I'm stuck with this and I can't get anything except the encrypted password of the user which is not accepted by the User_Login function in OnAuthentication
Can you help?
You have a REST method exposed (RESTAPIMethod1) with Basic Authentication, and you're trying to test it from an OutSystems application by passing information from the Users entity. However, please note that the User table does not store passwords in plain text or encrypted form; instead, it stores a password hash, so you cannot retrieve the actual password. To test the API, you need to explicitly provide the username and password.
Hello SiyaThank you for your response,
You are right I can't store the user password from the database as plain text and this is my problem
The basic authentication in API requires the actual user password as plain text and I need to authentic the user without him entering the password every time he tries to access any screen
I need a solution for that to I can use authentication programmatically to access the user role also from the exposed module and apply the authorization
Best regards
Extracting passwords from the OutSystems Users entity is not possible.
Regarding your scenario, why not call the Server action directly instead of consuming the REST API hosted in the same environment? If calling the API is necessary, I suggest using Custom Authentication. In this approach, pass some unique 'ids' to identify the user at the API end. For example, before calling the API, create a unique ID (an encrypted string containing the user ID, timestamp, etc.) and send it to the API. Decrypt and validate the data on the API side (rejecting expired tokens using the timestamp). Both your application and the API should know the key for encryption and decryption.
You can refer to Add Custom Authentication to an Exposed REST API .
The basic authentication in API requires the actual user password as plain text
That is very, very bad practice. You should never use plain text passwords that are also login passwords for users.
Hi @Omar Hassouna ,
What is the process that you want to achieve? Based on the screenshots, it seems that from your mobile, you want to pass the username and password of the logged in user to the RESTAPI so you can pass through the OnAuthentication and proceed with the action that you want.
In this case, you can do the following instead:
1. Create a separate API User (name it as you like) that you will use to authenticate for API Calls. This means you will not use the logged in user's credentials but using another one that you know or the system knows (you can set the username and password for this API User in the Site Properties).
2. Use the API User's values in the Authorization
3. You can always pass the UserId as an input to your REST API and get whatever information you need in the actual method using this value (e.g. getting the role of the logged in user in the mobile app). This can also help for you to track which user is calling the API.
Regards,Bryan