According to below, test token endpoint is available only in the "development version" of IBM MobileFirst Platform Foundation.
The test token endpoint
We would like to use this endpoint of MobileFirst Server(not development) for test purpose. Is there a property to enable it?
If it is possible, we will secure MobileFirst Server by FW in the test phase. In production, we will disable test endpoint, of course.
If this would've been possible, it'd be mentioned. :)
It is not possible. The test token is meant only for testing purposes, in the development server. Once you move to a different environment, you must take care of the token generation.
Related
When one creates an ASP.NET Core Web API in Visual Studio 2022, and tests it locally, one gets a convenient Swagger page built upon an OpenAPI definition, to test all HTTP endpoints.
However, when deployed and trying to access {path-to-api}/swagger, it returns a 404 Not Found error, even while on localhost, when both the API and the database is sitting on my own machine. Even if the database is in the Azure cloud, for that matter, it also works, if I put the Azure SQL Database connection string into appsettings.json.
So is there a way to achieve this, preferably without too much hassle? Or am I wrong in wanting this, do developers mostly test their APIs locally? Because I want the Swagger API online only for testing.
The problem is getting and using the swagger functionality into the cloud. Is it possible and good practice?
If you look at the startup, you will notice that the swagger is only loaded during a development session via an if check. Commenting that out, or expanding it based on evironment, will allow a published version to generate the page on the target host.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
I generally do that for first publishes or to Dev/Test environments to see it running. Once it is not needed, I un-comment it back in.
Also it may be actually viable (turned on) in Dev or UAT server because one is also publishing the open api it to APIM (Azure api manager), which takes the api and generates its own development environment; away from an initial publish.
Also once published, it is not the default page, one still has to path to it such as .../swagger/index.html.
I'm aborting this mission to deploy the Swagger interface to Azure along with my API. It's bad security practice to make the HTTP request methods so visually available to all. So the answer to my question do developers mostly test their APIs locally, is apparently yes.
I wondered if I should remove the question, but I would like to make it still stand, in case anyone else is contemplating about doing the same thing - exposing an API online with the Swagger UI.
we have a Scala service built on top of Lagom. We use JWT to authenticate the connections when deployed.
Locally we developers use sbt runAll to run our service. This works fine and it circumvents the JWT authentication (I assume because of Lagom's development mode when running runAll).
However, we would like to run unit tests locally in Docker containers (some other services mocked, but with a real mysql and imported test data). Inside the docker containers, the JWT authentication is used (presumably because it's not running in development mode). This makes it a lot more difficult to run the tests.
Is there a way to enable development mode also when deploying through docker (preferably through an env variable, so that we can enable that only on the local instances and disable dev mode on the deployed cluster)?
Many thanks,
Volker
Can you explain what you mean by JWT authentication? Lagom doesn't provide any JWT authentication features out of the box. Play, which Lagom sits on top of, does provide JWT based season management, but this isn't exposed to through the Lagom API, and also isn't disabled in dev mode.
So likely whatever these JWT features are, they are provided by a third party library, or your own app has provided them.
I created a restful web service with java in eclipse
I used Eclipse toolkit to deploy my WS.
I'm just wondering how to test http requests? I mean there is the default URL to the app porvided by azure myapp.azurewebsites.com
but how to do a POST or GET?
and also DO I need to chose the same tomcat version when deploying my app in azure?
I have tomcat 6 on my computer, but in azure i chose tomcat 8 for example
thank you all for your answers.
I don understand your question. You can perform a GET request in any browser and a Post using tools like Postman or Fiddler (just to name a few). We can' tell you which path you have to use because it depends on your application but it should be the same as if you run it local (except the different host address). Also whether you have to choose the same tomecat version depends on your application and the component it uses - you are the only person who can answer that.
I can't find my Application Secret key in the Mobile Options tab.
I went to look into the Mobile Application Security I found out that it is no more. It is replaces by Mobile Client Access. So where is it ?
If you have Mobile Client Access instead of Mobile Application Security then it sounds like you created a MobileFirst Starter Boilerplate (the newest release) rather than a Mobile Cloud Boilerplate (deprecated as of December 15th).
The new services within the MobileFirst Starter Boilerplate do not use the Application Secret for security or validation. I would recommend you take a look at that linked deprecation announcement and see what all has changed in the move to the new services and what you as a developer would need to do to migrate your preexisting code.
The new service Mobile Client Access require only appId and Route. (no app secret)
You can find more information here: https://www.ng.bluemix.net/docs/services/mobileaccess/getting-started.html
In the "next-step section" you can find some example that explains how to use the service ( how you can see the application secret is not required).
I would like to use OAuth as authorization system for my API created on the IBM API Manager (on Bluemix). Is it possible to use the IBM MobileFirst as OAuth provider? I have already tried inserting
mobile_first_context*/authorization/v1/authorization
as “Authorization URL”, after calling
advanced_developer_portal_context*/oauth/authorize
I obtain the form to insert the credentials, I enter a MobileFirst user and password (credentials are in basic user registry) but it seems to be always failing and the form is constantly visible.
What am I getting wrong?
Thank you in advance.
This is not possible through MobileFirst Platform Foundation at this time. The question should be directed at the API Manager product. You could probably open a PMR (support ticket) for that team.
To use OAuth to the secure the APIs in IBM API Management, please see the Securing an API by using OAuth 2.0 tutorial. As provided in the earlier answer it is not possible through IBM Mobile First Platform at this time.