Generic Bearer Token (client)
In this dialogue you can define how a generic token is requested via HTTP and read in. Generic token means that a server offers tokens but does not provide the standardised OAuth flow for it. In this case, you only configure this dialogue here and none of the OAuth dialogues.
The generic flow is active as soon as you fill all mandatory fields in this dialogue and save these settings (regardless of which other authorization methods are configured). If you have already fetched a token manually (see below), it will be used for authorisation if its expiration time has not been exceeded. If the expiration time has been exceeded or if no token has been fetched manually before, the fetching of the token is triggered automatically when the channel is used. Note: An existing token is only displayed in this dialogue in (11) and not in the additional IDs, as you know it from the other two OAuth dialogues.
Settings
(1) URL: The server that provides the token. The placeholders <server>, <user> and <password> can be used for the values of the fields "Partner address", "Own ID" and "Own Password" (in the main dialogue). Example: " http://example.com/get-generic-token ".
(2) Via DMZ: If set, the HTTP token request (1) will be sent via the DMZ server (if there is one).
(3) Use credentials: If set, the values of channel fields "Own ID" and "Own Password" are used for authorisation at the server (1) (basic authentication in header).
(4) HTTP method: The HTTP method to be used for the request (1). Note: If " POST" is selected, additional fields for the body data and the content type are displayed.
(5) Request header: HTTP headers for the request to (1) can be added via the context menu. System constants can be used.
(6) Token: Here you can specify either a JSONPath expression (see screenshot), a regular expression or a header name to read the token out of the response.
Example for JSON: $.access.token
Example for regular expression: "access_token":\s*"(.*?)",
Example for header: X-OAuth-Token
(7) Expires: As (6), only for the expiration time of the token. Example: " $.expires_in ".
(8) Lifetime unit: The time unit of the expiration time.
(9) Default lifetime: If the expiration time of the token is not read out (7), this default time is used.
(10) Token header, token pattern: The HTTP header into which the read token is written when it is used for authorisation in an HTTP request over this channel. In this example here, the HTTP header "Authorization" with the value "Bearer 111kei..." would be generated. In most cases you can use the default values here.
(11) Request token: When you click this button, the read out token will appear . If an error occurs during the fetching of the token, you will see corresponding error messages in another dialog. Error messages can also be found in the file ./logs/services/error.log.
(12) Current Token: The current token and the token's expiration time are displayed here.
(13) Authorization header: Here you can define additional request headers that are set during authentication with the token. Please note that you can only specify the name of the header in the dialogue. After retrieving the token (10), the value comes from response headers with the same name (is automatically evaluated internally). Example: You have defined a header "myheader" in (13). You click on (11) and receive a token from (1). The header "myheader" with the value 123 is also returned in the response. Your header "myheader" in (13) now also has the value "123". If the token is now used in an authentication via the channel, the request header "myheader" is also sent with the value "123".
(14) Use credentials: If you want/need to use Basic Authentication in addition to the token (10), you can set this checkbox. The values of the channel fields "Own ID" and "Own password" are used. Please note that the token header in (10) cannot be "Authorization" in this case.
(15) Remove: Removes all settings and the token.