Hi team, I need programmatic access to authorization token set after login api. Although it is not shown in data, after manually checking the request, I see that a authorization token is generated. I need to know how to extract/store it into fdk programmatically as well as the how to verify it on extensions created.
-
After logging into the Fynd platform, when installing an extension, user will encounter a consent page that provides permission for listing actions.
-
The authorization server grants an authorization code to the extension.
-
The authorization server sends an API request to the extension, for getting the extension’s API key and API secret.
-
The authorization server validates the extension’s API key, API secret, and authorization token.
-
After successfully verifying the credentials, the authorization server grants an access token to the extension.
-
The extension can utilize the access token to make API calls for accessing user information.
Sir, this is not what I meant. Let me clarify.
curl 'https://localhost:5002/service/application/user/authentication/v1.0/session' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
-H 'Authorization: Bearer NjRkNjM4ODcyZWFiMjczNjVjZjZhZWNjOlFzZFlzV0NZRw==' \
-H 'Connection: keep-alive' \
-H 'Cookie: WZRK_G=259153840f7d4ddc895517734963781b; _ga=GA1.1.1779578942.1691390507; _ga_1ZSGHLT9NM=GS1.1.1691577485.2.1.1691577600.0.0.0; anonymous_id=c7ae30a3e1074bafad9d2a913d1f99a3; old_browser_anonymous_id=c7ae30a3e1074bafad9d2a913d1f99a3; f.session=s%3AwHRk8r7mSqgQxkO0F-IY43dS9oG-yrsF.%2BZqiGJGmESXzOS7csZWWXpLNt1%2B9vf79eMv%2BnQWYp2A; io=uzANxbqkDYkYoenJAAAB' \
-H 'Referer: https://localhost:5002/' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Mobile Safari/537.36' \
-H 'sec-ch-ua: "Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"' \
-H 'sec-ch-ua-mobile: ?1' \
-H 'sec-ch-ua-platform: "Android"' \
-H 'x-currency-code: INR' \
-H 'x-fp-cli-forwarded-host: milkbasket.jiox1.de' \
-H 'x-fp-date: 20230829T030814Z' \
-H 'x-fp-sdk-version: 1.1.2' \
-H 'x-fp-signature: v1.1:ecf2e629861dd66f9369acd937dfa977566171d6355cbd2834b2d200b645387f' \
-H 'x-location-detail: {"country_iso_code":"IND"}' \
--compressed
This is a curl request generated by javascript fdk-client to get user Session. Here I have not logged in yet, so I believe the fdk-client persists user session data locally too and uses it after app restart. Also in request, you can see Authorization header, which I believe to contain user session info. Now my simple requirement is,
1. I want to know if the user has logged in, since fdk-client maintains Authorization header, it is possible, but there seems to be no function to get it
2. I want to verify this Authorization header in my extension code, so that I can impose user-based Access-control over my extension apis.
3. Optionally I also want to be able to set this authorization header manually, it helps in development as well as required to call user-specific fynd apis from extension code