So maybe it is a side effect of using some authentication module in Apache?
This is from a 20.05 setup, that I know OAuth2 is being used by a vendor: $ sudo apache2ctl -D DUMP_MODULES Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) expires_module (shared) filter_module (shared) headers_module (shared) mime_module (shared) mpm_itk_module (shared) mpm_prefork_module (shared) negotiation_module (shared) proxy_module (shared) proxy_http_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared) El mié, 26 may 2021 a las 3:28, Ere Maijala (<ere.maij...@helsinki.fi>) escribió: > Do you mean OAuth2 is working for you without anything special in Apache > config? I've not been that fortunate yet, though it might depend on > whether authentication plugins are enabled in Apache. > > --Ere > > Tomas Cohen Arazi kirjoitti 22.5.2021 klo 18.15: > > I wonder why it is working out of the box, and not for you. Is there any > > special apache config you're using? > > > > If not, then this is something we should patch in the Koha packages for > > everyone. > > > > Kind regards > > > > El sáb., 22 may. 2021 12:12, Aswin Unnikrishnan <aswinunn...@gmail.com > > <mailto:aswinunn...@gmail.com>> escribió: > > > > Thank you so much guys, > > > > Was a bit busy the past couple of days and could'nt work on it. But I > > followed the documentation mentioned by Ere and it worked! > > > > SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 > > > > > > If anyone else faces this issue, you should add this command under > > <VirtualHost> </VirtualHost> Tag . > > > > Thanks, > > Aswin > > > > On Wed, 19 May 2021 at 14:20, Ere Maijala <ere.maij...@helsinki.fi > > <mailto:ere.maij...@helsinki.fi>> wrote: > > > > > My documented steps to make sure OAuth2 is working are here: > > > > > > > > > > > > https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 > > < > https://github.com/vufind-org/vufind/blob/dev/config/vufind/KohaRest.ini#L20 > > > > > > > > This may be useful for you. I suppose it would make sense to > document > > > this properly in Koha wiki as well, I just haven't had time... > > > > > > Best, > > > Ere > > > > > > Aswin Unnikrishnan kirjoitti 17.5.2021 klo 20.53: > > > > Thanks for pointing that out Stephen, I will have to look into > > that, it > > > > might be the issue here. > > > > > > > > Tomas, I am not exactly sure if we have plack running or not. > > Plack > > > seems > > > > to be enabled, but plack logs are all empty. the logs are all at > > > > intranet-error.log and opac-error.log > > > > > > > > I will try out the apache CGIPass method as Stephen suggested > > and get > > > back > > > > if it works. > > > > > > > > Thanks, > > > > Aswin > > > > > > > > On Mon, May 17, 2021, 9:02 PM Tomas Cohen Arazi > > <tomasco...@gmail.com <mailto:tomasco...@gmail.com>> > > > > wrote: > > > > > > > >> Are you running Plack? > > > >> > > > >> El lun, 17 may 2021 a las 11:53, Aswin Unnikrishnan (< > > > >> aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>>) > escribió: > > > >> > > > >>> Thanks Stephen, Tomas for the quick response. > > > >>> > > > >>> Aswin - are you using the correct URL to call your custom > > endpoint. It > > > >>>> should be under the contrib namespace e.g. > > > >>>> > > > >>> > > > >>> The app i am making is not part of koha, its a seperate web > > app which > > > >>> makes calls to /api/v1/ end points of the koha server. > > > >>> > > > >>> Does the user (owner of the id/secret pair) have privileged > > access to > > > >>>> Koha? Remember it needs to have permissions to enter the > staff > > > interface > > > >>>> (the 'catalogue' permission) in order to access routes > > (other than > > > those in > > > >>>> the /api/v1/public namespace). > > > >>>> > > > >>> Yes, the user has permission set to access all librarian > > functions, I > > > >>> also tried accessing the api end point via browser after > > logging in to > > > the > > > >>> staff portal with this user, and im getting the correct > response. > > > >>> > > > >>> Im also not able to access api/v1/.html from the browser, it > > gives a > > > 403 > > > >>> Error page. I checked the error logs and found this > > > >>> > > > >>> [authz_core:error] [pid 25846] AH01630: client denied by > server > > > >>>> configuration: /usr/share/koha/api/v1/.html > > > >>>> > > > >>> > > > >>> > > > >>> Is there any logging systems in place which could give more > info > > > >>> regarding the authorization failure error? or any idea whats > > wrong? > > > >>> > > > >>> Thanks, > > > >>> Aswin > > > >>> > > > >>> > > > >>> On Mon, 17 May 2021 at 19:13, Tomas Cohen Arazi > > <tomasco...@gmail.com <mailto:tomasco...@gmail.com>> > > > >>> wrote: > > > >>> > > > >>>> Does the user (owner of the id/secret pair) have privileged > > access to > > > >>>> Koha? Remember it needs to have permissions to enter the > staff > > > interface > > > >>>> (the 'catalogue' permission) in order to access routes > > (other than > > > those in > > > >>>> the /api/v1/public namespace). > > > >>>> > > > >>>> BTW: All routes also have some required permissions you > > should take a > > > >>>> look at. Specific ones. > > > >>>> > > > >>>> Kind regards > > > >>>> > > > >>>> El lun, 17 may 2021 a las 9:40, Aswin Unnikrishnan (< > > > >>>> aswinunn...@gmail.com <mailto:aswinunn...@gmail.com>>) > escribió: > > > >>>> > > > >>>>> Hi, > > > >>>>> > > > >>>>> I wanted to build an app that uses the koha API, and so i > was > > > testing it > > > >>>>> out, but I keep getting "Authentication Failure" error > > whichever end > > > >>>>> point > > > >>>>> I try to access. > > > >>>>> The steps i did are > > > >>>>> > > > >>>>> 1. Got the client_id / secret from koha > > > >>>>> 2. Sent a POST request to api/v1/oauth/token with required > > parameters > > > >>>>> and > > > >>>>> got an "access_token" returned > > > >>>>> 3. Added the token to my authorization header with > > header-prefix > > > >>>>> "Bearer" > > > >>>>> 4. Sent a GET request to different end points, but getting > > the same > > > 401 > > > >>>>> Unauthorized error code with error : Authentication failure > > > >>>>> > > > >>>>> However if i access one of the public end points like > > > >>>>> /api/v1/biblios/{biblio_id} i can get a response > > > >>>>> > > > >>>>> If anyone has any idea why this is happening, please let > > me know. > > > >>>>> > > > >>>>> Thanks in advance, > > > >>>>> Aswin > > > >>>>> _______________________________________________ > > > >>>>> > > > >>>>> Koha mailing list http://koha-community.org > > <http://koha-community.org> > > > >>>>> Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > > >>>>> Unsubscribe: > > https://lists.katipo.co.nz/mailman/listinfo/koha > > <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > >>>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Tomás Cohen Arazi > > > >>>> Theke Solutions (http://theke.io <http://theke.io>) > > > >>>> ✆ +54 9351 3513384 > > > >>>> GPG: B2F3C15F > > > >>>> > > > >>> > > > >> > > > >> -- > > > >> Tomás Cohen Arazi > > > >> Theke Solutions (http://theke.io <http://theke.io>) > > > >> ✆ +54 9351 3513384 > > > >> GPG: B2F3C15F > > > >> > > > > _______________________________________________ > > > > > > > > Koha mailing list http://koha-community.org > > <http://koha-community.org> > > > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > > <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > > > > > > > > -- > > > Ere Maijala > > > Kansalliskirjasto / The National Library of Finland > > > _______________________________________________ > > > > > > Koha mailing list http://koha-community.org > > <http://koha-community.org> > > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > > <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > > > _______________________________________________ > > > > Koha mailing list http://koha-community.org < > http://koha-community.org> > > Koha@lists.katipo.co.nz <mailto:Koha@lists.katipo.co.nz> > > Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha > > <https://lists.katipo.co.nz/mailman/listinfo/koha> > > > > -- > Ere Maijala > Kansalliskirjasto / The National Library of Finland > -- Tomás Cohen Arazi Theke Solutions (http://theke.io) ✆ +54 9351 3513384 GPG: B2F3C15F _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
