You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I craete RPC service POST only and set Authorization for this service
I get the access_taken calling the /oauth using the credentials:
{
"grant_type": "password",
"username": "user",
"password": "userPassword",
"client_id": "clientId",
"client_secret" : "clientSecret"
}
I use the generated access_token to make api call into the RPC service
I get response forbidden (status 403)
When I change the adapter name from "test_oauth" to "oauth2" all is working as expected
Where $type will be set "test_oauth" therefore the method $adapter->authenticate($request, $response, $mvcAuthEvent);
will never get executed and the identity will get set to guest user in
if (! $identity instanceof Identity\IdentityInterface) {
$identity = newIdentity\GuestIdentity();
}
The text was updated successfully, but these errors were encountered:
haniWeiss
changed the title
Naming the Authentication Adpater casuing Authentication failure (status 403)
Naming the Authentication Adpater other then "oauth2" is casuing Authentication failure (status 403)
Feb 4, 2020
Bug Report
Summary
Naming the Authentication Adapter anything else then "oauth2" and making api call to a service is causeing a response:
How to reproduce
I created api tool skeleton application using the command
In the admin panel I navigate to Authentication I remove the test authentication adapter and I created a new adapter named "test_oauth"
This will produce the following code in ./config/autoload/local.php file :
I craete RPC service POST only and set Authorization for this service
I get the access_taken calling the /oauth using the credentials:
{
"grant_type": "password",
"username": "user",
"password": "userPassword",
"client_id": "clientId",
"client_secret" : "clientSecret"
}
I use the generated access_token to make api call into the RPC service
I get response forbidden (status 403)
When I change the adapter name from "test_oauth" to "oauth2" all is working as expected
I traced the issue
api-tools-mvc-auth/src/Authentication/DefaultAuthenticationListener.php
Lines 293 to 297 in 813e4c3
Where $type will be set "test_oauth" therefore the method
$adapter->authenticate($request, $response, $mvcAuthEvent);
will never get executed and the identity will get set to guest user in
api-tools-mvc-auth/src/Authentication/DefaultAuthenticationListener.php
Lines 198 to 200 in 813e4c3
The text was updated successfully, but these errors were encountered: