concept follow curl command in category microservice

This is an excerpt from Manning's book Microservices Security in Action.
Assuming that you still have a valid
orderId
(d59dbd56-6e8b-4e06-906f-59990ce2e330
) from a successful request to thePOST /orders
operation, try to make aGET /orders/{id}
request with the preceding token to see whether it’s successful. You can use the following curl command to make this request. Note that theorderId
used in the example won’t be the sameorderId
you got when you tried to create an order yourself. Use the one that you received instead of the one used in this example. Also make sure to replace the value of the token in theAuthorization
header with what you got in section 2.5.1:
Run the following
curl
command, which talks to the STS and gets a JWT. You should be familiar with the request, which is a standard OAuth 2.0 request following the password grant type. We use password grant type here only as an example, and for simplicity. In a production deployment, you may pick authorization code grant type or any other grant type that fits better for your use cases. (In appendix A, we discuss OAuth 2.0 grant types in detail.)
Now let’s invoke the Order Processing microservice with the following
curl
command with no security token. As expected, you should see an error message:\> curl -k https://localhost:9443/orders/11 {"error":"unauthorized","error_description": "Full authentication is required to access this resource"}To invoke the Order Processing microservice with proper security, you need to get a JWT from the STS using the following
curl
command. This example assumes that the security token service discussed in the preceding section still runs on HTTPS port 8443. For clarity, we removed the long JWT in the response and replaced it with the valuejwt_access_token
:\> curl -v -X POST --basic -u applicationid:applicationsecret \ -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" \ -k -d "grant_type=password&username=peter&password=peter123&scope=foo" \ https://localhost:8443/oauth/token { "access_token":"jwt_access_token", "token_type":"bearer", "refresh_token":"", "expires_in":1533280024, "scope":"foo" }Now let’s invoke the Order Processing microservice with the JWT we got from the
curl
command. Set the same JWT in the HTTP Authorization Bearer header using the followingcurl
command and invoke the Order Processing microservice. Because the JWT is a little lengthy, you can use a small trick when using thecurl
command. First, export the JWT to an environmental variable (TOKEN
), and then use that environmental variable in your request to the Order Processing microservice: