I have this API, something like this:
https://baseurl.com/endpoint
It is a GET API and has PingIdentity's OIDC + Auth2.0 authentication & authorization(enabled at KONG API GATEWAY level) mechanism. The first time I hit this API via my browser, it redirects me to a sign-in page, which on successful sign-in, successfully triggers this API and shows me the output JSON on the browser. For the next 1 hour, whenever I hit this API again, it doesn't ask for a sign-in again. After that, I again have to sign in once.
Now, I need to hit this API via Python. The problem is, in response, it gives an HTML output, which is basically that sign-in page that the browser was redirecting me to. Here is what I have tried:
I wrote this API using FastAPI in python, and when I requested it on the browser, I recorded its headers in FastAPI via request.headers
. Here is what the headers contained:
'host':
'keep-alive':
'connection':
'x-forwarded-for':
'x-forwarded-proto':
'x-forwarded-host':
'x-forwarded-port':
'x-forwarded-path':
'x-forwarded-prefix':
'x-real-ip':
'cache-control':
'sec-ch-ua':
'sec-ch-ua-mobile':
'sec-ch-ua-platform':
'upgrade-insecure-requests':
'user-agent':
'accept':
'sec-fetch-site':
'sec-fetch-mode':
'sec-fetch-user':
'sec-fetch-dest':
'referer':
'accept-encoding':
'accept-language':
'cookie': {contained my organization specific data, which I am sure are not essential}
'username':
'client_id':
'oidc-access-token': {it is a JWT token, which I have confirmed with my teammates, is the access token from PingIdentity}
However, when I set these same headers when using Python requests library to hit this same API, it is again returning me the HTML of the sign-in page and is not giving me the result, I also tried copying headers from the NETWORKS tab in the Debugger tool in browser and setting those same parameters in my requests in python: but nothing works still! Here is how I am hitting the API in python:
import requests
hit_my_api = requests.get("https://baseurl.com/endpoint", headers={<The ones I mentioned above>})
How to get around with this?
You should add the JWT token in the headers as below (see here ):
hit_my_api = requests.get("https://baseurl.com/endpoint", headers={'Authorization': 'access_token myToken'})
EDIT: If the above doesn't work, try this:
hit_my_api = requests.get("https://baseurl.com/endpoint", headers={ 'Authorization': 'Bearer <your_token>' })
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.