I have a Serenity-is webapp. What I want to do is to use it's API from an external app.
To do it, I am trying to provide an external login, but I don't understand the required request from Serenity-is webapp.
The default endpoint is ~/Account/Login so I made a post call to my-url.com/account/login with this payload in the body:
{
'Username' : 'myUsername',
'Password' : 'myPassword'
}
but everytime I receive:
error 400: Bad request
I'm sure that credentials are right and probably I'm missing some key concept about Serenity's login authentication. I would expect to receive status 200 and maybe a token in the response or something similar, but I'm not sure about it.
I finally found the answer.
By default, Serenity use bearer tokens.
It require to send at first a POST request with a bearer token in the header (without this, it will always be status 400, you can use something like "Bearer abcdefg123456789hijklmno", I suggest to use a Guid generator so you can make unique codes) and a body like { "Username": "user", "Password": "pass" }, in this way the server will answer with status 200. The server will take the bearer token and will make a "CSRF-TOKEN", but will not put it in the answer, so it's necessary to make a GET to "/" endpoint and in the cookies, into "set-cookies" there is the "CSRF-TOKEN". After parsing the cookies string and extrapolating the "CSRF-TOKEN" it will have to be put in the header in every following call.
I was not sending the bearer token expecting it as an answer, instead it had to be generated by the caller.