Currently I have a mobile app, consuming restful web api (jwt) from a monolithic jhipster backend successfully, now I am porting the monolithic backend to microservices, and there are already registry (jhipster registry v4.0.3), gateway (angular 6), uaa (jhipster UAA) and a microservice generated.
Then I compiled and sent a /auth/login request from postman to gateway, but failed, below is the details of the request: url: post
localhost:8080/auth/login
header:
Accept: application/json
and
Content-Type: application/json
body as raw:
{"username":"admin","password":"admin"}
the response is:
{
"error": "access_denied",
"error_description": "Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'."
}
What is the correct way to request from a mobile app with password grant type? I need oauth 2 (such as refresh token. etc).
Not sure what I missed something, I checked the docs, and did not find something useful.
Feel very appreciated for any help.
Note: the gateway works well (from browser), the gateway, uaa and the microservice are also registered to the registry successfully.
I think it is not a duplicate with other question, because mobile app use token based authentication, the csrf is not necessary in this case.
rememberMeis not important. You need to get a cookie with the XSRF token first before you can login (I think you can get one by making a GET request, the webapp requests/api/accounton page load). I'm not sure how you handle cookies in native app code though. Here's how I map the cookie to a request header for React Native, it's not what you're looking for but it might help github.com/ruddell/ignite-jhipster/blob/… - Jon Ruddell