On the âAuthorizationâ tab, I change type from the default, to âBasicâ and a string of characters automatically appears in both the username and password fields. Where did this text come from? ( I did not enter any key-value pairs in Parameters, Header nor Body) Thanks in advance.
Hi @RedOctober2020,
Welcome to the community!
Great question. From my experience, at some point, those credentials were entered, and as a convenience, postman auto fills those credentials in there. I would check if you have any other request that you have put in credentials for, and see if they match up. Otherwise, I have not seen this experience where they come out of the blue.
Hope this helps!
Orest
Hi Odan. Yes I assumed these values came from a pre-entered key-value pair, but I cannot find where. Iâve checked Parameters, Header and Body. I guess my question shd be: âWhere else in Postman are these values entered, besides Parameters, Header and Body?â
Hi @RedOctober2020,
So these values should be found in another Request, (Or possibly at the Collection level), in the Authorization tab. Some other request or collection should have those basic auth key value pair set.
If not, it might have been set at one time before and not anymore. I canât confirm if it will autofill even after credentials have been removed at the request that initially put in those credentials. Other than that, I canât think of anywhere else you would find them.
Thanks,
Orest
Does anyone else have any ideas where these values are coming from. I create a new collection, I create a new request, I set Auth to Basic⊠and boom⊠those mystery values appear in Username and Password. I tried to decode them from MIME⊠they are not MIME values, they are just strings. I need to solve this, bc Iâm completely stuck until I find out where those values are coming from.
Hi @RedOctober2020,
Depending on how much of a concern it is for you, you can also just uninstall and reinstall the Postman app. If anything, that should clear any cached credentials.
@danny-dainton, is there anything you can chime in here that I may have missed?
Sorry just skimmed this and not really up to speed with whatâs been discussed yet.
If you select that Authentication helper, it will automatically preview the header. That header will be a base64 encoded value so that might explain the âmystery charactersâ as probably encoding some whitespace or something
At no point in the thread has there been an actual visual clue to show people whatâs going on so without an image, itâs like Chinese whispers sometimes
Are you able to provide that as âa picture paints a thousand wordsâ
Is this what youâre seeing?
The Og==
value is a :
character which is the divider between the username and password.
This site will help: https://www.base64decode.org
Iâm confused as to why this is a problem if youâre not using that form of Authentication - If you are using it, are you no just using the actual values you want in there?
I am a new user so your system doesnât allow me to upload an image. The values in question are on the Authorization tab, (not the header tab shown in your image) ⊠username and password. I have checked at the Environment level (there is no environment), collection level,(/edit⊠nothing set there), ⊠I donât know where else to look. Every time I create a new request, those values are automatically populated against my will. Whatâs weird is the values actually work. They get me a 200 OK when I hit the server. But I donât know whoâs account Iâm logging into successfully.
What are the values?
I donât think youâve show those yet right? I might be mistaken.
Have you tried clearing the Workspace history or moving the collection to a new workspace?
There are certain things that are populated by the history of the Workspace, like URLs when you start creating a new request so there might be something within an older request thatâs doing the same thing here.
Iâm just guessing at things here because I have no idea what youâre seeing
Iâm unable to upload an image due to me being a new user, however, the image I tried to upload, I removed the values, so they could not be used by others. they are valid creds and they let me into RingCentral⊠but like I said, I did not enter them, so they are not my creds. They are someone elsesâs valid creds.
Hi @RedOctober2020,
Thanks for sharing the extra details. To be honest, I donât think there is much other way we can help figure this out. This kinda gets into a moral dilemma, and might be useful to somehow notify this user that their credentials were leaked somehow.
As to how they got into Postman, I donât think anyone can really give you a solid answer, and would require a bit of analysis on your computer to see what may have happened, while I doubt they came from Postman, I know strange things do happen.
If anything and you can somehow consistently reproduce this error, then you can log it bug (a pretty serious one at that), but otherwise, I still stand with reinstalling the app. Thats basically all I can think of that I would do.
Best,
Orest