Avatar

Get X-Cybozu-Authorization token of logged in user in Javascript

Mauri Pastorini

Hello, I am trying to get the X-Cybozu-Authorization token on javascript so I can send it to my server and get records based on the permissions that has this token (user).

How can I do this? I imagine something like kintone.getUserToken()

I also check the cookies that Kintone saves, but it seems that it manages sessions, it doesnt store this token.

Thank you

Follow 2 followers
2

3 comments

Avatar
Junko Werner 0 votes

X-Cybozu-Authorization is placed in the request header with a BASE64 encoded login name and password to perform the password authentication.

Under "Authentication" at Kintone REST API Overview
https://developer.kintone.io/hc/en-us/articles/212495188-Kintone-REST-API-Overview

There is no getUserToken() method in kintone, so we need to ask you to input a base64 encoded value of "Log_in_name:password" using such the following site instead.

https://www.base64encode.org/

0
Comment actions Permalink
Avatar
Mauri Pastorini 1 vote

Hello Junko, thank you for your response, I understand that. The thing is that I am on kintone javascript frontend, where the user is already logged in on kintone. Now I need from the “create record” page, a token of the user logged in so I send it to my server and make http requests to kintone api from my server with user token.
Hope it makes sense

1
Comment actions Permalink
Avatar
Junko Werner 1 vote

Hi Mauri ,

Thank you for the additional info.

If you have already logged into Kintone and want to run the REST API with the JavaScript files, session authentication (Not X-Cybozu-Authorization) is used based on the permissions of the logged-in user.
In Kintone, there is no API to obtain session information.
And there is no way to use the session information held on the browser side to run the API from an external server.

▼ User Authentication
https://developer.kintone.io/hc/en-us/articles/115008478208-User-API-Overview

As you are aware, when you run the Kintone REST API from an external server, you will need one of the following authentications:

○ Password authentication(X-Cybozu-Authorization)
Required information: BASE64 encoded value for "Login Name: Password"

○ API token authentication
Required information: API token generated by the app

Kintone does not provide an API to obtain the information required for each authentication,
so it is necessary to include the information in the source code.

I hope it helps this time.

One more thing,
regarding the website(https://www.base64encode.org/) I referred at the previous post,
because there is a risk of leaving the username and password to a third party, I think it would be better to encode it with the btoa() method in the browser console.

https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/btoa

Here is an example of code.

var usernamepassword = "chocolate:pudding";
var encodedData = btoa(usernamepassword);
console.log(encodedData);

Thank you.

Junko

1
Comment actions Permalink