Skip to content

Authentication with API Token is not working #208

New issue
New issue
Open
#209
Open
Authentication with API Token is not working#208
#209
@sebmaurer

Description

@sebmaurer
sebmaurer
opened on Nov 3, 2023

Description

I am using Powershell Version 7.3.4 and encountered a problem when using the authentication with a PersonalAccessToken. First of all the function for invoking the webrequest does not have a parameter called "PersonalAccessToken" so it already fails there when providing the API Token e.g. to the Get-ConfluencePage function with the named parameter "-PersonalAccessToken". Additionally a webrequest implementing token access should use the standard "Token" header and save the token in there as SecureString.

Steps To Reproduce

Using a powershell version of at least 6 and the latest compiled ConfluencePS module, then:

Get-ConfluencePage -BaseURI 'REST_BASE_URI' -PersonalAccessToken 'API_TOKEN' -PageID PAGE_ID

Expected behavior

As my token is valid and I have the correct permissions for accessing this page (tested it manually with a Postman call to the REST endpoint), it should return the page content.

Problem

It is returning nothing, but throwing an error.

Your Environment

I compiled the latest source code of ConfluencePS on my own and imported that.

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.3.4
PSEdition                      Core
GitCommitId                    7.3.4
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Possible Solution

  1. Get-ConfluencePage calls the Invoke-Method function which invokes a WebRequest (see Invoke-Method:130). This is calling the second version of the Invoke-WebRequest function as I use Powershell 7.3.4 (see Invoke-WebRequest:174). But it calls this method with the parameter "PersonalAccessToken" which is not defined for this function.
  2. After quickly fixing the first issue (just adding the parameter to the function declaration) the call of the Microsoft Invoke-Webrequest does not work as this also is not expecting a parameter with name "PersonalAccessToken". But just appending the token to the Authentication header ("Authentication"->"Bearer API_TOKEN") and deleting the parameter from the ones given to the Microsoft Web-Request won't work because in the newer versions the web request is expecting the Token as SecureString in the "Token" header. So the parameter "PersonalAccessToken" has to be transformed into a secure string (maybe also changing it to a secure string in all functions for security reasons) and then set as the parameter "Token". Then it needs to be removed from the parameter list and then everything works (see Invoke-WebRequest:308).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions