Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 03-01-2016 at 21:01
Please, ANSWER this question AT http://stackoverflow.com/questions/34581476/unable-to-authenticate-users-for-an-app-in-fiware-lab-keyrock-instance
Question:
Unable to authenticate users for an app in Fiware Lab KeyRock instance
Description:
I have registered two users in Keyrock (the global fiware labs instance at https://account.lab.fiware.org)
User Robin has an organisation Robin-Cloud
User Robin is owner of an application Babbler
The application Babbler has authorized users "Robin" and "Robin viewer" (see screenshot)
User "Robin viewer" is a member of the same organisation as user "Robin"
Just to be sure i authorized the whole organisation that "Robin viewer" belongs to.
Both users have the same roles.
I can authenticate user "Robin" using a shell script to get an Access token. In the shell script i pass in the Applications Client ID and Client secret. I also pass in the username and password of User "Robin". The shell script is here (altered copy of this https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh ):
#!/bin/bash
if [ $# -lt 2 ] ; then
echo "auth-token: missing parameters."
echo "Usage: auth-token <user-email> <password>"
exit 1
fi
- Retrieve X-Auth-Token to make request against the protected resource
function get_token () {
if [ $# -lt 2 ] ; then
echo "get_token: missing parameters."
echo "Usage: get_token <user-email> <password>"
exit 1
fi
local _user=$1
local _pass=$2
- Retrieve Client ID and client Secret Automatically
CLIENT_ID="e2c095aa42414e75b9ac4d760f4c625a"
CLIENT_SECRET="****"
- Generate the Authentication Header for the request
AUTH_HEADER="$(echo -n $
{CLIENT_ID}:${CLIENT_SECRET} | base64)"# Define headers
CONTENT_TYPE="\"Content-Type: application/x-www-form-urlencoded\""
AUTH_BASIC="\"Authorization: Basic ${AUTH_HEADER}\""
# Define data to send
DATA="'grant_type=password&username=${_user}&password=${_pass}&client_id=${CLIENT_ID}
&client_secret=$
{CLIENT_SECRET}'"
- Create the request
REQUEST="curl -s --insecure -i --header $
{AUTH_BASIC}--header $
{CONTENT_TYPE}-X POST https://account.lab.fiware.org/oauth2/token -d $
{DATA}"
XAUTH_TOKEN="$(eval $
echo "Request: ${REQUEST}
"
echo "X-Auth-Token for '${_user}': $
"
}
get_token $1 $2
However
I cannot get an access token for User "Robin viewer". The message i get from Keyrock is:
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
I assumed authorizing user "Robin viewer" for the Babbler app in the Keyrock user interface would be enough. What am i missing here?
Activity
2016-01-06 00:05|UPDATED status: transition Answer| # answers= 1, accepted answer= False
2016-01-06 03:05|UPDATED status: transition Answered| # answers= 1, accepted answer= False
2016-01-08 00:05|UPDATED status: transition Finish| # answers= 1, accepted answer= False
2016-01-04 00:05|CREATED monitor | # answers= 0, accepted answer= False