot get response.If your endpoint requires authentication, you won't be able to access that endpoint when you logged out.
Can you share more info about which endpoint you are trying to access with token?
Hi enisn
We have some external workers(software) to access files uploaded by Optical Character Recognition (OCR) . It could be the intranet user. To read the file , it will be downloaded via API on https:{our endpoint}/api/file-management/file-descriptor/content API
-
0
Hi LawrenceKwan,
You can use Client Credentials Flow (server to server) to request an access token.
Client Credentials Flow Summary:
- You create a client (https://docs.identityserver.io/en/latest/quickstarts/1_client_credentials.html#creating-the-client)
- You make an http request to Discovery Endpoint (Using
IdentityModel
nuget package) - You make access token request
- You add the token as bearer to header and make request to the resource with the defined scopes
Using Client Credentials Flow in ABP
- You can create a client (either IdentityServerDataSeeder or IdentityServer UI)
Now, if your application is and ABP application (has a module class and extending
AbpModule
class), you can addVolo.Abp.Http.Client.IdentityModel
nuget package that automates steps 2, 3 and 4. You can check this part of the documentation for more information. However, since you mentioned it is an external software that can be written in any language; generic client credentials flow rules apply as I have mentioned above. There is one caveat, If your application service is protected with a permission as below: You need to add related permission to the client you have created at step 1 using either IdentityServerDataSeeder or IdentityServer UI. Here is a related part of documentation that can help.
-
0
In file management you'll see 2 endpoints to perform a download operation:
One of them creates & returns token but requires authenticated request. After, getting that token, you can download the file from second endpoint with that token without authentication. But token's life is 60secons by default.
For example; let say your media id is 1 to make it more understandable.
Firstly you need to create a download token for media with a authenticated request:
GET | /api/file-management/file-descriptor/download/1/token
You'll get a response something like below. Let say the token is a to make it simple:
{ "token": "a" }
Now, you can make a request from anywhere without authentication with that token.
GET | /api/file-management/file-descriptor/download/1?token=a
-
0
Also you can generate token in serverside instead of sending a authenticated request:
public class MyService : ApplicationService { private IFileDescriptorAppService fileDescriptorAppService; public MyService(IFileDescriptorAppService fileDescriptorAppService) { this.fileDescriptorAppService = fileDescriptorAppService; } public async Task MyMethodAsync() { var token = await fileDescriptorAppService.GetDownloadTokenAsync(Guid.Parse("...")); } }