Sending JWT token in the headers with Postman

Question

I m testing an implementation of JWT Token based security based off the following article  I have successfully received a token from the test server  I can t figure out how to have the Chrome POSTMAN REST Client program send the token in the header     My questions are as follows   1  Am I using the right header name and or POSTMAN interface   2  Do I need to base 64 encode the token  I thought I could just send the token back

User · Answer

I did as how moplin mentioned  But in my case service send the JWT in response headers  as a value under the key  Authorization    Authorization  Bearer eyJhbGciOiJIUzUxMiJ9 eyJzdWIiOiJpbWFsIiwiZXhwIjoxNDk4OTIwOTEyfQ dYEbf4x5TGr kTtwywKPI2S-xYhsp5RIIBdOa wl9soqaFkUUKfy73kaMAv c-6cxTAqBwtskOfr-Gm3QI0gpQ   What I did was  make a Global variable in postman as      key- jwt   value- blahblah   in login request- Tests Tab  add  postman clearGlobalVariable  jwt    postman setGlobalVariable  jwt   postman getResponseHeader  Authorization       in other requests select the Headers tab and give      key- Authorization       value-   jwt

User · Answer

For the request Header name just use Authorization   Place Bearer before the Token  I just tried it out and it works for me   Authorization   Bearer TOKEN STRING  Each part of the JWT is a base64url encoded value

User · Answer

I am adding to this question a little interesting tip that may help you guys testing JWT Apis   Its is very simple actually   When you log in  in your Api  login endpoint   you will immediately receive your token  and as  mick-cullen said you will have to use the JWT on your header as    Authorization  Bearer TOKEN STRING   Now if you like to automate or just make your life easier  your tests you can save the token as a global that you can call on all other endpoints as   Authorization  Bearer   jwt token     On Postman  Then make a Global variable in postman as jwt token   TOKEN STRING   On your login endpoint  To make it useful  add on the beginning of the Tests Tab add   var data   JSON parse responseBody   postman clearGlobalVariable  jwt token    postman setGlobalVariable  jwt token   data jwt token     I am guessing that your api is returning the token as a json on the response as    jwt token   TOKEN STRING    there may be some sort of variation   On the first line you add the response to the data varibale  Clean your Global And assign the value   So now you have your token on the global variable  what makes easy to use           Authorization  Bearer   jwt token   on all your endpoints   Hope this tip helps     EDIT Something to read    About tests on Postman  testing examples    Command Line  Newman    CI  integrating with Jenkins  Nice blog post  master api test automation

User · Answer

Somehow postman didn t work for me  I had to use a chrome extension called RESTED which did work

User · Answer

I had the same issue in Flask and after trying the first 2 solutions which are the same  Authorization  Bearer  lt token gt    and getting this          description    Unsupported authorization type        error    Invalid JWT header        status code   401     I managed to finally solve it by using   Authorization  jwt  lt token gt    Thought it might save some time to people who encounter the same thing

User · Answer

Here is an image if it helps        Update   The postman team added  Bearer token  to the  authorization tab

User · Answer

Open postman  go to  header  field  there one can see  key value   blanks  in key type  Authorization   in value type  Bearer space your access token value     Done

User · Answer

In Postman latest version 7    may be there is no Bearer field in Authorization  So go to Header tab  select key as Authorization and in value write JWT

User · Answer

For people who are using wordpress plugin Advanced Access Manager to open up the JWT Authentication   The Header field should put Authentication instead of Authorization    AAM mentioned it inside their documentation       Note  AAM does not use standard Authorization header as it is skipped    by most Apache servers          Hope it helps someone  Thanks for other answers helped me alot too

User · Answer

If you wish to use postman the right way is to use the headers as such  key  Authorization  value  jwt  token   as simple as that

User · Answer

Here is how to set token this automatically  On your login auth request    Then for authenticated page

User · Answer

Everything else ie  Params  Authorization  Body  Pre-request Script  Tests is empty  just open the Headers tab and add as shown in image  Its the same for GET request as well

[express] Sending JWT token in the headers with Postman

Examples related to express

Examples related to jwt

Examples related to postman