How can I get the REST User in the Authentication microflow?

0
Hi everyone, is there a way to get the current user in the Published REST service authentication custom microflow? In the Authentication microflow $currenUser is shown to be empty. Thanks you in advance, Andreas   P.S. I am using a Custom Authentication with Microflow but can’t get the current used who has send in the Request with user and password for further authentication
asked
5 answers
1

You have a authentication microflow to determine the user. That means that the current user is not known yet.

If you want to identify the user by username and password, you don’t need an authentication microflow, you can select Username and password authentication.

answered
0

So you want to have basic authentication and more? The different authentication options allow different ways of authentication. So clients can use basic authentication or custom authentication.

If you want to do basic authentication and more, you have two options:

  • Don’t use the authentication microflow, but do whatever you want to do more in the operation microflow. If this functionality is shared by different operations, you can put it in a separate microflow and start each operation microflow with a call to that microflow.
  • Implement basic authentication yourself in the authentication microflow. Get the Authentication header, parse its value (username:password encoded base64), get the user with that username and password.
answered
0

> first the custom authentication is done and  then the basic authentication

Custom authentication and basic authentication are alternatives, so users either authenticate via the one mechanism or the other. It’s not and. If the custom authentication does not authenticate the user (the microflow returns empty), the system will attempt to authenticate the user using basic authentication.

> Do I realy need to implement the basic authentication myself

No. I would suggest you don’t use custom authentication. Use basic authentication. What you were doing in the authentication microflow, do that in the operation microflow.

answered
0

Hi Joost, thanks for your reply and explanation!

Looking at the flow chart in the documentation:

https://docs.mendix.com/refguide/published-rest-routing

I see that first the custom authentication is done and  then the basic authentication. Can I not just use it un this order?

Do I realy need to implement the basic authentication myself (or do you have an any example how to do it (with the mendix internal hashing)

Thanks, Andreas

answered
0

Hi Joost, thanks for your help:

I tried to implement your second proposal, but my problem is that i did not find a way how I would then respond with a HTTPresponse e.g. with an error, like it happens in the custom or basic authentication.

Do you know a way to do it? Or is there an example of basic authentication microflow that I can reuse and extend? 

Thanks, Andreas

answered