Koha API - Authentication Failure
Hi, I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are 1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response If anyone has any idea why this is happening, please let me know. Thanks in advance, Aswin
Aswin - are you using the correct URL to call your custom endpoint. It should be under the contrib namespace e.g. https://<SERVERNAME>/api/v1/contrib/<customname> Stephen -----Original Message----- From: Koha <koha-bounces@lists.katipo.co.nz> On Behalf Of Aswin Unnikrishnan Sent: 17 May 2021 13:40 To: Discussion Group Koha <koha@lists.katipo.co.nz> Subject: [Koha] Koha API - Authentication Failure Hi, I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are 1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response If anyone has any idea why this is happening, please let me know. Thanks in advance, Aswin _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace). BTW: All routes also have some required permissions you should take a look at. Specific ones. Kind regards El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
Thanks Stephen, Tomas for the quick response. Aswin - are you using the correct URL to call your custom endpoint. It
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server. Does the user (owner of the id/secret pair) have privileged access to Koha?
Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response. Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this [authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong? Thanks, Aswin On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
Could it be an issue with Apache? When we first started using the API we had an auth issue and our hosting company said: “By default Apache strips out Authorization headers and it is necessary to explicitly tell it not to do that when you're trying to pass authorisation tokens through in the Authorization header. The Apache directive that does this is CGIPassAuth: https://httpd.apache.org/docs/trunk/mod/core.html#cgipassauth Could this be the issue and you need to change the Koha apache to do this? Stephen From: Aswin Unnikrishnan <aswinunni01@gmail.com> Sent: 17 May 2021 15:53 To: Tomas Cohen Arazi <tomascohen@gmail.com>; Stephen Graham <s.graham4@herts.ac.uk> Cc: Discussion Group Koha <koha@lists.katipo.co.nz> Subject: Re: [Koha] Koha API - Authentication Failure Thanks Stephen, Tomas for the quick response. Aswin - are you using the correct URL to call your custom endpoint. It should be under the contrib namespace e.g. The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server. Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace). Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response. Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this [authz_core:error] [pid 25846] AH01630: client denied by server configuration: /usr/share/koha/api/v1/.html Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong? Thanks, Aswin On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com<mailto:tomascohen@gmail.com>> wrote: Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace). BTW: All routes also have some required permissions you should take a look at. Specific ones. Kind regards El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<aswinunni01@gmail.com<mailto:aswinunni01@gmail.com>>) escribió: Hi, I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are 1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response If anyone has any idea why this is happening, please let me know. Thanks in advance, Aswin _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha -- Tomás Cohen Arazi Theke Solutions (http://theke.io<http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F
Are you running Plack? El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (<aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint. It
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Does the user (owner of the id/secret pair) have privileged access to
Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
Thanks for pointing that out Stephen, I will have to look into that, it might be the issue here. Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log I will try out the apache CGIPass method as Stephen suggested and get back if it works. Thanks, Aswin On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint. It
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Does the user (owner of the id/secret pair) have privileged access to
Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
Check the plack*.log files in the logs El lun., 17 may. 2021 14:53, Aswin Unnikrishnan <aswinunni01@gmail.com> escribió:
Thanks for pointing that out Stephen, I will have to look into that, it might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint. It
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Does the user (owner of the id/secret pair) have privileged access to
Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
My documented steps to make sure OAuth2 is working are here: https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time... Best, Ere Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
Thanks for pointing that out Stephen, I will have to look into that, it might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint. It
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Does the user (owner of the id/secret pair) have privileged access to
Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
Thank you so much guys, Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked! SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag . Thanks, Aswin On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi> wrote:
My documented steps to make sure OAuth2 is working are here:
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time...
Best, Ere
Thanks for pointing that out Stephen, I will have to look into that, it might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint. It
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Does the user (owner of the id/secret pair) have privileged access to
Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than
the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to
staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than
Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: those in the those in
the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Hi,
I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are
1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure
However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response
If anyone has any idea why this is happening, please let me know.
Thanks in advance, Aswin _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Ere Maijala Kansalliskirjasto / The National Library of Finland _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using? If not, then this is something we should patch in the Koha packages for everyone. Kind regards El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi> wrote:
My documented steps to make sure OAuth2 is working are here:
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time...
Best, Ere
Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
Thanks for pointing that out Stephen, I will have to look into that, it might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint.
should be under the contrib namespace e.g.
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than
Does the user (owner of the id/secret pair) have privileged access to those in
the /api/v1/public namespace).
Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server
configuration: /usr/share/koha/api/v1/.html
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi < tomascohen@gmail.com> wrote:
Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace).
BTW: All routes also have some required permissions you should take a look at. Specific ones.
Kind regards
El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
> Hi, > > I wanted to build an app that uses the koha API, and so i was testing it > out, but I keep getting "Authentication Failure" error whichever end > point > I try to access. > The steps i did are > > 1. Got the client_id / secret from koha > 2. Sent a POST request to api/v1/oauth/token with required
It parameters
> and > got an "access_token" returned > 3. Added the token to my authorization header with header-prefix > "Bearer" > 4. Sent a GET request to different end points, but getting the same 401 > Unauthorized error code with error : Authentication failure > > However if i access one of the public end points like > /api/v1/biblios/{biblio_id} i can get a response > > If anyone has any idea why this is happening, please let me know. > > Thanks in advance, > Aswin > _______________________________________________ > > Koha mailing list http://koha-community.org > Koha@lists.katipo.co.nz > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha >
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Ere Maijala Kansalliskirjasto / The National Library of Finland _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Nope, were using the default apache configurations. Nothing special On Sat, 22 May 2021 at 20:46, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using?
If not, then this is something we should patch in the Koha packages for everyone.
Kind regards
El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi> wrote:
My documented steps to make sure OAuth2 is working are here:
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time...
Best, Ere
Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
Thanks for pointing that out Stephen, I will have to look into that,
might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com
wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
Thanks Stephen, Tomas for the quick response.
Aswin - are you using the correct URL to call your custom endpoint. It > should be under the contrib namespace e.g. >
The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server.
Does the user (owner of the id/secret pair) have privileged access to > Koha? Remember it needs to have permissions to enter the staff interface > (the 'catalogue' permission) in order to access routes (other than those in > the /api/v1/public namespace). > Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response.
Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this
[authz_core:error] [pid 25846] AH01630: client denied by server > configuration: /usr/share/koha/api/v1/.html >
Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong?
Thanks, Aswin
On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi < tomascohen@gmail.com> wrote:
> Does the user (owner of the id/secret pair) have privileged access to > Koha? Remember it needs to have permissions to enter the staff interface > (the 'catalogue' permission) in order to access routes (other than those in > the /api/v1/public namespace). > > BTW: All routes also have some required permissions you should take a > look at. Specific ones. > > Kind regards > > El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > aswinunni01@gmail.com>) escribió: > >> Hi, >> >> I wanted to build an app that uses the koha API, and so i was testing it >> out, but I keep getting "Authentication Failure" error whichever end >> point >> I try to access. >> The steps i did are >> >> 1. Got the client_id / secret from koha >> 2. Sent a POST request to api/v1/oauth/token with required
it parameters
>> and >> got an "access_token" returned >> 3. Added the token to my authorization header with header-prefix >> "Bearer" >> 4. Sent a GET request to different end points, but getting the same 401 >> Unauthorized error code with error : Authentication failure >> >> However if i access one of the public end points like >> /api/v1/biblios/{biblio_id} i can get a response >> >> If anyone has any idea why this is happening, please let me know. >> >> Thanks in advance, >> Aswin >> _______________________________________________ >> >> Koha mailing list http://koha-community.org >> Koha@lists.katipo.co.nz >> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha >> > > > -- > Tomás Cohen Arazi > Theke Solutions (http://theke.io) > ✆ +54 9351 3513384 > GPG: B2F3C15F >
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Ere Maijala Kansalliskirjasto / The National Library of Finland _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
OS anda Koha version? El dom., 23 may. 2021 1:06 a. m., Aswin Unnikrishnan <aswinunni01@gmail.com> escribió:
Nope, were using the default apache configurations. Nothing special
On Sat, 22 May 2021 at 20:46, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using?
If not, then this is something we should patch in the Koha packages for everyone.
Kind regards
El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi> wrote:
My documented steps to make sure OAuth2 is working are here:
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time...
Best, Ere
Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
Thanks for pointing that out Stephen, I will have to look into that,
might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi < tomascohen@gmail.com> wrote:
Are you running Plack?
El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< aswinunni01@gmail.com>) escribió:
> Thanks Stephen, Tomas for the quick response. > > Aswin - are you using the correct URL to call your custom endpoint. It >> should be under the contrib namespace e.g. >> > > The app i am making is not part of koha, its a seperate web app which > makes calls to /api/v1/ end points of the koha server. > > Does the user (owner of the id/secret pair) have privileged access to >> Koha? Remember it needs to have permissions to enter the staff interface >> (the 'catalogue' permission) in order to access routes (other than those in >> the /api/v1/public namespace). >> > Yes, the user has permission set to access all librarian functions, I > also tried accessing the api end point via browser after logging in to the > staff portal with this user, and im getting the correct response. > > Im also not able to access api/v1/.html from the browser, it gives a 403 > Error page. I checked the error logs and found this > > [authz_core:error] [pid 25846] AH01630: client denied by server >> configuration: /usr/share/koha/api/v1/.html >> > > > Is there any logging systems in place which could give more info > regarding the authorization failure error? or any idea whats wrong? > > Thanks, > Aswin > > > On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi < tomascohen@gmail.com> > wrote: > >> Does the user (owner of the id/secret pair) have privileged access to >> Koha? Remember it needs to have permissions to enter the staff interface >> (the 'catalogue' permission) in order to access routes (other than those in >> the /api/v1/public namespace). >> >> BTW: All routes also have some required permissions you should take a >> look at. Specific ones. >> >> Kind regards >> >> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< >> aswinunni01@gmail.com>) escribió: >> >>> Hi, >>> >>> I wanted to build an app that uses the koha API, and so i was testing it >>> out, but I keep getting "Authentication Failure" error whichever end >>> point >>> I try to access. >>> The steps i did are >>> >>> 1. Got the client_id / secret from koha >>> 2. Sent a POST request to api/v1/oauth/token with required
it parameters
>>> and >>> got an "access_token" returned >>> 3. Added the token to my authorization header with header-prefix >>> "Bearer" >>> 4. Sent a GET request to different end points, but getting the same 401 >>> Unauthorized error code with error : Authentication failure >>> >>> However if i access one of the public end points like >>> /api/v1/biblios/{biblio_id} i can get a response >>> >>> If anyone has any idea why this is happening, please let me know. >>> >>> Thanks in advance, >>> Aswin >>> _______________________________________________ >>> >>> Koha mailing list http://koha-community.org >>> Koha@lists.katipo.co.nz >>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha >>> >> >> >> -- >> Tomás Cohen Arazi >> Theke Solutions (http://theke.io) >> ✆ +54 9351 3513384 >> GPG: B2F3C15F >> >
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Ere Maijala Kansalliskirjasto / The National Library of Finland _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Debian Linux 9 and koha 19.11 On Sun, May 23, 2021, 6:02 PM Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
OS anda Koha version?
El dom., 23 may. 2021 1:06 a. m., Aswin Unnikrishnan < aswinunni01@gmail.com> escribió:
Nope, were using the default apache configurations. Nothing special
On Sat, 22 May 2021 at 20:46, Tomas Cohen Arazi <tomascohen@gmail.com> wrote:
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using?
If not, then this is something we should patch in the Koha packages for everyone.
Kind regards
El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi> wrote:
My documented steps to make sure OAuth2 is working are here:
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time...
Best, Ere
Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
Thanks for pointing that out Stephen, I will have to look into
might be the issue here.
Tomas, I am not exactly sure if we have plack running or not. Plack seems to be enabled, but plack logs are all empty. the logs are all at intranet-error.log and opac-error.log
I will try out the apache CGIPass method as Stephen suggested and get back if it works.
Thanks, Aswin
On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi < tomascohen@gmail.com> wrote:
> Are you running Plack? > > El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > aswinunni01@gmail.com>) escribió: > >> Thanks Stephen, Tomas for the quick response. >> >> Aswin - are you using the correct URL to call your custom endpoint. It >>> should be under the contrib namespace e.g. >>> >> >> The app i am making is not part of koha, its a seperate web app which >> makes calls to /api/v1/ end points of the koha server. >> >> Does the user (owner of the id/secret pair) have privileged access to >>> Koha? Remember it needs to have permissions to enter the staff interface >>> (the 'catalogue' permission) in order to access routes (other
>>> the /api/v1/public namespace). >>> >> Yes, the user has permission set to access all librarian functions, I >> also tried accessing the api end point via browser after logging in to
those in the
>> staff portal with this user, and im getting the correct response. >> >> Im also not able to access api/v1/.html from the browser, it gives a 403 >> Error page. I checked the error logs and found this >> >> [authz_core:error] [pid 25846] AH01630: client denied by server >>> configuration: /usr/share/koha/api/v1/.html >>> >> >> >> Is there any logging systems in place which could give more info >> regarding the authorization failure error? or any idea whats wrong? >> >> Thanks, >> Aswin >> >> >> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi < tomascohen@gmail.com> >> wrote: >> >>> Does the user (owner of the id/secret pair) have privileged access to >>> Koha? Remember it needs to have permissions to enter the staff interface >>> (the 'catalogue' permission) in order to access routes (other
those in
>>> the /api/v1/public namespace). >>> >>> BTW: All routes also have some required permissions you should take a >>> look at. Specific ones. >>> >>> Kind regards >>> >>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< >>> aswinunni01@gmail.com>) escribió: >>> >>>> Hi, >>>> >>>> I wanted to build an app that uses the koha API, and so i was testing it >>>> out, but I keep getting "Authentication Failure" error whichever end >>>> point >>>> I try to access. >>>> The steps i did are >>>> >>>> 1. Got the client_id / secret from koha >>>> 2. Sent a POST request to api/v1/oauth/token with required
that, it than than parameters
>>>> and >>>> got an "access_token" returned >>>> 3. Added the token to my authorization header with header-prefix >>>> "Bearer" >>>> 4. Sent a GET request to different end points, but getting the same 401 >>>> Unauthorized error code with error : Authentication failure >>>> >>>> However if i access one of the public end points like >>>> /api/v1/biblios/{biblio_id} i can get a response >>>> >>>> If anyone has any idea why this is happening, please let me know. >>>> >>>> Thanks in advance, >>>> Aswin >>>> _______________________________________________ >>>> >>>> Koha mailing list http://koha-community.org >>>> Koha@lists.katipo.co.nz >>>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha >>>> >>> >>> >>> -- >>> Tomás Cohen Arazi >>> Theke Solutions (http://theke.io) >>> ✆ +54 9351 3513384 >>> GPG: B2F3C15F >>> >> > > -- > Tomás Cohen Arazi > Theke Solutions (http://theke.io) > ✆ +54 9351 3513384 > GPG: B2F3C15F > _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
-- Ere Maijala Kansalliskirjasto / The National Library of Finland _______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Do you mean OAuth2 is working for you without anything special in Apache config? I've not been that fortunate yet, though it might depend on whether authentication plugins are enabled in Apache. --Ere Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15:
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using?
If not, then this is something we should patch in the Koha packages for everyone.
Kind regards
El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>> wrote:
> My documented steps to make sure OAuth2 is working are here: > > > https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20> > > This may be useful for you. I suppose it would make sense to document > this properly in Koha wiki as well, I just haven't had time... > > Best, > Ere > > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: > > Thanks for pointing that out Stephen, I will have to look into that, it > > might be the issue here. > > > > Tomas, I am not exactly sure if we have plack running or not. Plack > seems > > to be enabled, but plack logs are all empty. the logs are all at > > intranet-error.log and opac-error.log > > > > I will try out the apache CGIPass method as Stephen suggested and get > back > > if it works. > > > > Thanks, > > Aswin > > > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com <mailto:tomascohen@gmail.com>> > > wrote: > > > >> Are you running Plack? > >> > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > >> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>) escribió: > >> > >>> Thanks Stephen, Tomas for the quick response. > >>> > >>> Aswin - are you using the correct URL to call your custom endpoint. It > >>>> should be under the contrib namespace e.g. > >>>> > >>> > >>> The app i am making is not part of koha, its a seperate web app which > >>> makes calls to /api/v1/ end points of the koha server. > >>> > >>> Does the user (owner of the id/secret pair) have privileged access to > >>>> Koha? Remember it needs to have permissions to enter the staff > interface > >>>> (the 'catalogue' permission) in order to access routes (other than > those in > >>>> the /api/v1/public namespace). > >>>> > >>> Yes, the user has permission set to access all librarian functions, I > >>> also tried accessing the api end point via browser after logging in to > the > >>> staff portal with this user, and im getting the correct response. > >>> > >>> Im also not able to access api/v1/.html from the browser, it gives a > 403 > >>> Error page. I checked the error logs and found this > >>> > >>> [authz_core:error] [pid 25846] AH01630: client denied by server > >>>> configuration: /usr/share/koha/api/v1/.html > >>>> > >>> > >>> > >>> Is there any logging systems in place which could give more info > >>> regarding the authorization failure error? or any idea whats wrong? > >>> > >>> Thanks, > >>> Aswin > >>> > >>> > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com <mailto:tomascohen@gmail.com>> > >>> wrote: > >>> > >>>> Does the user (owner of the id/secret pair) have privileged access to > >>>> Koha? Remember it needs to have permissions to enter the staff > interface > >>>> (the 'catalogue' permission) in order to access routes (other than > those in > >>>> the /api/v1/public namespace). > >>>> > >>>> BTW: All routes also have some required permissions you should take a > >>>> look at. Specific ones. > >>>> > >>>> Kind regards > >>>> > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > >>>> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>) escribió: > >>>> > >>>>> Hi, > >>>>> > >>>>> I wanted to build an app that uses the koha API, and so i was > testing it > >>>>> out, but I keep getting "Authentication Failure" error whichever end > >>>>> point > >>>>> I try to access. > >>>>> The steps i did are > >>>>> > >>>>> 1. Got the client_id / secret from koha > >>>>> 2. Sent a POST request to api/v1/oauth/token with required parameters > >>>>> and > >>>>> got an "access_token" returned > >>>>> 3. Added the token to my authorization header with header-prefix > >>>>> "Bearer" > >>>>> 4. Sent a GET request to different end points, but getting the same > 401 > >>>>> Unauthorized error code with error : Authentication failure > >>>>> > >>>>> However if i access one of the public end points like > >>>>> /api/v1/biblios/{biblio_id} i can get a response > >>>>> > >>>>> If anyone has any idea why this is happening, please let me know. > >>>>> > >>>>> Thanks in advance, > >>>>> Aswin > >>>>> _______________________________________________ > >>>>> > >>>>> Koha mailing list http://koha-community.org <http://koha-community.org> > >>>>> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > >>>>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Tomás Cohen Arazi > >>>> Theke Solutions (http://theke.io <http://theke.io>) > >>>> ✆ +54 9351 3513384 > >>>> GPG: B2F3C15F > >>>> > >>> > >> > >> -- > >> Tomás Cohen Arazi > >> Theke Solutions (http://theke.io <http://theke.io>) > >> ✆ +54 9351 3513384 > >> GPG: B2F3C15F > >> > > _______________________________________________ > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > > -- > Ere Maijala > Kansalliskirjasto / The National Library of Finland > _______________________________________________ > > Koha mailing list http://koha-community.org <http://koha-community.org> > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > _______________________________________________
Koha mailing list http://koha-community.org <http://koha-community.org> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
No, I mean it was *not* working with default configurations. I kept getting a 401 error. I had to add an extra line to the apache config file like mentioned in the documentation you provided earlier, to make apache pass the Authorization headers. On Wed, May 26, 2021, 11:58 AM Ere Maijala <ere.maijala@helsinki.fi> wrote:
Do you mean OAuth2 is working for you without anything special in Apache config? I've not been that fortunate yet, though it might depend on whether authentication plugins are enabled in Apache.
--Ere
Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15:
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using?
If not, then this is something we should patch in the Koha packages for everyone.
Kind regards
El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>> wrote:
> My documented steps to make sure OAuth2 is working are here: > > >
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
<
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
> > This may be useful for you. I suppose it would make sense to
document
> this properly in Koha wiki as well, I just haven't had time... > > Best, > Ere > > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: > > Thanks for pointing that out Stephen, I will have to look into that, it > > might be the issue here. > > > > Tomas, I am not exactly sure if we have plack running or not. Plack > seems > > to be enabled, but plack logs are all empty. the logs are all at > > intranet-error.log and opac-error.log > > > > I will try out the apache CGIPass method as Stephen suggested and get > back > > if it works. > > > > Thanks, > > Aswin > > > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com <mailto:tomascohen@gmail.com>> > > wrote: > > > >> Are you running Plack? > >> > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > >> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>)
escribió:
> >> > >>> Thanks Stephen, Tomas for the quick response. > >>> > >>> Aswin - are you using the correct URL to call your custom endpoint. It > >>>> should be under the contrib namespace e.g. > >>>> > >>> > >>> The app i am making is not part of koha, its a seperate web app which > >>> makes calls to /api/v1/ end points of the koha server. > >>> > >>> Does the user (owner of the id/secret pair) have privileged access to > >>>> Koha? Remember it needs to have permissions to enter the
staff
> interface > >>>> (the 'catalogue' permission) in order to access routes (other than > those in > >>>> the /api/v1/public namespace). > >>>> > >>> Yes, the user has permission set to access all librarian functions, I > >>> also tried accessing the api end point via browser after logging in to > the > >>> staff portal with this user, and im getting the correct
response.
> >>> > >>> Im also not able to access api/v1/.html from the browser, it gives a > 403 > >>> Error page. I checked the error logs and found this > >>> > >>> [authz_core:error] [pid 25846] AH01630: client denied by
server
> >>>> configuration: /usr/share/koha/api/v1/.html > >>>> > >>> > >>> > >>> Is there any logging systems in place which could give more
info
> >>> regarding the authorization failure error? or any idea whats wrong? > >>> > >>> Thanks, > >>> Aswin > >>> > >>> > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com <mailto:tomascohen@gmail.com>> > >>> wrote: > >>> > >>>> Does the user (owner of the id/secret pair) have privileged access to > >>>> Koha? Remember it needs to have permissions to enter the
staff
> interface > >>>> (the 'catalogue' permission) in order to access routes (other than > those in > >>>> the /api/v1/public namespace). > >>>> > >>>> BTW: All routes also have some required permissions you should take a > >>>> look at. Specific ones. > >>>> > >>>> Kind regards > >>>> > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > >>>> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>)
escribió:
> >>>> > >>>>> Hi, > >>>>> > >>>>> I wanted to build an app that uses the koha API, and so i
was
> testing it > >>>>> out, but I keep getting "Authentication Failure" error whichever end > >>>>> point > >>>>> I try to access. > >>>>> The steps i did are > >>>>> > >>>>> 1. Got the client_id / secret from koha > >>>>> 2. Sent a POST request to api/v1/oauth/token with required parameters > >>>>> and > >>>>> got an "access_token" returned > >>>>> 3. Added the token to my authorization header with header-prefix > >>>>> "Bearer" > >>>>> 4. Sent a GET request to different end points, but getting the same > 401 > >>>>> Unauthorized error code with error : Authentication failure > >>>>> > >>>>> However if i access one of the public end points like > >>>>> /api/v1/biblios/{biblio_id} i can get a response > >>>>> > >>>>> If anyone has any idea why this is happening, please let me know. > >>>>> > >>>>> Thanks in advance, > >>>>> Aswin > >>>>> _______________________________________________ > >>>>> > >>>>> Koha mailing list http://koha-community.org <http://koha-community.org> > >>>>> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > >>>>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Tomás Cohen Arazi > >>>> Theke Solutions (http://theke.io <http://theke.io>) > >>>> ✆ +54 9351 3513384 > >>>> GPG: B2F3C15F > >>>> > >>> > >> > >> -- > >> Tomás Cohen Arazi > >> Theke Solutions (http://theke.io <http://theke.io>) > >> ✆ +54 9351 3513384 > >> GPG: B2F3C15F > >> > > _______________________________________________ > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > > -- > Ere Maijala > Kansalliskirjasto / The National Library of Finland > _______________________________________________ > > Koha mailing list http://koha-community.org <http://koha-community.org> > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > _______________________________________________
Koha mailing list http://koha-community.org <
Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
Aswin, Yes, I got that. Sorry, I meant to address my question to Tomas. Best, Ere Aswin Unnikrishnan kirjoitti 26.5.2021 klo 10.11:
No, I mean it was *not* working with default configurations. I kept getting a 401 error.
I had to add an extra line to the apache config file like mentioned in the documentation you provided earlier, to make apache pass the Authorization headers.
On Wed, May 26, 2021, 11:58 AM Ere Maijala <ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>> wrote:
Do you mean OAuth2 is working for you without anything special in Apache config? I've not been that fortunate yet, though it might depend on whether authentication plugins are enabled in Apache.
--Ere
Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15: > I wonder why it is working out of the box, and not for you. Is there any > special apache config you're using? > > If not, then this is something we should patch in the Koha packages for > everyone. > > Kind regards > > El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com <mailto:aswinunni01@gmail.com> > <mailto:aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>> escribió: > > Thank you so much guys, > > Was a bit busy the past couple of days and could'nt work on it. But I > followed the documentation mentioned by Ere and it worked! > > SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 > > > If anyone else faces this issue, you should add this command under > <VirtualHost> </VirtualHost> Tag . > > Thanks, > Aswin > > On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi> > <mailto:ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>>> wrote: > > > My documented steps to make sure OAuth2 is working are here: > > > > > > > https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20> > <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20>> > > > > This may be useful for you. I suppose it would make sense to document > > this properly in Koha wiki as well, I just haven't had time... > > > > Best, > > Ere > > > > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: > > > Thanks for pointing that out Stephen, I will have to look into > that, it > > > might be the issue here. > > > > > > Tomas, I am not exactly sure if we have plack running or not. > Plack > > seems > > > to be enabled, but plack logs are all empty. the logs are all at > > > intranet-error.log and opac-error.log > > > > > > I will try out the apache CGIPass method as Stephen suggested > and get > > back > > > if it works. > > > > > > Thanks, > > > Aswin > > > > > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi > <tomascohen@gmail.com <mailto:tomascohen@gmail.com> <mailto:tomascohen@gmail.com <mailto:tomascohen@gmail.com>>> > > > wrote: > > > > > >> Are you running Plack? > > >> > > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > > >> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com> <mailto:aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>>) escribió: > > >> > > >>> Thanks Stephen, Tomas for the quick response. > > >>> > > >>> Aswin - are you using the correct URL to call your custom > endpoint. It > > >>>> should be under the contrib namespace e.g. > > >>>> > > >>> > > >>> The app i am making is not part of koha, its a seperate web > app which > > >>> makes calls to /api/v1/ end points of the koha server. > > >>> > > >>> Does the user (owner of the id/secret pair) have privileged > access to > > >>>> Koha? Remember it needs to have permissions to enter the staff > > interface > > >>>> (the 'catalogue' permission) in order to access routes > (other than > > those in > > >>>> the /api/v1/public namespace). > > >>>> > > >>> Yes, the user has permission set to access all librarian > functions, I > > >>> also tried accessing the api end point via browser after > logging in to > > the > > >>> staff portal with this user, and im getting the correct response. > > >>> > > >>> Im also not able to access api/v1/.html from the browser, it > gives a > > 403 > > >>> Error page. I checked the error logs and found this > > >>> > > >>> [authz_core:error] [pid 25846] AH01630: client denied by server > > >>>> configuration: /usr/share/koha/api/v1/.html > > >>>> > > >>> > > >>> > > >>> Is there any logging systems in place which could give more info > > >>> regarding the authorization failure error? or any idea whats > wrong? > > >>> > > >>> Thanks, > > >>> Aswin > > >>> > > >>> > > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi > <tomascohen@gmail.com <mailto:tomascohen@gmail.com> <mailto:tomascohen@gmail.com <mailto:tomascohen@gmail.com>>> > > >>> wrote: > > >>> > > >>>> Does the user (owner of the id/secret pair) have privileged > access to > > >>>> Koha? Remember it needs to have permissions to enter the staff > > interface > > >>>> (the 'catalogue' permission) in order to access routes > (other than > > those in > > >>>> the /api/v1/public namespace). > > >>>> > > >>>> BTW: All routes also have some required permissions you > should take a > > >>>> look at. Specific ones. > > >>>> > > >>>> Kind regards > > >>>> > > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > > >>>> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com> <mailto:aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>>) escribió: > > >>>> > > >>>>> Hi, > > >>>>> > > >>>>> I wanted to build an app that uses the koha API, and so i was > > testing it > > >>>>> out, but I keep getting "Authentication Failure" error > whichever end > > >>>>> point > > >>>>> I try to access. > > >>>>> The steps i did are > > >>>>> > > >>>>> 1. Got the client_id / secret from koha > > >>>>> 2. Sent a POST request to api/v1/oauth/token with required > parameters > > >>>>> and > > >>>>> got an "access_token" returned > > >>>>> 3. Added the token to my authorization header with > header-prefix > > >>>>> "Bearer" > > >>>>> 4. Sent a GET request to different end points, but getting > the same > > 401 > > >>>>> Unauthorized error code with error : Authentication failure > > >>>>> > > >>>>> However if i access one of the public end points like > > >>>>> /api/v1/biblios/{biblio_id} i can get a response > > >>>>> > > >>>>> If anyone has any idea why this is happening, please let > me know. > > >>>>> > > >>>>> Thanks in advance, > > >>>>> Aswin > > >>>>> _______________________________________________ > > >>>>> > > >>>>> Koha mailing list http://koha-community.org <http://koha-community.org> > <http://koha-community.org <http://koha-community.org>> > > >>>>> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > > >>>>> Unsubscribe: > https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> > > >>>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Tomás Cohen Arazi > > >>>> Theke Solutions (http://theke.io <http://theke.io> <http://theke.io <http://theke.io>>) > > >>>> ✆ +54 9351 3513384 > > >>>> GPG: B2F3C15F > > >>>> > > >>> > > >> > > >> -- > > >> Tomás Cohen Arazi > > >> Theke Solutions (http://theke.io <http://theke.io> <http://theke.io <http://theke.io>>) > > >> ✆ +54 9351 3513384 > > >> GPG: B2F3C15F > > >> > > > _______________________________________________ > > > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > <http://koha-community.org <http://koha-community.org>> > > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> > > > > > > > -- > > Ere Maijala > > Kansalliskirjasto / The National Library of Finland > > _______________________________________________ > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > <http://koha-community.org <http://koha-community.org>> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> > > > _______________________________________________ > > Koha mailing list http://koha-community.org <http://koha-community.org> <http://koha-community.org <http://koha-community.org>> > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> >
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
So maybe it is a side effect of using some authentication module in Apache? This is from a 20.05 setup, that I know OAuth2 is being used by a vendor: $ sudo apache2ctl -D DUMP_MODULES Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) expires_module (shared) filter_module (shared) headers_module (shared) mime_module (shared) mpm_itk_module (shared) mpm_prefork_module (shared) negotiation_module (shared) proxy_module (shared) proxy_http_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared) El mié, 26 may 2021 a las 3:28, Ere Maijala (<ere.maijala@helsinki.fi>) escribió:
Do you mean OAuth2 is working for you without anything special in Apache config? I've not been that fortunate yet, though it might depend on whether authentication plugins are enabled in Apache.
--Ere
Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15:
I wonder why it is working out of the box, and not for you. Is there any special apache config you're using?
If not, then this is something we should patch in the Koha packages for everyone.
Kind regards
El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>> escribió:
Thank you so much guys,
Was a bit busy the past couple of days and could'nt work on it. But I followed the documentation mentioned by Ere and it worked!
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If anyone else faces this issue, you should add this command under <VirtualHost> </VirtualHost> Tag .
Thanks, Aswin
On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>> wrote:
> My documented steps to make sure OAuth2 is working are here: > > >
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
<
https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
> > This may be useful for you. I suppose it would make sense to
document
> this properly in Koha wiki as well, I just haven't had time... > > Best, > Ere > > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: > > Thanks for pointing that out Stephen, I will have to look into that, it > > might be the issue here. > > > > Tomas, I am not exactly sure if we have plack running or not. Plack > seems > > to be enabled, but plack logs are all empty. the logs are all at > > intranet-error.log and opac-error.log > > > > I will try out the apache CGIPass method as Stephen suggested and get > back > > if it works. > > > > Thanks, > > Aswin > > > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen@gmail.com <mailto:tomascohen@gmail.com>> > > wrote: > > > >> Are you running Plack? > >> > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > >> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>)
escribió:
> >> > >>> Thanks Stephen, Tomas for the quick response. > >>> > >>> Aswin - are you using the correct URL to call your custom endpoint. It > >>>> should be under the contrib namespace e.g. > >>>> > >>> > >>> The app i am making is not part of koha, its a seperate web app which > >>> makes calls to /api/v1/ end points of the koha server. > >>> > >>> Does the user (owner of the id/secret pair) have privileged access to > >>>> Koha? Remember it needs to have permissions to enter the
staff
> interface > >>>> (the 'catalogue' permission) in order to access routes (other than > those in > >>>> the /api/v1/public namespace). > >>>> > >>> Yes, the user has permission set to access all librarian functions, I > >>> also tried accessing the api end point via browser after logging in to > the > >>> staff portal with this user, and im getting the correct
response.
> >>> > >>> Im also not able to access api/v1/.html from the browser, it gives a > 403 > >>> Error page. I checked the error logs and found this > >>> > >>> [authz_core:error] [pid 25846] AH01630: client denied by
server
> >>>> configuration: /usr/share/koha/api/v1/.html > >>>> > >>> > >>> > >>> Is there any logging systems in place which could give more
info
> >>> regarding the authorization failure error? or any idea whats wrong? > >>> > >>> Thanks, > >>> Aswin > >>> > >>> > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomascohen@gmail.com <mailto:tomascohen@gmail.com>> > >>> wrote: > >>> > >>>> Does the user (owner of the id/secret pair) have privileged access to > >>>> Koha? Remember it needs to have permissions to enter the
staff
> interface > >>>> (the 'catalogue' permission) in order to access routes (other than > those in > >>>> the /api/v1/public namespace). > >>>> > >>>> BTW: All routes also have some required permissions you should take a > >>>> look at. Specific ones. > >>>> > >>>> Kind regards > >>>> > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > >>>> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>)
escribió:
> >>>> > >>>>> Hi, > >>>>> > >>>>> I wanted to build an app that uses the koha API, and so i
was
> testing it > >>>>> out, but I keep getting "Authentication Failure" error whichever end > >>>>> point > >>>>> I try to access. > >>>>> The steps i did are > >>>>> > >>>>> 1. Got the client_id / secret from koha > >>>>> 2. Sent a POST request to api/v1/oauth/token with required parameters > >>>>> and > >>>>> got an "access_token" returned > >>>>> 3. Added the token to my authorization header with header-prefix > >>>>> "Bearer" > >>>>> 4. Sent a GET request to different end points, but getting the same > 401 > >>>>> Unauthorized error code with error : Authentication failure > >>>>> > >>>>> However if i access one of the public end points like > >>>>> /api/v1/biblios/{biblio_id} i can get a response > >>>>> > >>>>> If anyone has any idea why this is happening, please let me know. > >>>>> > >>>>> Thanks in advance, > >>>>> Aswin > >>>>> _______________________________________________ > >>>>> > >>>>> Koha mailing list http://koha-community.org <http://koha-community.org> > >>>>> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > >>>>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > >>>>> > >>>> > >>>> > >>>> -- > >>>> Tomás Cohen Arazi > >>>> Theke Solutions (http://theke.io <http://theke.io>) > >>>> ✆ +54 9351 3513384 > >>>> GPG: B2F3C15F > >>>> > >>> > >> > >> -- > >> Tomás Cohen Arazi > >> Theke Solutions (http://theke.io <http://theke.io>) > >> ✆ +54 9351 3513384 > >> GPG: B2F3C15F > >> > > _______________________________________________ > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > > -- > Ere Maijala > Kansalliskirjasto / The National Library of Finland > _______________________________________________ > > Koha mailing list http://koha-community.org <http://koha-community.org> > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > _______________________________________________
Koha mailing list http://koha-community.org <
Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
-- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F
Looks like I had cgid_module and suexec_module on 20.05 enabled in addition to what you have, but disabling them did not help. --Ere Tomas Cohen Arazi kirjoitti 26.5.2021 klo 15.20:
So maybe it is a side effect of using some authentication module in Apache?
This is from a 20.05 setup, that I know OAuth2 is being used by a vendor:
$ sudo apache2ctl -D DUMP_MODULES Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) expires_module (shared) filter_module (shared) headers_module (shared) mime_module (shared) mpm_itk_module (shared) mpm_prefork_module (shared) negotiation_module (shared) proxy_module (shared) proxy_http_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared)
El mié, 26 may 2021 a las 3:28, Ere Maijala (<ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>>) escribió:
Do you mean OAuth2 is working for you without anything special in Apache config? I've not been that fortunate yet, though it might depend on whether authentication plugins are enabled in Apache.
--Ere
Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15: > I wonder why it is working out of the box, and not for you. Is there any > special apache config you're using? > > If not, then this is something we should patch in the Koha packages for > everyone. > > Kind regards > > El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunni01@gmail.com <mailto:aswinunni01@gmail.com> > <mailto:aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>> escribió: > > Thank you so much guys, > > Was a bit busy the past couple of days and could'nt work on it. But I > followed the documentation mentioned by Ere and it worked! > > SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 > > > If anyone else faces this issue, you should add this command under > <VirtualHost> </VirtualHost> Tag . > > Thanks, > Aswin > > On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi> > <mailto:ere.maijala@helsinki.fi <mailto:ere.maijala@helsinki.fi>>> wrote: > > > My documented steps to make sure OAuth2 is working are here: > > > > > > > https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20> > <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20>> > > > > This may be useful for you. I suppose it would make sense to document > > this properly in Koha wiki as well, I just haven't had time... > > > > Best, > > Ere > > > > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: > > > Thanks for pointing that out Stephen, I will have to look into > that, it > > > might be the issue here. > > > > > > Tomas, I am not exactly sure if we have plack running or not. > Plack > > seems > > > to be enabled, but plack logs are all empty. the logs are all at > > > intranet-error.log and opac-error.log > > > > > > I will try out the apache CGIPass method as Stephen suggested > and get > > back > > > if it works. > > > > > > Thanks, > > > Aswin > > > > > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi > <tomascohen@gmail.com <mailto:tomascohen@gmail.com> <mailto:tomascohen@gmail.com <mailto:tomascohen@gmail.com>>> > > > wrote: > > > > > >> Are you running Plack? > > >> > > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > > >> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com> <mailto:aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>>) escribió: > > >> > > >>> Thanks Stephen, Tomas for the quick response. > > >>> > > >>> Aswin - are you using the correct URL to call your custom > endpoint. It > > >>>> should be under the contrib namespace e.g. > > >>>> > > >>> > > >>> The app i am making is not part of koha, its a seperate web > app which > > >>> makes calls to /api/v1/ end points of the koha server. > > >>> > > >>> Does the user (owner of the id/secret pair) have privileged > access to > > >>>> Koha? Remember it needs to have permissions to enter the staff > > interface > > >>>> (the 'catalogue' permission) in order to access routes > (other than > > those in > > >>>> the /api/v1/public namespace). > > >>>> > > >>> Yes, the user has permission set to access all librarian > functions, I > > >>> also tried accessing the api end point via browser after > logging in to > > the > > >>> staff portal with this user, and im getting the correct response. > > >>> > > >>> Im also not able to access api/v1/.html from the browser, it > gives a > > 403 > > >>> Error page. I checked the error logs and found this > > >>> > > >>> [authz_core:error] [pid 25846] AH01630: client denied by server > > >>>> configuration: /usr/share/koha/api/v1/.html > > >>>> > > >>> > > >>> > > >>> Is there any logging systems in place which could give more info > > >>> regarding the authorization failure error? or any idea whats > wrong? > > >>> > > >>> Thanks, > > >>> Aswin > > >>> > > >>> > > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi > <tomascohen@gmail.com <mailto:tomascohen@gmail.com> <mailto:tomascohen@gmail.com <mailto:tomascohen@gmail.com>>> > > >>> wrote: > > >>> > > >>>> Does the user (owner of the id/secret pair) have privileged > access to > > >>>> Koha? Remember it needs to have permissions to enter the staff > > interface > > >>>> (the 'catalogue' permission) in order to access routes > (other than > > those in > > >>>> the /api/v1/public namespace). > > >>>> > > >>>> BTW: All routes also have some required permissions you > should take a > > >>>> look at. Specific ones. > > >>>> > > >>>> Kind regards > > >>>> > > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > > >>>> aswinunni01@gmail.com <mailto:aswinunni01@gmail.com> <mailto:aswinunni01@gmail.com <mailto:aswinunni01@gmail.com>>>) escribió: > > >>>> > > >>>>> Hi, > > >>>>> > > >>>>> I wanted to build an app that uses the koha API, and so i was > > testing it > > >>>>> out, but I keep getting "Authentication Failure" error > whichever end > > >>>>> point > > >>>>> I try to access. > > >>>>> The steps i did are > > >>>>> > > >>>>> 1. Got the client_id / secret from koha > > >>>>> 2. Sent a POST request to api/v1/oauth/token with required > parameters > > >>>>> and > > >>>>> got an "access_token" returned > > >>>>> 3. Added the token to my authorization header with > header-prefix > > >>>>> "Bearer" > > >>>>> 4. Sent a GET request to different end points, but getting > the same > > 401 > > >>>>> Unauthorized error code with error : Authentication failure > > >>>>> > > >>>>> However if i access one of the public end points like > > >>>>> /api/v1/biblios/{biblio_id} i can get a response > > >>>>> > > >>>>> If anyone has any idea why this is happening, please let > me know. > > >>>>> > > >>>>> Thanks in advance, > > >>>>> Aswin > > >>>>> _______________________________________________ > > >>>>> > > >>>>> Koha mailing list http://koha-community.org <http://koha-community.org> > <http://koha-community.org <http://koha-community.org>> > > >>>>> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > > >>>>> Unsubscribe: > https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> > > >>>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Tomás Cohen Arazi > > >>>> Theke Solutions (http://theke.io <http://theke.io> <http://theke.io <http://theke.io>>) > > >>>> ✆ +54 9351 3513384 > > >>>> GPG: B2F3C15F > > >>>> > > >>> > > >> > > >> -- > > >> Tomás Cohen Arazi > > >> Theke Solutions (http://theke.io <http://theke.io> <http://theke.io <http://theke.io>>) > > >> ✆ +54 9351 3513384 > > >> GPG: B2F3C15F > > >> > > > _______________________________________________ > > > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > <http://koha-community.org <http://koha-community.org>> > > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> > > > > > > > -- > > Ere Maijala > > Kansalliskirjasto / The National Library of Finland > > _______________________________________________ > > > > Koha mailing list http://koha-community.org <http://koha-community.org> > <http://koha-community.org <http://koha-community.org>> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> > > > _______________________________________________ > > Koha mailing list http://koha-community.org <http://koha-community.org> <http://koha-community.org <http://koha-community.org>> > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> <mailto:Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz>> > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha> > <https://lists.katipo.co.nz/mailman/listinfo/koha <https://lists.katipo.co.nz/mailman/listinfo/koha>> >
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
-- Tomás Cohen Arazi Theke Solutions (http://theke.io <http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F
-- Ere Maijala Kansalliskirjasto / The National Library of Finland
participants (4)
-
Aswin Unnikrishnan -
Ere Maijala -
Stephen Graham -
Tomas Cohen Arazi