Details
-
Type:
Monitor
-
Status: Answered
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Unknown
-
HD-Enabler:Unknown
-
HD-Node:Unknown
Description
Created question in FIWARE Q/A platform on 23-07-2024 at 09:07
Please, ANSWER this question AT https://stackoverflow.com/questions/78782250/fiware-unauthorized-errors-domain-not-found-with-oauth2-and-user-not-authori
Question:
FIWARE Unauthorized Errors: "Domain not Found" with OAuth2 and "User not Authorized in the Application" with /v1/auth/tokens
Description:
I am setting up a FIWARE platform using Docker Compose to manage IoT devices. The setup includes the Orion Context Broker, IoT Agent, and Keyrock Identity Manager. My goal is to securely authenticate IoT devices through Keyrock and have them send data to Orion via the IoT Agent.
Setup:
I have configured the necessary FIWARE components as follows:
Orion Context Broker
IoT Agent (JSON)
Keyrock Identity Manager
User and Role Configuration in Keyrock:
Application ID: tutorial-dckr-site-0000-xpresswebapp
IoT Agent ID: iot_sensor_00000000-0000-0000-0000-000000000000
User: alice-the-admin@test.com with the role entity-reader which has permission to GET /v2/entities/*.
I am encountering two different errors depending on the authentication method used:
1.after Using OAuth2 Token:
curl -X POST 'http://ramona-iot.com:3005/oauth2/token' -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=password&username=alice-the-admin@test.com&password=<alice-password>&client_id=<application-id>&client_secret=<application-secret>
and Request to IoT Agent:
curl -X GET \ 'http://ramona-iot.com:1027/v2/entities/urn:ngsi-ld:Temp:003?options=keyValues' \ -H 'Fiware-Service: openiot' \ -H 'Fiware-ServicePath: /' \ -H 'X-Auth-Token: <new-access-token>
I get this Error:
2.after Using /v1/auth/tokens
Request for token:
curl -iX POST 'http://ramona-iot.com:3005/v1/auth/tokens' -H 'Content-Type: application/json' -d '
and Request to IoT Agent:
curl -X GET 'http://ramona-iot.com:1027/v2/entities/urn:ngsi-ld:Temp:003?options=keyValues' -H 'Fiware-Service: openiot' -H 'Fiware-ServicePath: /' -H 'X-Auth-Token: <new-auth-token>
I get this Error:
{ "type": "urn:dx:as:InvalidAuthenticationToken", "title": "Unauthorized", "detail": "User not authorized in the application" }What might be causing the "Domain not Found" error when using OAuth2 tokens? How can I resolve the "User not authorized in the application" error when using /v1/auth/tokens? Are there any additional configurations or steps needed to correctly set up the IoT Agent with Keyrock for OAuth2 authentication?
I also checked the headers Fiware-Service and Fiware-ServicePath in the request.
Activity
2025-02-05 01:00|UPDATED status: transition Answer| # answers= 1, accepted answer= False
2025-02-06 01:00|UPDATED status: transition Answered| # answers= 1, accepted answer= False
2025-02-04 17:52|CREATED monitor | # answers= 1, accepted answer= False