0

I follow documentation here: https://fusionauth.io/docs/v1/tech/apis/jwt

And try to get issued new JWT to gain access to second application in same tenant. I use httpie instead of curl to get access token:

source config.sh
ACCESS_TOKEN=`http POST "${URL}/api/login" \
 "Authorization:${API_KEY}" \
 "X-FusionAuth-TenantId:${TENANT1_ID}" \
 "applicationId=${APP1_ID}" \
 "loginId=${USER}" \
 "password=${PASS}" \
 | python -m json.tool | grep token | cut -f4 -d'"'`

echo ${ACCESS_TOKEN}

and then I use this access token in following request to get access to second application:

source config.sh
JWT=`bash access_token.sh`

http GET ${URL}/api/jwt/issue \
    "Authorization: JWT ${JWT}" \
    "Cookie: access_token=${JWT}" \
    "applicationId=${APP2_ID}"

#http GET ${URL}/api/user \
#        "Authorization: JWT ${JWT}"

Notice that commented request to /api/user works well, however request to /api/jwt/issue returns 401.

How can I fix this error?

Ľubomír Mlích
  • 649
  • 6
  • 12

1 Answers1

1

The applicationId must come through on a request parameter.
https://fusionauth.io/docs/v1/tech/apis/jwt

When using httpie, a single equals sign = indicates the parameter is to be serialized as JSON in the request body, and a double equals == indicates the parameter is to be append to the request URI.

httpie help text:

'==' URL parameters to be appended to the request URI:

search==httpie

'=' Data fields to be serialized into a JSON object (with --json, -j) or form data (with --form, -f):

 name=HTTPie  language=Python  description='CLI HTTP client'

Try modifying your request to use a double equals == for the applicationId parameter. 

http GET ${URL}/api/jwt/issue \
    "Authorization: JWT ${JWT}" \
    "applicationId==${APP2_ID}"

Also, you need only to send the cookie or the Authorization header. If you send both the Authorization header will take precedence. https://fusionauth.io/docs/v1/tech/apis/authentication#jwt-authentication

robotdan
  • 1,022
  • 1
  • 9
  • 17