Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-8849

[fiware-stackoverflow] Unable to authenticate users for an app in Fiware Lab KeyRock instance



      Created question in FIWARE Q/A platform on 03-01-2016 at 21:01
      Please, ANSWER this question AT https://stackoverflow.com/questions/34581476/unable-to-authenticate-users-for-an-app-in-fiware-lab-keyrock-instance

      Unable to authenticate users for an app in Fiware Lab KeyRock instance

      I have registered two users in Keyrock (the global fiware labs instance at https://account.lab.fiware.org)

      User Robin has an organisation Robin-Cloud
      User Robin is owner of an application Babbler
      The application Babbler has authorized users "Robin" and "Robin viewer" (see screenshot)
      User "Robin viewer" is a member of the same organisation as user "Robin"
      Just to be sure i authorized the whole organisation that "Robin viewer" belongs to.
      Both users have the same roles.

      I can authenticate user "Robin" using a shell script to get an Access token. In the shell script i pass in the Applications Client ID and Client secret. I also pass in the username and password of User "Robin". The shell script is here (altered copy of this https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh ):


      if [ $# -lt 2 ] ; then
      echo "auth-token: missing parameters."
      echo "Usage: auth-token <user-email> <password>"
      exit 1

      1. Retrieve X-Auth-Token to make request against the protected resource

      function get_token () {

      if [ $# -lt 2 ] ; then
      echo "get_token: missing parameters."
      echo "Usage: get_token <user-email> <password>"
      exit 1

      local _user=$1
      local _pass=$2

      1. Retrieve Client ID and client Secret Automatically


      1. Generate the Authentication Header for the request

      AUTH_HEADER="$(echo -n $

      {CLIENT_ID}:${CLIENT_SECRET} | base64)"

      # Define headers

      CONTENT_TYPE="\"Content-Type: application/x-www-form-urlencoded\""
      AUTH_BASIC="\"Authorization: Basic ${AUTH_HEADER}\""

      # Define data to send





      1. Create the request

      REQUEST="curl -s --insecure -i --header $


      --header $


      -X POST https://account.lab.fiware.org/oauth2/token -d $


      XAUTH_TOKEN="$(eval $

      echo "Request: ${REQUEST}

      echo "X-Auth-Token for '${_user}': $




      get_token $1 $2


      I cannot get an access token for User "Robin viewer". The message i get from Keyrock is:

      {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

      I assumed authorizing user "Robin viewer" for the Babbler app in the Keyrock user interface would be enough. What am i missing here?


        backlogmanager Backlog Manager created issue -
        backlogmanager Backlog Manager added a comment -

        2017-05-22 15:09|CREATED monitor | # answers= 1, accepted answer= False

        backlogmanager Backlog Manager added a comment - 2017-05-22 15:09|CREATED monitor | # answers= 1, accepted answer= False
        backlogmanager Backlog Manager made changes -
        Field Original Value New Value
        Component/s FIWARE-TECH-HELP [ 10278 ]
        backlogmanager Backlog Manager made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        backlogmanager Backlog Manager added a comment -

        2017-05-22 18:07|UPDATED status: transition Answer| # answers= 1, accepted answer= False

        backlogmanager Backlog Manager added a comment - 2017-05-22 18:07|UPDATED status: transition Answer| # answers= 1, accepted answer= False
        backlogmanager Backlog Manager made changes -
        Status In Progress [ 3 ] Answered [ 10104 ]
        backlogmanager Backlog Manager added a comment -

        2017-05-22 21:07|UPDATED status: transition Answered| # answers= 1, accepted answer= False

        backlogmanager Backlog Manager added a comment - 2017-05-22 21:07|UPDATED status: transition Answered| # answers= 1, accepted answer= False
        jicg José Ignacio Carretero Guarde made changes -
        Assignee Backlog Manager [ backlogmanager ]
        jicg José Ignacio Carretero Guarde made changes -
        Labels authentication fiware multiple-users oauth authentication fiware fiware-keyrock multiple-users oauth
        jicg José Ignacio Carretero Guarde made changes -
        Resolution Done [ 10000 ]
        Status Answered [ 10104 ] Closed [ 6 ]
        fla Fernando Lopez made changes -
        HD-Enabler KeyRock [ 10889 ]
        HD-Chapter Security [ 10841 ]
        fla Fernando Lopez made changes -
        Fix Version/s 2021 [ 12600 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open In Progress In Progress
        2h 57m 1 Backlog Manager 22/May/17 6:05 PM
        In Progress In Progress Answered Answered
        2h 59m 1 Backlog Manager 22/May/17 9:05 PM
        Answered Answered Closed Closed
        6d 14h 43m 1 José Ignacio Carretero Guarde 29/May/17 11:49 AM


          • Assignee:
            backlogmanager Backlog Manager
            backlogmanager Backlog Manager
          • Votes:
            0 Vote for this issue
            1 Start watching this issue


            • Created: