[HELP-16377] FIWARE.Question.Tech.Unexplainable 403 error "User not allow to perform the action" in Keyrock. - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:

Source URL:
https://stackoverflow.com/questions/59078873/unexplainable-403-error-user-not-allow-to-perform-the-action-in-keyrock

Description

Created question in FIWARE Q/A platform on 27-11-2019 at 22:11
Please, ANSWER this question AT https://stackoverflow.com/questions/59078873/unexplainable-403-error-user-not-allow-to-perform-the-action-in-keyrock

Question:
Unexplainable 403 error "User not allow to perform the action" in Keyrock

Description:
I've been struggling for a while with this issue and wondered if anyone else had the same problem.

I've got a Keyrock 7.8.0 + MySQL architecture running with docker as FIWARE tutorials suggest. I can access both GUI and API through localhost:3005. Everything seems to work fine through GUI with admin user but when it comes to granting, with admin Auth-Token, a role to a user

curl -X PUT \
http://localhost:3005/v1/applications/20f9bc1d-a9d1-45af-bdd9-f96fdc7a1ec9/users/c8336e47-8e3b-4081-b0f7-b2a3431847d7/roles/55e8a41c-52b5-4ef9-ad9c-ef60762d32e3 \
-H 'Accept: /' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Length: 0' \
-H 'Content-Type: application/json' \
-H 'Cookie: session=eyJyZWRpciI6Ii8ifQ==; session.sig=TqcHvLKCvDVxuMk5xVfrKEP-GSQ' \
-H 'Host: localhost:3005' \
-H 'Postman-Token: cb7e8ae3-87b4-4d8e-9fb7-a66ef439a7cf,7f736505-8c7e-4991-8449-ebd6e54714f7' \
-H 'User-Agent: PostmanRuntime/7.19.0' \
-H 'X-Auth-token: f20c72c6-7c2a-4d8e-8d48-568e1c4e47d6' \
-H 'cache-control: no-cache'

or an organization,

curl -X PUT \
http://localhost:3005/v1/applications/20f9bc1d-a9d1-45af-bdd9-f96fdc7a1ec9/organizations/d98534f7-ecaa-4c38-93cc-c17d87f010ee/roles/55e8a41c-52b5-4ef9-ad9c-ef60762d32e3/organization_roles/member \
-H 'Accept: /' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Length: 0' \
-H 'Content-Type: application/json' \
-H 'Cookie: session=eyJyZWRpciI6Ii8ifQ==; session.sig=TqcHvLKCvDVxuMk5xVfrKEP-GSQ' \
-H 'Host: localhost:3005' \
-H 'Postman-Token: 11fc3dbb-8484-482f-8bc1-af89dcdeebb5,8bfdcdb5-f200-4bee-bcee-a8f6d83b18f0' \
-H 'User-Agent: PostmanRuntime/7.19.0' \
-H 'X-Auth-token: f20c72c6-7c2a-4d8e-8d48-568e1c4e47d6' \
-H 'cache-control: no-cache'

it just responds with this error in the body:

{
"error":

{ "message": "User not allow to perform the action", "code": 403, "title": "Forbidden" }

}

Anyone knows how can it be that the same user has permission to do a thing through the GUI and not through the API?

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Backlog Manager added a comment - 28/Nov/19 12:06 AM

2019-11-28 00:06|CREATED monitor | # answers= 0, accepted answer= False

Show

Backlog Manager added a comment - 28/Nov/19 12:06 AM 2019-11-28 00:06|CREATED monitor | # answers= 0, accepted answer= False

Hide

Permalink

Backlog Manager added a comment - 24/Apr/20 6:05 PM

2020-04-24 18:05|UPDATED status: transition Answer| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 24/Apr/20 6:05 PM 2020-04-24 18:05|UPDATED status: transition Answer| # answers= 1, accepted answer= False

Hide

Permalink

Backlog Manager added a comment - 28/Apr/20 9:05 PM

2020-04-28 21:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 28/Apr/20 9:05 PM 2020-04-28 21:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False

People

Assignee:

Alvaro Alonso

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

28/Nov/19 12:06 AM

Updated:

27/May/21 10:56 AM

Resolved:

25/May/20 9:37 AM

Agile

View on Board