Insomnia: [Feature Request] Create "reusable" authentication

Created on 26 Jun 2017 · 11Comments · Source: Kong/insomnia

Sometimes we have to work on the same API that requires an authentication, but in order to mas requests, we have to duplicate the request to duplicate the authentication and this leads to a bad behavior, since each request have a different token (OAuth2), the previous generated token gets invalidated and a new token is generated every request.

Using a "reusable" authentication will allow the requests to use an already working authentication method and without having to renew the token every request.

stale

Source

lucraraujo

👍4

Most helpful comment

This is definitely something that still needs implemented. It's not even something that Postman does reasonably.

Please consider reopening.

damianb on 5 Sep 2018

👍11

All 11 comments

Hmm, I swear there was an issue for this already, but I guess it was only in my head 😄

I was thinking of solving this with a template tag to generate an Authorization header. Then, you could assign the OAuth authentication to an environment variable, and use it as a header for your requests.

gschier on 26 Jun 2017

I was talking to a colleague about this feature and we think that a cool way to solve this is to create an Auth method the same way we create requests.
I'm not good at drawing things but, my ideia involves create a tab to organize the auth methods like we organize request (Maybe the directory thing is not necessary)
Here's and example:
feature request
And in the Auth tab under the request config, we could create or select an auth setting.
Example:
feature request2

I'm tempted to implement this feature, but my lack of time and knowledge in NodeJS and Electron is holding me back.

lucraraujo on 26 Jun 2017

Thanks for the mockups @lucraraujo. Your drawings were good enough to get the point across 👍 😄

While I think your idea would work as an isolated feature, I think implementing reusable auth as a template tag would better fit with how the rest of the app works, keeping the overall experience consistent and easy to learn.

Template tags and environments were specifically designed to facilitate problems like this. And, the UX would not be far off of what you suggested.

Here are some advantages of providing reusable auth as a template tag instead of a standalone feature:

Offers the benefits of being able to be used inside environment variables
Easy to define production/staging/development setup and switch between them
Users familiar with template tags already know how it works and what can be done
No additional UI complexity for users who don't need it (simplicity is a core feature of Insomnia)

And here is what the flow would look like:

Open environments editor
Add new variable and set value to be the "Authorization" tag
Click on tag to fill in authentication details (select OAuth 2.0, enter credentials, etc)
Reference the variable in each request it's needed

gschier on 27 Jun 2017

Exposing reusable auth as a template tag would be great for our usage. The service we are using bundles up some information into a JSON base64 encoded "token", which includes the access token. The only way to do this right now is to create an environment variable and paste in the "token" from an external tool when the internal access token goes stale. Exposing the auth as a template tag would be great as we could then include that in the "token" and base64 encode it on the fly (I think).

DISCLAIMER: I am new to Insomnia coming from a Postman-only background, this capability is not available in Postman either.

Andacious on 3 Aug 2017

I definitely think there needs to be some way to use an authentication mechanism for multiple requests. APIs I work with have 50-100 API endpoints, and having to copy-paste the OAuth2 config for each request is brutal. I actually wrote a script to modify the insomnia data file directly when OAuth2 was released to avoid the manual work of duplicating the OAuth2 config.

That being said, I could live with defining the OAuth2 config somewhere else and then letting it be re-used in requests that pull from the environment variables.

meagerman on 17 Aug 2017

I've been thinking about this problem for a while, and think I've finally come up with something that will work. Can each of you take a look at this issue and submit any feedback that you have? https://github.com/getinsomnia/insomnia/issues/447

gschier on 18 Aug 2017

Hi @gschier

I read #447, look good for usage we have. Do you have any roadmap for this feature ?

Sincerely

thibaultmeyer on 9 Oct 2017

Thanks for the feedback @0xbaadf00d. I can't give you an official roadmap (since there isn't one), but I _can_ tell you that Parent Requests will be the next major feature to be worked on 😄

gschier on 9 Oct 2017

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.