This topic contains 12 replies, has 3 voices, and was last updated by Frank 4 years, 5 months ago.
- Topic
Hi there,
I am learning to make use of OAuth2-authentication to get access to orocommerce rest api endpoints.
OroOAuth2ServerBundle: https://github.com/oroinc/oauth2-server.
has been installed and works fine.I am able to create Oauth-applications
– for backend-users: https://doc.oroinc.com/user/back-office/getting-started/user-menu/oauth/#user-guide-my-profile-oauth, and
– frontend-customerUsers: https://doc.oroinc.com/user/back-office/customers/customer-users/#user-guide-customers-customer-users-oauthand to receive response from the authorization server with a JSON object containing the following properties:
* token_type with the value Bearer
* expires_in = 3600 seconds
* access_token a JSON web token signed with the authorization server’s private keyIf I use this access-token to make a request to oro’s web services endpoints:
– backend: http://<hostname_of_my_custom_oro_application>/admin/api/doc
– frontend: http://<hostname_of_my_custom_oro_application>/api/docit works for frontend customerUser-Oauth-application with frontend customerusers/*-endpoint, only:
REQUEST (ok):
—
GET /api/customerusers HTTP/1.1
Content-Type: application/vnd.api+json
Authorization: Bearer my-access-tokenBut not (at all) for backend user-Oauth-application, with frontend-/backend-endpoints. For
REQUEST (should work?! – see OroOAuth2ServerBundle-GitHub-doc):
—
GET /api/users HTTP/1.1
Content-Type: application/vnd.api+json
Authorization: Bearer my-access-tokenI got
RESPONSE:
—
“HTTP/1.1 401 Unauthorized
Server: nginx/1.12.2
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.1.33
Cache-Control: must-revalidate, no-cache, no-store, private
Date: Wed, 20 Nov 2019 12:41:01 GMT
WWW-Authenticate: WSSE realm=”Secured Frontend API”, profile=”UsernameToken”
Expires: 0
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=blockObviously the api is expecting WSSE-authentication …?
Could you tell me please,
Why I am on the wrong way, and what to do instead?
Thanks a lot
Frank
The forum ‘OroCommerce’ is closed to new topics and replies.