Bruno

Introduction

Bruno link image is an offline-first, open-source API client that improves collaboration by maintaining a live connection to your version control system, such as Git. With Bruno, collections are stored directly in a folder on your file system, and a plain text markup language called Bru saves information about API requests. Additionally, Bruno enhances data privacy and security since it operates offline. There is no concept of logging in or creating an account, and there is no cloud connection to sync your work in Bruno.

Bruno enables you to send authentication details with your API requests. You can set authentication methods at either the request level or the collection level, allowing all your requests to use the same method if desired. Authentication details can be included in the header, body, or as a parameter with any request in Bruno.

Bruno currently supports OAuth2 authentication.

Installation

Bruno is available as a native desktop app for macOS, Windows, and Linux. For more information, see Download Bruno's Desktop Application link image .

OAuth investigation

The topic looks into OAuth authentication to use Domino REST API using Bruno.

Environment variables

In the APIs used in the OAuth investigation, you will see fields surrounded by double brackets like {{ OAUTHHOST }} or {{ AdminName }}. These fields represent user inputs and should generally not be hard coded. You can use the following as reference:

vars {
  AdminName: John Doe
  OAUTHHOST: http://localhost:8880
  state: someRandomValue
}
vars:secret [
  AdminPassword
]

Get OAuth endpoints

Use the following API to get the OAuth endpoints. Make sure to add the variables in the Vars tab and assertions in the Assert tab as shown in the following images.

Bruno Get OAuth endpoint API

Log in to check the app

Use the following API to log in. Make sure to add the required details in the Body and the Headers tabs, and also add the variables in the Vars tab and assertions in the Assert tab as shown in the following images.

Bruno Post API

Get the scopes

Use the following API to get the scopes. Make sure to add the required details in the Headers tab and add the assertions in the Assert tab as shown in the following images.

Bruno get scope API

Get the app

Use the following API to get the app. Make sure to add the required details in the Headers tab, and also add the variables in the Vars tab and assertions in the Assert tab as shown in the following images.

Bruno get app API

Reset client secret

Use the following API to reset the client secret. Make sure to add the required details in the Body and the Headers tabs. Also add the parameters in the Params tab, the variables in the Vars tab, and the assertions in the Assert tab as shown in the following images.

Important!

Take extra caution when resetting the client secret. You have to update it where ever it's used. Otherwise, you won't be able to establish a connection to the app. Also, make sure to take note of the client secret you will be using.

Bruno reset client secret API

Send OAuth authorization request

Use the following API to send the OAuth authorization request. Make sure to add the parameters in the Params tab, the variables in the Vars tab, the script in the Script tab, and the assertions in the Assert tab as shown in the following images.

Bruno send OAuth auth request API

Send OAuth authorization request after an HTTP 302 response

Use the following API to send the OAuth authorization request after getting an HTTP 302 response.

Bruno send OAuth auth request API after 302

Log in for OAuth acceptance

Use the following API to log in for OAuth acceptance. Make sure to add the required details in the Body and the Headers tabs. Also add the variables in the Vars tab and the assertions in the Assert tab as shown in the following images.

Bruno log in for OAuth acceptance API

Create authorization decision

Use the following API to create the authorization decision. Make sure to add the required details in the Body and the Headers tabs. Also add the variables in the Vars tab, and the assertions in the Assert tab as shown in the following images.

Bruno post authorization decision API

Exchange authorization code for access token

Use the following API to post the authorization decision. Make sure to add the required details in the Body tab. Also add the variables in the Vars tab, and the assertions in the Assert tab as shown in the following images.

Bruno post exchange authorization code API

Check if access token works

Use the following API to get the scopes to check if the access token works. Make sure to add the required details in the Headers tab and the assertions in the Assert tab as shown in the following images.

Bruno get scope to check access token API

Exchange refresh token for access token

Use the following API to exchange the refresh token for the access token. Make sure to add the required details in the Body tab. Also add the variables in the Vars tab, and the assertions in the Assert tab as shown in the following images.

Bruno exchange refresh token to access token API

Check if the refresh token works

Use the following API to get the scopes to check if the refresh token works. Make sure to add the required details in the Headers tab and the assertions in the Assert tab as shown in the following images.

Bruno get scope to check access token API