Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting oauth2_interceptRequest if not already defined #812

Open
denisrossetre opened this issue Oct 23, 2024 · 3 comments
Open

Setting oauth2_interceptRequest if not already defined #812

denisrossetre opened this issue Oct 23, 2024 · 3 comments

Comments

@denisrossetre
Copy link

I have a common.http file that I import before every request. The script in this file sets the oauth2_interceptRequest to disable SSL verification:

    exports.oauth2_interceptRequest = function(request, context) {
      request.options = { https: { rejectUnauthorized: false }};
    };

Unfortunately, it seems that assigning to the oauth2_* variables invalides any access token obtained for the oauth2 prefix, and thus a new access token is retrieved for every request.

Note that I implement a OAuth2 Password Grant type returning an access token with a lifetime in hours, and there is no refresh token. Accordingly oauth2_keepAlive is not set.

Of course exports is empty when the common.http file is run, so I can't test that. Wrapping the above code in if (typeof oauth2_interceptRequest === undefined) does not seem to work.

What can I do?
@AnWeber
Copy link
Owner

AnWeber commented Oct 23, 2024

Unfortunately, it seems that assigning to the oauth2_* variables invalides any access token obtained for the oauth2 prefix, and thus a new access token is retrieved for every request.

Not quite. A change in an *.http file causes the variables for this file to be discarded. Changes in Javascript files with the name httpyac also discard the variables (code). External scripts imported with require would not discard the variables.

Of course exports is empty when the common.http file is run, so I can't test that.

exports is empty, but all variables are added to the context. The context can be also accessed using this. You can test if the variable is not defined using if (!this.oauth2_interceptRequest).

e.g. testVars not defined on first request and will not be replaced. On second request the variable will use value second

GET https://httpbin.org/anything?foo={{this.testVar}}
{{
  exports.testVar = "second";
}}

@denisrossetre
Copy link
Author

denisrossetre commented Oct 24, 2024
edited
Loading

Thanks for the quick clarifications!

It seems I can't get rid of the extra requests. I'll try to write an example that does not depend on our internal systems and will update this issue-- or maybe I'll open another issue, as the source of the extra requests seems not to be the assignment to the oauth2_* variables.

By the way, should I propose a documentation update MR on how to disable SSL verification?

@AnWeber
Copy link
Owner

AnWeber commented Oct 24, 2024

By the way, should I propose a documentation update MR on how to disable SSL verification?

For me it was just the way to do it either via Environment or via Metadata. This is documented.
https://httpyac.github.io/guide/metaData.html#no-reject-unauthorized

Using property noRejectUnauthorized on request in scripting also works and is also documented (but more hidden, you need to click a link): https://httpyac.github.io/guide/scripting.html#access-to-variables

Using request.options is more or less not desired to use. This is a special feature from got/ http request and will not change behaviour of e.g wegsocket requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AnWeber @denisrossetre