add secrets to request headers

[RandomFractals]

some REST APIs typically use app or api key headers to validate requests.

Would be great to pass those required custom header values from vscode secrets, without adding them as plain text in rest books.

see how to use new Secrets API here: microsoft/vscode#112249 (comment)

[tanhakabir]

oh good point! Thanks for pointing me to the API 😊 I'll into this, this week!

[RandomFractals]

great! simple example would be something along the lines of XYZ requires XYZ-API-KEY header

XYZ-API-KEY: <Key>

not sure how you'd want to demarcate this encrypted key in the header line of your notebook cell.

also, extensions can set those keys too, but maybe your output renderer can have a Secrets tab that allows us to set and reveal those keys used for HTTPS requests.

[tanhakabir]

@RandomFractals hey! added secrets and editing abilities with quick picks

[tanhakabir]

Renamed secrets to be accessible through $SECRETS

[RandomFractals]

@tanhakabir this looks good! with this change, can we also access added secrets when constructing GET urls with query params? Some platforms require app/api keys to be passed that way for their data/service calls.

I'll check it out today. Thanks for this update!

[tanhakabir]

@RandomFractals yep! It's available now! I made the secrets available like variables so you can use them in query params, headers, and bodies 😊

[RandomFractals]

worked like magic. I can't share my actual call screen pic, but here is an anonimized bit I just used for one of my rest endpoint tests:

https://api.<XYZ>.com/api/<serviceName>
    ?from=1475085940
    &to=1619085940
XYZ-API-KEY: $SECRETS.XYZ-API-KEY
XYZ-APPLICATION-KEY: $SECRETS.XYZ-APPLICATION-KEY
Content-Type: application/json

🙌

[dfinke]

I'm trying to authenticate to GitHub with my PAT.

Do I have the right syntax for the Authorization?

[tanhakabir]

Hm let me see there might be a bug for this case! Will have a fix out in the next 1-2 hours

[RandomFractals]

that would be nice. does that mean with that fix we can mock JWT for oauth too via $SECRETS vars? 🤔

I think #24 is potentially related if we can save and get tokens from secrets.

Those would need to be saved and automatically updated for refresh and bearer tokens.

see here for more info: https://www.oauth.com/oauth2-servers/access-tokens/

[RandomFractals]

btw, good way to test OAuth would be using unfolded.ai data sdk that has the whole process nicely documented:

https://docs.unfolded.ai/data-sdk/authentication

my starter kit for unfolded maps is here if you'd like to explore their stack more: https://github.com/RandomFractals/unfolded-maps

they have ipywidget that does data queries, but would be nice to use their data rest end point straight from rest book if oauth 2 is supported.

[tanhakabir]

I didn't look into more complexity with OAuth but fixed the issue @dfinke had

[RandomFractals]

that's fine. I should have added those comments on getting oauth tokens to work in #24.

[dfinke]

Thank you, works.