PROTOCOL: http-client HEADER Authorization: Bearer token length truncated

Homepage Clovertech Forums Cloverleaf PROTOCOL: http-client HEADER Authorization: Bearer token length truncated

  • Creator
  • #119472
    Jorge Pichardo

    Cloverleaf – I am having an issue conforming the HEADER of the request with the Bearer token. Seems that the string is truncated after 1024 chars in a keyed list after calling the GET { set res [httpget $queryList2] } in the TIME mode. The keyed list is properly set as far I can see. Of course, the response after executing the http GET verb is HTTP/1.1 403 Forbidden due to the truncation. The other params are read correctly as per http-client configuration fields.

    Attached TCL snippet modified based on the “gc_httpClientQuery” provided by Infor samples.

    Any guidance is really appreciated!

    start {
    # grab and store CFGS values for run/time mode —
    # CFGS are only available in start mode.
    keylget args CFGS cfgs
    keylget cfgs URL url
    keylget cfgs HEADERS headers

    set udata {}
    keylset udata Content-Type { application/json }
    keylset udata Authorization { Bearer eyJraWQiOiJRMm9UdXZJRzlDRG5GeU5wbG9ndkowMUVA … }
    set data “”
    keylset queryList2 URL $url DATA $data HEADERS $udata DEBUG $debug

    time {
    # fetch the URL using the specified method
    # the URL used will be taken from NetConfig
    #echo QUERY $queryList
    echo QUERY $queryList2

    set term 0 ; set ctr 0

    while { !$term && ($ctr <= 3) } {

    keylget cfgs METHOD method
    switch -exact — $method {
    PUT { set res [httpput $cfgs] }
    POST { set res [httppost $queryList] }
    GET { set res [httpget $queryList2] }

    echo RESPONSE: $res

    GET { set res [httpget $queryList2] }


Viewing 4 reply threads
  • Author
    • #119473
      Charlie Bursell

      Is it truncated when you execute “echo QUERY $queryList2”?
      Make sure Bearer string does not contain spaces or unprintable characters.

    • #119477
      Jorge Pichardo

      The token doesn’t get truncated in the keyed list echo.

      “giuqF7JywkbiA” from the response (echo RESPONSE: $res) is missing these chars for some reason. No white space seems present in the token string. $res holds output from GET { set res [httpget $queryList2] }

      See engine log:

      [tcl :out :INFO/0: Get_Bundle:01/04/2022 11:49:53] QUERY {URL} {DATA {}} {HEADERS {{Content-Type { application/json }} {Authorization { Bearer eyJraWQiOiJRMm9UdXZJRzlDRG5GeU5wbG9ndkowMUVPUllIXC9IZG1vaHNKMkx1RElIVT0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3aGdnZm01M2l2dTdiOHJvMTdvdG0zZWY4OCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiaHR0cHM6XC9cL2lkcy10ZXN0LWFwaS5iY2hlYWx0aGRldi5jYVwvaWRzLWhhLXZpaGEtdGVzdFwvXC9kZWxldGUgaHR0cHM6XC9cL2lkcy10ZXN0LWFwaS5iY2hlYWx0aGRldi5jYVwvaWRzLWhhLXZpaGEtdGVzdFwvXC9yZWFkIiwiYXV0aF90aW1lIjoxNjQxMzI0MTI1LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuY2EtY2VudHJhbC0xLmFtYXpvbmF3cy5jb21cL2NhLWNlbnRyYWwtMV9YeHNCb3FjckgiLCJleHAiOjE2NDEzMjc3MjUsImlhdCI6MTY0MTMyNDEyNSwidmVyc2lvbiI6MiwianRpIjoiZjNmYmI4OWQtYjc0NS00NzZkLTkwMmYtZDExMzcxNGZhMGMyIiwiY2xpZW50X2lkIjoiN2hnZ2ZtNTNpdnU3YjhybzE3b3RtM2VmODgifQ.kM_e9J0yFq1ntFzrhZK7-85_cjxz53lBnFUzQ4Sl1RauKnSoeZh8uSLILyZ5PD9Mrv7eE5IkiTbDzK7qHRal44rPyvUUEUqdbmZp2TVO1XyoaLR26c7p-cx63a2SmWP1Rz5ZuTUcRSWXe8fq6DEC3YN2Zh-5XnK_gAGFFM50OPFQjEujL5hbFnJ8Of0FsxJAqyoIKmfoDtp0aGEvHD_aNsr0FFocU2jDsy_Bt76bt4DkBUA57Aa_RffzcDqA5IJreTJ95XK579OmH8_IMlyWPrN-q39yk5aC8vqscwv5x5MSIkHryGKfKG3-CBBrGUCffs8_dCNiDgiuqF7JywkbiA }}}} {DEBUG 1}
      * Trying…
      * Connected to ( port 443 (#0)
      * ALPN, offering http/1.1
      * successfully set certificate verify locations:
      * CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
      * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
      * ALPN, server accepted to use http/1.1
      * Server certificate:
      * subject: CN=*
      * start date: Sep 23 00:00:00 2021 GMT
      * expire date: Oct 22 23:59:59 2022 GMT
      * subjectAltName: host “” matched cert’s “*”
      * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
      * SSL certificate verify ok.
      > GET /ids-ha-viha-test/ HTTP/1.1
      User-Agent: Quovadx CISAgent
      Accept: */*
      Authorization: Bearer eyJraWQiOiJRMm9UdXZJRzlDRG5GeU5wbG9ndkowMUVPUllIXC9IZG1vaHNKMkx1RElIVT0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3aGdnZm01M2l2dTdiOHJvMTdvdG0zZWY4OCIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiaHR0cHM6XC9cL2lkcy10ZXN0LWFwaS5iY2hlYWx0aGRldi5jYVwvaWRzLWhhLXZpaGEtdGVzdFwvXC9kZWxldGUgaHR0cHM6XC9cL2lkcy10ZXN0LWFwaS5iY2hlYWx0aGRldi5jYVwvaWRzLWhhLXZpaGEtdGVzdFwvXC9yZWFkIiwiYXV0aF90aW1lIjoxNjQxMzI0MTI1LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAuY2EtY2VudHJhbC0xLmFtYXpvbmF3cy5jb21cL2NhLWNlbnRyYWwtMV9YeHNCb3FjckgiLCJleHAiOjE2NDEzMjc3MjUsImlhdCI6MTY0MTMyNDEyNSwidmVyc2lvbiI6MiwianRpIjoiZjNmYmI4OWQtYjc0NS00NzZkLTkwMmYtZDExMzcxNGZhMGMyIiwiY2xpZW50X2lkIjoiN2hnZ2ZtNTNpdnU3YjhybzE3b3RtM2VmODgifQ.kM_e9J0yFq1ntFzrhZK7-85_cjxz53lBnFUzQ4Sl1RauKnSoeZh8uSLILyZ5PD9Mrv7eE5IkiTbDzK7qHRal44rPyvUUEUqdbmZp2TVO1XyoaLR26c7p-cx63a2SmWP1Rz5ZuTUcRSWXe8fq6DEC3YN2Zh-5XnK_gAGFFM50OPFQjEujL5hbFnJ8Of0FsxJAqyoIKmfoDtp0aGEvHD_aNsr0FFocU2jDsy_Bt76bt4DkBUA57Aa_RffzcDqA5IJreTJ95XK579OmH8_IMlyWPrN-q39yk5aC8vqscwv5x5MSIkHryGKfKG3-CBBrGUCffs8_dCNiD
      Connection: close

      * Mark bundle as not supporting multiuse
      < HTTP/1.1 403 Forbidden
      < Date: Tue, 04 Jan 2022 19:49:54 GMT
      < Content-Type: application/json
      < Content-Length: 27
      < Connection: close
      < x-amzn-RequestId: 64afbf95-c283-4ec5-84e7-561478096a61
      < x-amzn-ErrorType: AccessDeniedException
      < x-amz-apigw-id: Lb6zXHEoYosF4IQ=
      < X-Amzn-Trace-Id: Root=1-61d4a4e2-201674cb5f9a661c03bd87bf
      * Closing connection 0
      [tcl :out :INFO/0: Get_Bundle:01/04/2022 11:49:54] RESPONSE: {STATUS {HTTP/1.1 403 Forbidden
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] }} {HEADERS {Date: Tue, 04 Jan 2022 19:49:54 GMT
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] Content-Type: application/json
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] Content-Length: 27
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] Connection: close
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] x-amzn-RequestId: 64afbf95-c283-4ec5-84e7-561478096a61
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] x-amzn-ErrorType: AccessDeniedException
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] x-amz-apigw-id: Lb6zXHEoYosF4IQ=
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] X-Amzn-Trace-Id: Root=1-61d4a4e2-201674cb5f9a661c03bd87bf
      [tcl :out :INFO/0: Get_Bundle:–/–/—- –:–:–] }} {BODY {{“Message”:”Access Denied”}}}
      [cmd :cmd :INFO/0: Bundle_cmd:01/04/2022 11:49:58] Receiving a command
      [cmd :cmd :INFO/0: Bundle_cmd:01/04/2022 11:49:58] Received command: ‘Get_Bundle pstop’
      [cmd :cmd :INFO/0: Bundle_cmd:01/04/2022 11:49:58] Doing ‘pstop’ command on thread ‘Get_Bundle’
      [prod:prod:INFO/0: Get_Bundle:01/04/2022 11:49:58] Checking for leaked handles in the General interpreter…
      [tcl :out :INFO/0: Get_Bundle:01/04/2022 11:49:58] <No active handles>
      [tcl :out :INFO/0: Get_Bundle:01/04/2022 11:49:58]
      [prod:prod:INFO/0: Get_Bundle:01/04/2022 11:49:58] Checking for leaked handles in the TPS interpreter…
      [tcl :out :INFO/0: Get_Bundle:01/04/2022 11:49:58] <No active handles>
      [tcl :out :INFO/0: Get_Bundle:01/04/2022 11:49:58]
      [cmd :cmd :INFO/0: Bundle_cmd:01/04/2022 11:49:58] Receiving a command
      [cmd :cmd :INFO/0: Bundle_cmd:01/04/2022 11:49:58] Command client went away. Closing connection.
      Engine idle — 01/04/2022 11:50:08

    • #119478
      Charlie Bursell

      Possible that tour authentication token is wrong.
      A JWT is a string with this format:

      It’s just three sections in string separated by dots. Each section is a text encoded using base64-url:
      (base64url-encoded header).(base64url-encoded claims).(base64url-encoded signature)

      I would suspect that the encoded signature is not correct.

      Just a guess. I am by no means an expert or even a good novice when it comes to JSON.

    • #119486
      Jorge Pichardo

      Thanks for the response Charlie. At some point, I thought the token was corrupted or malformed. I decoded it at and everything appears in order. I am successful testing the endpoints for the token retrieval and the GET request using the refresh token with Postman. I am still puzzled on what’s going on.

    • #119487
      Charlie Bursell

      Have you asked the server side to tell you what they don’t like about it? Try it with Curl from the command line. Also you might want to open a Support case.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Forum Statistics

Registered Users
Topic Tags