Could it be an issue with Apache? When we first started using the API we had an auth issue and our hosting company said:
“By default Apache strips out Authorization headers and it is necessary to explicitly tell it not to do that when you're trying to pass authorisation tokens through in the Authorization header. The Apache directive that does this is CGIPassAuth: https://httpd.apache.org/docs/trunk/mod/core.html#cgipassauth Could this be the issue and you need to change the Koha apache to do this? Stephen From: Aswin Unnikrishnan <aswinunn...@gmail.com> Sent: 17 May 2021 15:53 To: Tomas Cohen Arazi <tomasco...@gmail.com>; Stephen Graham <s.grah...@herts.ac.uk> Cc: Discussion Group Koha <koha@lists.katipo.co.nz> Subject: Re: [Koha] Koha API - Authentication Failure Thanks Stephen, Tomas for the quick response. Aswin - are you using the correct URL to call your custom endpoint. It should be under the contrib namespace e.g. The app i am making is not part of koha, its a seperate web app which makes calls to /api/v1/ end points of the koha server. Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace). Yes, the user has permission set to access all librarian functions, I also tried accessing the api end point via browser after logging in to the staff portal with this user, and im getting the correct response. Im also not able to access api/v1/.html from the browser, it gives a 403 Error page. I checked the error logs and found this [authz_core:error] [pid 25846] AH01630: client denied by server configuration: /usr/share/koha/api/v1/.html Is there any logging systems in place which could give more info regarding the authorization failure error? or any idea whats wrong? Thanks, Aswin On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi <tomasco...@gmail.com<mailto:tomasco...@gmail.com>> wrote: Does the user (owner of the id/secret pair) have privileged access to Koha? Remember it needs to have permissions to enter the staff interface (the 'catalogue' permission) in order to access routes (other than those in the /api/v1/public namespace). BTW: All routes also have some required permissions you should take a look at. Specific ones. Kind regards El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (<aswinunn...@gmail.com<mailto:aswinunn...@gmail.com>>) escribió: Hi, I wanted to build an app that uses the koha API, and so i was testing it out, but I keep getting "Authentication Failure" error whichever end point I try to access. The steps i did are 1. Got the client_id / secret from koha 2. Sent a POST request to api/v1/oauth/token with required parameters and got an "access_token" returned 3. Added the token to my authorization header with header-prefix "Bearer" 4. Sent a GET request to different end points, but getting the same 401 Unauthorized error code with error : Authentication failure However if i access one of the public end points like /api/v1/biblios/{biblio_id} i can get a response If anyone has any idea why this is happening, please let me know. Thanks in advance, Aswin _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha -- Tomás Cohen Arazi Theke Solutions (http://theke.io<http://theke.io/>) ✆ +54 9351 3513384 GPG: B2F3C15F _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
