Product/components used and version/fix level are you on:
Detailed explanation of the problem:
We have created a cockpit application using c8ycli to create our own custom widgets and I have given my tenant url under script to start the server as below
** start: “c8ycli server -u [tenantUrl]” **
So now once I start the server I could see the login page and user can able to login into that tenant successfully. Now I would like to get authorization token of the logged in user. they are setting in cookies as HttpOnly so we are not able to access the token in client side.
Do we have any other ways to access the authorization token of logged in user ?
the web application running in your browser is not supposed to access the token from the cookie for security reasons.
It will be attached to every request going to your Cumulocity tenant’s domain automatically.
What is your usecase that you need to access the authorization token?
There is an API to retrieve the authorization token in your response body instead of attached as a cookie: Cumulocity IoT - OpenAPI Specification but this is specifically not used in the UI for security reasons.
Tristan, my use case is to send an authorization token in order to access custom API endpoints that have been developed using microservices.
I understand that the token will be attached to every request that is sent to my Cumulocity tenant’s domain.
However, I am the endpoint that will be accessing the custom microservice. the token will be attached even if I access my custom endpoint ?
Please note that both the custom cockpit and microservices will be deployed within the same domain of the Cumulocity tenant.
Yes the cookie is also being attached to the request going from the UI to your microservice.
If you e.g. follow this sample to access a microservice from one of your angular components: Tutorials - Cumulocity IoT Guides you should not have to worry at all about authorization.
Understood. Thanks Tristan
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.