How to add token generation code.

Supports JWT, OAuth 2.0, Custom authentication service, etc.

Step 1: Provide a curl for generating token

e.g.

curl -s -d ‘{“username”:”admin”, “password”:”secret”}’ -H “Content-Type: application/json” -H “Accept: application/json” -X POST https://ip/user/login

Step 2: Provide Token extraction logic using grep/jq

If the Step 1 response look like this

{“time”: “1594073751605”, “info”: {“token”: “val”}}.

And your token path is “info.token”. You can use json parser (jq) to extract the token. Alternatively, you can also use “grep” to extract the value.

e.g.

curl -s -d ‘{“username”:”admin”, “password”:”secret”}’ -H “Content-Type: application/json” -H “Accept: application/json” -X POST https://ip/user/login | jq –raw-output “.info.token”

Step 3: Provide a token usage example.

curl –location –request GET ‘https://ip/api/users’ -H ‘X-API-KEY: <>’

Step 4: Wrapping your logic in @Cmd

You can wrap your entire Step 2 content using the @Cmd syntax. And it will be evaluated at runtime before running the Playbooks.

Usage:

X-API-KEY: {{@Cmd | Step-2-content }}

or

Authorization: Bearer {{@Cmd | Step-2-content }}

e.g.

Authorization: Bearer {{@Cmd | curl -s -d ‘{“username”:”admin”,”password”:”secret”}’ -H “Content-Type: application/json” -H “Accept: application/json” -X POST https://ip/user/login | jq –raw-output “.info.token” }}

Step 5: Using @CmdCache

@CmdCache is similar to @Cmd, but it caches the token for 5 minutes and reuses it across multiple Playbooks.

Usage:

X-API-KEY: {{@Cmd | Step-2-content }}

or

Authorization: Bearer {{@Cmd | Step-2-content }}

e.g.

Authorization: Bearer {{@CmdCache | curl -s -d ‘{“username”:”admin”,”password”:”secret”}’ -H “Content-Type: application/json” -H “Accept: application/json” -X POST https://ip/user/login | jq –raw-output “.info.token” }}

Step 6: Using @Vault for secure password usage.

Create a key-value pair in Vault and inject it using this syntax.

Usage:

[[@Vault.ORG-NAME/KEY-NAME]]

e.g.

Authorization: Bearer {{@CmdCache | curl -s -d ‘{“username”:”admin”,”password”:”[[@Vault.ORG-NAME/KEY-NAME]]”}’ -H “Content-Type: application/json” -H “Accept: application/json” -X POST https://ip/user/login | jq –raw-output “.info.token” }}
Note: If the request body contains 2 or more opening/closing curly brackets together. Make sure to escape them using spaces e.g. {{ -> { {.