[Koha] Koha API - Authentication Failure

Ere Maijala ere.maijala at helsinki.fi
Wed May 26 19:16:12 NZST 2021


Aswin,

Yes, I got that. Sorry, I meant to address my question to Tomas.

Best,
Ere

Aswin Unnikrishnan kirjoitti 26.5.2021 klo 10.11:
> No, I mean it was *not* working with default configurations.  I kept 
> getting a 401 error.
> 
> I had to add an extra line to the apache config file like mentioned in 
> the documentation you provided earlier, to make apache pass the 
> Authorization headers.
> 
> 
> 
> On Wed, May 26, 2021, 11:58 AM Ere Maijala <ere.maijala at helsinki.fi 
> <mailto:ere.maijala at helsinki.fi>> wrote:
> 
>     Do you mean OAuth2 is working for you without anything special in
>     Apache
>     config? I've not been that fortunate yet, though it might depend on
>     whether authentication plugins are enabled in Apache.
> 
>     --Ere
> 
>     Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15:
>      > I wonder why it is working out of the box, and not for you. Is
>     there any
>      > special apache config you're using?
>      >
>      > If not, then this is something we should patch in the Koha
>     packages for
>      > everyone.
>      >
>      > Kind regards
>      >
>      > El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan
>     <aswinunni01 at gmail.com <mailto:aswinunni01 at gmail.com>
>      > <mailto:aswinunni01 at gmail.com <mailto:aswinunni01 at gmail.com>>>
>     escribió:
>      >
>      >     Thank you so much guys,
>      >
>      >     Was a bit busy the past couple of days and could'nt work on
>     it. But I
>      >     followed the documentation mentioned by Ere and it worked!
>      >
>      >     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
>      >
>      >
>      >     If anyone else faces this issue, you should add this command
>     under
>      >     <VirtualHost> </VirtualHost> Tag .
>      >
>      >     Thanks,
>      >     Aswin
>      >
>      >     On Wed, 19 May 2021 at 14:20, Ere Maijala
>     <ere.maijala at helsinki.fi <mailto:ere.maijala at helsinki.fi>
>      >     <mailto:ere.maijala at helsinki.fi
>     <mailto:ere.maijala at helsinki.fi>>> wrote:
>      >
>      >      > My documented steps to make sure OAuth2 is working are here:
>      >      >
>      >      >
>      >      >
>      >
>     https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20
>     <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20>
>      >   
>       <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 <https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20>>
>      >      >
>      >      > This may be useful for you. I suppose it would make sense
>     to document
>      >      > this properly in Koha wiki as well, I just haven't had time...
>      >      >
>      >      > Best,
>      >      > Ere
>      >      >
>      >      > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53:
>      >      > > Thanks for pointing that out Stephen, I will have to
>     look into
>      >     that, it
>      >      > > might be the issue here.
>      >      > >
>      >      > > Tomas, I am not exactly sure if we have plack running or
>     not.
>      >     Plack
>      >      > seems
>      >      > > to be enabled, but plack logs are all empty. the logs
>     are all at
>      >      > > intranet-error.log and opac-error.log
>      >      > >
>      >      > > I will try out the apache CGIPass method as Stephen
>     suggested
>      >     and get
>      >      > back
>      >      > > if it works.
>      >      > >
>      >      > > Thanks,
>      >      > > Aswin
>      >      > >
>      >      > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi
>      >     <tomascohen at gmail.com <mailto:tomascohen at gmail.com>
>     <mailto:tomascohen at gmail.com <mailto:tomascohen at gmail.com>>>
>      >      > > wrote:
>      >      > >
>      >      > >> Are you running Plack?
>      >      > >>
>      >      > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (<
>      >      > >> aswinunni01 at gmail.com <mailto:aswinunni01 at gmail.com>
>     <mailto:aswinunni01 at gmail.com <mailto:aswinunni01 at gmail.com>>>)
>     escribió:
>      >      > >>
>      >      > >>> Thanks Stephen, Tomas for the quick response.
>      >      > >>>
>      >      > >>> Aswin - are you using the correct URL to call your custom
>      >     endpoint. It
>      >      > >>>> should be under the contrib namespace e.g.
>      >      > >>>>
>      >      > >>>
>      >      > >>> The app i am making is not part of koha, its a
>     seperate web
>      >     app which
>      >      > >>> makes calls to /api/v1/ end points of the koha server.
>      >      > >>>
>      >      > >>> Does the user (owner of the id/secret pair) have
>     privileged
>      >     access to
>      >      > >>>> Koha? Remember it needs to have permissions to enter
>     the staff
>      >      > interface
>      >      > >>>> (the 'catalogue' permission) in order to access routes
>      >     (other than
>      >      > those in
>      >      > >>>> the /api/v1/public namespace).
>      >      > >>>>
>      >      > >>> Yes, the user has permission set to access all librarian
>      >     functions, I
>      >      > >>> also tried accessing the api end point via browser after
>      >     logging in to
>      >      > the
>      >      > >>> staff portal with this user, and im getting the
>     correct response.
>      >      > >>>
>      >      > >>> Im also not able to access api/v1/.html from the
>     browser, it
>      >     gives a
>      >      > 403
>      >      > >>> Error page. I checked the error logs and found this
>      >      > >>>
>      >      > >>> [authz_core:error] [pid 25846]  AH01630: client denied
>     by server
>      >      > >>>> configuration: /usr/share/koha/api/v1/.html
>      >      > >>>>
>      >      > >>>
>      >      > >>>
>      >      > >>> Is there any logging systems in place which could give
>     more info
>      >      > >>> regarding the authorization failure error? or any idea
>     whats
>      >     wrong?
>      >      > >>>
>      >      > >>> Thanks,
>      >      > >>> Aswin
>      >      > >>>
>      >      > >>>
>      >      > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi
>      >     <tomascohen at gmail.com <mailto:tomascohen at gmail.com>
>     <mailto:tomascohen at gmail.com <mailto:tomascohen at gmail.com>>>
>      >      > >>> wrote:
>      >      > >>>
>      >      > >>>> Does the user (owner of the id/secret pair) have
>     privileged
>      >     access to
>      >      > >>>> Koha? Remember it needs to have permissions to enter
>     the staff
>      >      > interface
>      >      > >>>> (the 'catalogue' permission) in order to access routes
>      >     (other than
>      >      > those in
>      >      > >>>> the /api/v1/public namespace).
>      >      > >>>>
>      >      > >>>> BTW: All routes also have some required permissions you
>      >     should take a
>      >      > >>>> look at. Specific ones.
>      >      > >>>>
>      >      > >>>> Kind regards
>      >      > >>>>
>      >      > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<
>      >      > >>>> aswinunni01 at gmail.com <mailto:aswinunni01 at gmail.com>
>     <mailto:aswinunni01 at gmail.com <mailto:aswinunni01 at gmail.com>>>)
>     escribió:
>      >      > >>>>
>      >      > >>>>> Hi,
>      >      > >>>>>
>      >      > >>>>> I wanted to build an app that uses the koha API, and
>     so i was
>      >      > testing it
>      >      > >>>>> out, but I keep getting "Authentication Failure" error
>      >     whichever end
>      >      > >>>>> point
>      >      > >>>>> I try to access.
>      >      > >>>>> The steps i did are
>      >      > >>>>>
>      >      > >>>>> 1. Got the client_id / secret from koha
>      >      > >>>>> 2. Sent a POST request to api/v1/oauth/token with
>     required
>      >     parameters
>      >      > >>>>> and
>      >      > >>>>> got  an "access_token" returned
>      >      > >>>>> 3. Added the token to my authorization header with
>      >     header-prefix
>      >      > >>>>> "Bearer"
>      >      > >>>>> 4. Sent a GET request to different end points, but
>     getting
>      >     the same
>      >      > 401
>      >      > >>>>> Unauthorized error code with error : Authentication
>     failure
>      >      > >>>>>
>      >      > >>>>> However if i access one of the public end points like
>      >      > >>>>> /api/v1/biblios/{biblio_id} i can get a response
>      >      > >>>>>
>      >      > >>>>> If anyone has any idea why this is happening,
>     please  let
>      >     me know.
>      >      > >>>>>
>      >      > >>>>> Thanks in advance,
>      >      > >>>>> Aswin
>      >      > >>>>> _______________________________________________
>      >      > >>>>>
>      >      > >>>>> Koha mailing list http://koha-community.org
>     <http://koha-community.org>
>      >     <http://koha-community.org <http://koha-community.org>>
>      >      > >>>>> Koha at lists.katipo.co.nz
>     <mailto:Koha at lists.katipo.co.nz> <mailto:Koha at lists.katipo.co.nz
>     <mailto:Koha at lists.katipo.co.nz>>
>      >      > >>>>> Unsubscribe:
>      > https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>
>      >     <https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>>
>      >      > >>>>>
>      >      > >>>>
>      >      > >>>>
>      >      > >>>> --
>      >      > >>>> Tomás Cohen Arazi
>      >      > >>>> Theke Solutions (http://theke.io <http://theke.io>
>     <http://theke.io <http://theke.io>>)
>      >      > >>>> ✆ +54 9351 3513384
>      >      > >>>> GPG: B2F3C15F
>      >      > >>>>
>      >      > >>>
>      >      > >>
>      >      > >> --
>      >      > >> Tomás Cohen Arazi
>      >      > >> Theke Solutions (http://theke.io <http://theke.io>
>     <http://theke.io <http://theke.io>>)
>      >      > >> ✆ +54 9351 3513384
>      >      > >> GPG: B2F3C15F
>      >      > >>
>      >      > > _______________________________________________
>      >      > >
>      >      > > Koha mailing list http://koha-community.org
>     <http://koha-community.org>
>      >     <http://koha-community.org <http://koha-community.org>>
>      >      > > Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
>     <mailto:Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>>
>      >      > > Unsubscribe:
>     https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>
>      >     <https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>>
>      >      > >
>      >      >
>      >      > --
>      >      > Ere Maijala
>      >      > Kansalliskirjasto / The National Library of Finland
>      >      > _______________________________________________
>      >      >
>      >      > Koha mailing list http://koha-community.org
>     <http://koha-community.org>
>      >     <http://koha-community.org <http://koha-community.org>>
>      >      > Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
>     <mailto:Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>>
>      >      > Unsubscribe:
>     https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>
>      >     <https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>>
>      >      >
>      >     _______________________________________________
>      >
>      >     Koha mailing list http://koha-community.org
>     <http://koha-community.org> <http://koha-community.org
>     <http://koha-community.org>>
>      > Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>
>     <mailto:Koha at lists.katipo.co.nz <mailto:Koha at lists.katipo.co.nz>>
>      >     Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>
>      >     <https://lists.katipo.co.nz/mailman/listinfo/koha
>     <https://lists.katipo.co.nz/mailman/listinfo/koha>>
>      >
> 
>     -- 
>     Ere Maijala
>     Kansalliskirjasto / The National Library of Finland
> 

-- 
Ere Maijala
Kansalliskirjasto / The National Library of Finland


More information about the Koha mailing list