Utilizing Bearer Tokens - Retrieving User Information: Inconsistencies exist within a decoded base64 Bearer token containing user data
search cancel

Utilizing Bearer Tokens - Retrieving User Information: Inconsistencies exist within a decoded base64 Bearer token containing user data

book

Article ID: 325791

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Inconsistencies exist within a decoded base64 bearer token containing user data.

Consider the following scenario and environment variables:

Environment variables:
  • Utilize curl to perform calls against vRealize Automation API:  See "Programming Guide " for further guidance and assistance.
  • Tenant:  gss
  • Username: [email protected]
  • Password:  PassWord123!
  • $VRA = Variable for vRA hostname within impacted environment
  1. Connect by SSH to the vRealize Automation appliance
  2. Generate a user token using the following command:
curl --insecure -H "Accept: application/json" -H 'Content-Type: application/json' --data '{"username":"[email protected]","password":"PassWord123!","tenant":"gss"}' https://$VRA/identity/api/tokens
  1. API call curl results:
{"expires":"2017-07-25T21:57:16.000Z","id":"MTUwMDk5MTAzNjYwNjo2ZDI2NGZlMDVmZjdjZWM2NTBlNzp0ZW5hbnQ6Z3NzdXNlcm5hbWU6Z3NzQHZtd2FyZS5sb2NhbGV4cGlyYXRpb246MTUwMTAxOTgzNjAwMDpkNmI1MzFjZDgzNmNhMmI3MDlmNGUwNjNiNGVkNWJjZjNlMmYwMTRiMDBmYTBlMjZiYmM3ZWM2ODE5YWRkNjZlMzdjYWY0NzRkZjkyNDUwYjQ4YjFiOTY1YWFjMDM5ZmEzZjdkNzJmMmUzZWU3MjM5NTI4OTRlY2MyMWY0NGMxZQ==","tenant":"gss"}
  1. Convert the value between "id" and "tenant" with an online base64 decoder: https://www.base64decode.org/
Result:
1500987090270:095255098e4136b72fc1:tenant:gssusername:[email protected]:1501015890000:45dbbf2c59f36ee05e6c954b6469a1c249305cc453d6ddb7cf0c322d09ecd07c2f375f9282bdcd8ec1a3f1bd5206f21afed348ddc33fdb9a96db3eec5f1e20da
Note: The above value is missing a ":" (colon) between "gss" and "username" and between "[email protected]" and "expiration"


Resolution

The inconsistencies is a lack of separation between tenant, username and expiration

Convert the missing value by using regular expressions:
  • ^.*(tenant:)(.*)(username:)(.*)(expiration:)(.*):.*$
Note:  This will separate the string into 6 groups:
  1. Tenant name as group 2
  2. username as group 4
  3. Time in milliseconds of the expiration date as group 6