topic RE: BP 6.10 - HTTP Request - Follow Authorization Header in Product Forum

BP 6.10 - HTTP Request - Follow Authorization Header

SunilSharma1 — Tue, 19 Jul 2022 13:10:00 GMT

Hello fellow members,

i am currently working on a project where i need to send API request. I am able to connect using postman and i tried replicate same settings on HTTP VBO. However there is one unique setting "Follow Authorization Header" which needs to be enabled, as server is using AD info to authenticate in the backend. I am wondering how can i pass this value from HTTP VBO?

I tried passing it in the header as "FollowAuthorizationHeader: True". It did not work.

Thank you in advance,

------------------------------
Sunil Sharma
------------------------------

RE: BP 6.10 - HTTP Request - Follow Authorization Header

ewilson — Tue, 19 Jul 2022 14:35:00 GMT

Hello @SunilSharma1,

The setting Follow Authorization header in Postman is not an HTTP header value. In other words there is no such thing as an HTTP header called FollowAuthorizationHeader. What that setting does is instruct Postman to send the existing Authorization header, from the initial request, along with the next request if it has been redirected by the server to another URL. This is usually in response to a HTTP 3xx code (ex. 307).

Are you using the latest version of the Utility - HTTP VBO available on the DX, or are you using the version of the VBO that ships with the software?

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

RE: BP 6.10 - HTTP Request - Follow Authorization Header

SunilSharma1 — Tue, 19 Jul 2022 14:42:00 GMT

Hello @ewilson

Thank you for your response. You are right, that setting enables api server to send authorization header to different host if needed. In our organization common objects are managed and controlled by COE. I am not sure which version of VBO is uploaded. I have added screen shot for your reference.

I am trying to find out if this flag could be enabled from the HTTP VBO itself.

------------------------------
Sunil Sharma
------------------------------

RE: BP 6.10 - HTTP Request - Follow Authorization Header

ewilson — Tue, 19 Jul 2022 15:10:00 GMT

@SunilSharma1,

That's the older VBO that ships with the software. The most recent HTTP VBO can be found at the link below:

https://digitalexchange.blueprism.com/dx/entry/3439/solution/utility---http

The issue you're running into is that, by default, the Authorization header is cleared on any redirect. This is a security measure. In the latest HTTP VBO there is an option to disable following auto-redirects. You may be able to leverage that to address your problem.

In a nutshell you would do everything the way are currently, but you would set the parameter Allow Auto Redirection to False. When you issue the first HTTP request, you should receive a 3xx HTTP response (ex. 307). You would then issue another HTTP request with the same credentials (i.e. Authorization header) that you had on the initial request to the redirected URL which should be included in the Response headers from the initial request.

Cheers,

------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------