Authorization for REST API following upgrade?


#1

I’m wondering if anyone has figured out the new Authorization system for REST API following the upgrade of 3-4 weeks ago?

The auth token returned by my code and the one used by the browser accessing the website seem to be the same except that one is

“azp”: “cayenne-ios-app”,

and the other

“azp”: “cayenne-web-app”,

… plus various numbers like jti and session_state.

I have tried to cut and paste the website auth token into my code, but it complains about “No credentials fround for given ‘iss’.” So I think browser is sending some extra data in the Referer Request Header, or worse in the Cookie Request Header.

A work-around might be just to mimic the website in requesting authorization, which uses requests like

https://accounts.mydevices.com/auth/realms/cayenne/login-actions/authenticate?

rather than the old

https://auth.mydevices.com/oauth/token

This high-quality security can be a nuisance! :grinning:


#2

Let me check with the team.