Oxygen XML Forum

Hi all,
I want to process documents that are delivered through APIs (xml or json files) which requires the users to be authenticated.
When I am using a web browser, the requests and paramaters are processed correctly.
When I am using XSLT to fetch the documents, for example with: I get an Error 403.
Is it possible to either pass on the credentials or to store locally the authentication credentials with xslt or in Oxygen?. For information if of any use, here the login includes an "@" and the old method is not supported .
Many thanks in advance for your help!
Dominique

Hi Dominique,

If you try to access from Oxygen a file (that is stored on WebDAV, FTP, HTTP), which requires the users to be authenticated, usually you will revive an authentication dialog. I think that this depends on the authentication method.

You can also add the user and password directly in the URL, something like this: Best Regards,
Octavian

Hi Tavy,
thank you for your reply. Alas, there is no prompt for a login/password and the authentication method http://user:password@site.com/ is not allowed in HTTPS. So, my issue is not solved. Do you have any additional idea?
Cheers

Hello Dominique,

Alas, there is no prompt for a login/password and the authentication method http://user:password@site.com/ is not allowed in HTTPS. So, my issue is not solved.

Actually HTTPS still allows you to specify the username and password as part of the URL (which gets translated into Basic Auth or Digest Auth), but your server may not allow these methods of authentication.

How do you authenticate for that HTTPS server in the web browser (try in a private window)?
If the HTTPS server shows a login page (as opposed to an authentication popup), it's not possible to authenticate the same way from Oxygen. Your HTTPS server may require the use of a specific API for providing the login credentials. While it may be possible to do this from XSLT, it's not very straightforward and it is server API specific.

Regards,
Adrian

Hello Adrian,
thank you very much for your explanations. As a matter of fact, the authentication for the API in a browser is done through a HTML form and not with a popup.
If it helps for a workaround: from the authentification (API html or else), I will get an authentification token, but I don't know how to pass that into the header of a request via xslt.
Do you have any advice?
Again, thank you!
Cheers,
Dominique

Hi,

HTTP Client comes to mind, if you want to mess with the HTTP requests.
Although I must mention I haven't used it before, so take this for what it is, just a possibility to investigate.

Regards,
Adrian

Hi,
have not tested it yet, but seems to be exactly what I need. Thank you for the piece of advice. The documentation and sample pages deal with my issue and I should be able to overcome it.
Cheers,
D