[Koha] Koha API - Authentication Failure

dcook at prosentient.com.au dcook at prosentient.com.au
Thu May 20 13:45:33 NZST 2021


That KohaRest driver looks interesting!

I haven't dug into it too deeply, but how do you handle the user/patron authentication? Do you have the user log into VuFind and at that point you use the backend confidential client user to validate it via your plugin API endpoint? Have you thought about using SSO between VuFind and Koha? I suppose even then you'd still have to do a user lookup against Koha unless there is an attribute/claim containing their borrowernumber... 

I'd love to see the core REST API replace the ILS-DI API for discovery services...

David Cook
Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia

Office: 02 9212 0899
Online: 02 8005 0595

-----Original Message-----
Date: Wed, 19 May 2021 11:49:48 +0300
From: Ere Maijala <ere.maijala at helsinki.fi>
To: koha at lists.katipo.co.nz
Subject: Re: [Koha] Koha API - Authentication Failure
Message-ID: <82f7fb00-a4da-fcaa-3431-3fe58d12f9d4 at helsinki.fi>
Content-Type: text/plain; charset=utf-8; format=flowed

My documented steps to make sure OAuth2 is working are here:

https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20

This may be useful for you. I suppose it would make sense to document this properly in Koha wiki as well, I just haven't had time...

Best,
Ere

Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
> Thanks for pointing that out Stephen, I will have to look into that, 
> it might be the issue here.
> 
> Tomas, I am not exactly sure if we have plack running or not.  Plack 
> seems to be enabled, but plack logs are all empty. the logs are all at 
> intranet-error.log and opac-error.log
> 
> I will try out the apache CGIPass method as Stephen suggested and get 
> back if it works.
> 
> Thanks,
> Aswin
> 
> On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi <tomascohen at gmail.com>
> wrote:
> 
>> Are you running Plack?
>>
>> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (<
>> aswinunni01 at gmail.com>) escribió:
>>
>>> Thanks Stephen, Tomas for the quick response.
>>>
>>> Aswin - are you using the correct URL to call your custom endpoint. 
>>> It
>>>> should be under the contrib namespace e.g.
>>>>
>>>
>>> The app i am making is not part of koha, its a seperate web app 
>>> which makes calls to /api/v1/ end points of the koha server.
>>>
>>> Does the user (owner of the id/secret pair) have privileged access 
>>> to
>>>> Koha? Remember it needs to have permissions to enter the staff 
>>>> interface (the 'catalogue' permission) in order to access routes 
>>>> (other than those in the /api/v1/public namespace).
>>>>
>>> Yes, the user has permission set to access all librarian functions, 
>>> I also tried accessing the api end point via browser after logging 
>>> in to the staff portal with this user, and im getting the correct response.
>>>
>>> Im also not able to access api/v1/.html from the browser, it gives a 
>>> 403 Error page. I checked the error logs and found this
>>>
>>> [authz_core:error] [pid 25846]  AH01630: client denied by server
>>>> configuration: /usr/share/koha/api/v1/.html
>>>>
>>>
>>>
>>> Is there any logging systems in place which could give more info 
>>> regarding the authorization failure error? or any idea whats wrong?
>>>
>>> Thanks,
>>> Aswin
>>>
>>>
>>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi 
>>> <tomascohen at gmail.com>
>>> wrote:
>>>
>>>> Does the user (owner of the id/secret pair) have privileged access 
>>>> to Koha? Remember it needs to have permissions to enter the staff 
>>>> interface (the 'catalogue' permission) in order to access routes 
>>>> (other than those in the /api/v1/public namespace).
>>>>
>>>> BTW: All routes also have some required permissions you should take 
>>>> a look at. Specific ones.
>>>>
>>>> Kind regards
>>>>
>>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<
>>>> aswinunni01 at gmail.com>) escribió:
>>>>
>>>>> Hi,
>>>>>
>>>>> I wanted to build an app that uses the koha API, and so i was 
>>>>> testing it out, but I keep getting "Authentication Failure" error 
>>>>> whichever end point I try to access.
>>>>> The steps i did are
>>>>>
>>>>> 1. Got the client_id / secret from koha 2. Sent a POST request to 
>>>>> api/v1/oauth/token with required parameters and got  an 
>>>>> "access_token" returned 3. Added the token to my authorization 
>>>>> header with header-prefix "Bearer"
>>>>> 4. Sent a GET request to different end points, but getting the 
>>>>> same 401 Unauthorized error code with error : Authentication 
>>>>> failure
>>>>>
>>>>> However if i access one of the public end points like 
>>>>> /api/v1/biblios/{biblio_id} i can get a response
>>>>>
>>>>> If anyone has any idea why this is happening, please  let me know.
>>>>>
>>>>> Thanks in advance,
>>>>> Aswin
>>>>> _______________________________________________
>>>>>
>>>>> Koha mailing list  http://koha-community.org 
>>>>> Koha at lists.katipo.co.nz
>>>>> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>>>>>
>>>>
>>>>
>>>> --
>>>> Tomás Cohen Arazi
>>>> Theke Solutions (http://theke.io)
>>>> ✆ +54 9351 3513384
>>>> GPG: B2F3C15F
>>>>
>>>
>>
>> --
>> Tomás Cohen Arazi
>> Theke Solutions (http://theke.io)
>> ✆ +54 9351 3513384
>> GPG: B2F3C15F
>>
> _______________________________________________
> 
> Koha mailing list  http://koha-community.org Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
> 

--
Ere Maijala
Kansalliskirjasto / The National Library of Finland






More information about the Koha mailing list