Hi,

If you want to call a controller with auth='user' you should first get your user id and session_id and then continue from there. You can get the session_details from /web/session/authenticate like this:

session_details = requests.get(url=odoo_url + '/web/session/authenticate', data=json.dumps(data_string), headers=headers)
session_id = str(session_details.cookies.get('session_id'))

Once you have the session details you can set your cookies/values and call the endpoint:

cookies = {
'username': db_username,
'password': db_password,
'session_id': session_id // which we just got in the previous code block
}

requests.get(url=odoo_url + '/web/getUserDetail', params=params, headers=headers, cookies=cookies)

Regards,
Yenthe

To create a custom controller with user authentication in Odoo 13, define your controller class using @http.route and implement the @http.auth decorator for user access. Ensure to handle session management and access rights in your methods accordingly.

As I was searching for Odoo user authentication via Postman and this thread was the best matching result I want to share resulting minimal example

Hopes it will help somebody

Environment: containerized Odoo17

import yaml

from odoo import http, Command
from odoo.http import request

class ExampleController(http.Controller):
    @http.route('/api/v1/example/', type='json', auth='user', methods=['POST'], csrf=True)  
    def create_example(self):
        kwargs = yaml.load(request.httprequest.data) # incoming json data
        resp = some_internal_function(kwargs)
        return resp

Authentication request in postman

http://127.0.0.1:8069/web/session/authenticate

Headers: 
Content-Type: application/json

Body: (raw/JSON)

{
    "params": {
        "db": "my_odoo_dbname",
        "login": "user",
        "password": "their_password"
    }
}

If succeed, in response there will be Cookies section. <>
Copy session_id​ key

Authenticated request in postman

http://127.0.0.1:8069/api/v1/example/

Headers:
Content-Type: application/json/
Cookie: session_id=YOURSESSIONID

Body: (raw/JSON)
YOUR JSON BODY

I have the same problem now, looks like odoo removed session concept since some release.  So the web client session never expires, and there is no session in json-rpc interface at all, only user id is used there.  Did you guys use session id finally?

default on odoo 13 there is no session_id response, but you can add it manual by add:

it from addons: 'Auth Session Info' by Hariprasath.B

# -*- coding: utf-8 -*-

from odoo import models
from odoo.http import request


class Http(models.AbstractModel):
    _inherit = 'ir.http'

    def session_info(self):
        res = super(Http, self).session_info()
        if not res.get('session_id'):
            # Add Session Id
            res['session_id'] = request.session.sid
        return res

@Niyas , the response is as you got. But if you try session_details.cookies.get('session_id') will get session_id definitely.

In Odoo 13 the session_id is in cookies

Hi,

As the auth='user' is given,  the route the controller will be accessible only for the authenticated users, else it will show some invalid or session_expired response .

Issue 1: I have checked some custom functions using the postman application and it seems working fine with auth='user' , if there is no valid session_id it will ask to authenticate first. In your case can you try the same with the postman application and confirm.

Issue 2: For authentication use the controller, /web/session/authenticate .

See the detailed Video Here: Authentication, Fetching Data & Creating Records Using Controller

Thanks