Contributor.. rleonard Contributor..
Contributor..
2108 views

HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

Hi all,

I have been working on integrating our office's password safe with HPOO to do credential lookups for audit flows etc using REST API.
I can perform the REST queries perfectly in Postman (REST client) without any issues, however when I attempt to use the HTTP Client POST operations within OO I run into an issue.

I am using Pleasent Password Server. I've also attached as many screenshots as I can to help troubleshoot the issue.

Step 1. First, I must authenticate to the password safe server using x-www-form-urlencoded form to pass my credentials to the server via POST, in return I receive a Bearer access token. This works fine using OO,I pull the value of "access_token" and assign to ${accessToken}. The next step is when I run into issues.

image.png

Step 2. I send a request to the server with the body "{Search : "server01.example.com"}", and a HTTP header "Authorization:<access_token>".
This returns all the information I require in Postman however I cannot get it working within OO...

image.png

According to the RFC, the correct syntax to pass a Bearer token via the Authorization head is "Authorization: Bearer ${accessToken}", however if I add this into the headers field in OO, I receive an "Error 400 - Invalid Header" error. I think this explicit header is clashing with the "authType" field, however authType will not accept Bearer as an option.

In the headers field I have tried so many different combinations, and I have confirmed that Authorization header is causing the issues, if I remove Authorization I get an access denied message.
I've tried:

  • Authorization: Bearer ${accessToken}
  • Authorization : ${accessToken}
  • Authorization:${accessToken}
  • Authorization:"${accessToken}"
  • so on...

I have also changed authType from 'any' to 'Basic' and this does not change anything, I've been trying to figure this out all day and it's driving me nuts. I'm thinking I have some kind of syntax error somewhere in the Authorization header but I can't figure it out.

Does anyone know where I'm going wrong? Or if anyone has ever had this issue before?

Thanks for any help in advance!

3.png4.png5.png

0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

I've been involved in other scenario with Bearer authentication.

Finally been able to work by using

- autyType -> digest

- headers -> Authorization: Bearer ${accessToken}

Regards,

Ramon

0 Likes
6 Replies
AndreiTruta Outstanding Contributor.
Outstanding Contributor.

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

As far as I know the header should not be with Enter as I see it in your constant variable in studio.

Put ; in between the Authorization and Content-Type.

As for the Authorization itself you should put the Bearer example: <Authorization: Bearer ${valuehere}>

Hope it helps,

Andrei Vasile Truta
0 Likes
Trusted Contributor.. sunts Trusted Contributor..
Trusted Contributor..

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

I'm also experiencing the same issue when trying to specify the Authorization header. I know the header is well formed as it works from other HTTP/REST clients.
I am also in control of the endpoint I am trying to POST to so have enabled extended logging on the API which does show the request is trying to use Basic authentication and not Bearer,

So i guess that as Bearer is not an available authType within the HTTP Client POST operation, it is falling back to the default of Basic and resulting in the HTTP 400 (Bad Request - Invalid Header) response

For now I've been able to workaround this by using the PowerShell Script operation and using the Invoke-RestMethod cmdlet but it would be good to have the HTTP Client operations support the use of Bearer tokens.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

Hi,

 Instead of using the HTTP client post operation use the regular HTTP Client operation from the V2 folder. This is to separate the authorization header from the content type and remove any and all formating complications from that scenario. The HTTP Client operation has a separate input for content type.  

In my opinion the auth type should be basic and in the headers  try one of the following:

 access_token:${accessToken};token_type:"bearer"

access_token:${accessToken}

You could also try (now that you have split the content-type from the header to use Authorization:${accessToken}

If all else fails if the password safe has a UI in which you can perform the same action as you are trying to perform from the API inspect the headers from the browser API call and use them in OO.

Hope this Helps,

Vlad

 

 

0 Likes
Respected Contributor.. hpooStudent Respected Contributor..
Respected Contributor..

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

hi are you trying to call cyberark rest api? i am hitting same issue this is what was done to make it work.

solution.png

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

I've been involved in other scenario with Bearer authentication.

Finally been able to work by using

- autyType -> digest

- headers -> Authorization: Bearer ${accessToken}

Regards,

Ramon

0 Likes
Contributor.. MarkNielsenHPE Contributor..
Contributor..

Re: HPOO HTTP Client POST Authorization is Returning Error 400 Invalid Header

Jump to solution

Great reply! Switching to digest stopped the POST flow from automatically inserting "Basic" regardless of whether the option was set or deleted. 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.