Comments (11)
hansaliyad1
commented on July 22, 2024
1
That worked! Thank you so much!!
from authcrunch.github.io.
hansaliyad1
commented on July 22, 2024
I am not able to authenticate with API keys. I am doing something wrong but I am not sure what. When I try to use API key, I get token error {"session_id": "VU4UbkviHDBkDUVXBzLFy2AqaNsyZbGv7ohhgfKpuDV", "request_id": "c14909b4-0350-493a-9635-b13a30f66471", "error": "keystore: failed to parse token"} and Access denied {"session_id": "VU4UbkviHDBkDUVXBzLFy2AqaNsyZbGv7ohhgfKpuDV", "request_id": "c14909b4-0350-493a-9635-b13a30f66471", "error": "Unauthorized"}. When I try to use access_token, I get Access denied {"session_id": "mzKB76P2roifPaclzL7FSxCfDJ9WJNlMYxXpX71usCkW3", "request_id": "81c16515-9e28-4b69-8262-1d96973d15fc", "error": "Forbidden"}. Below is my authentication and authorization policies. I will really appreciate if you can provide me any assistance.
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify <SHARED_SECRET>
enable identity store localdb
}
authorization policy mypolicy {
allow roles authp/admin authp/user
crypto key verify <SHARED_SECRET>
acl default allow
}
from authcrunch.github.io.
greenpau
commented on July 22, 2024
Did you add “ with api key auth portal myportal realm local”?
from authcrunch.github.io.
hansaliyad1
commented on July 22, 2024
Yes, I did add with api key auth portal myportal realm local but results were same. These policies are used by
api.domain_name.com {
route * {
authenticate with myportal
authorize with mypolicy
reverse_proxy http://private_ip:<port>
}
}
from authcrunch.github.io.
greenpau
commented on July 22, 2024
@hansaliyad1 , what header are you sending with the API key?
from authcrunch.github.io.
greenpau
commented on July 22, 2024
@hansaliyad1 , please see greenpau/caddy-security#116 (comment) about X-Api-Key
from authcrunch.github.io.
hansaliyad1
commented on July 22, 2024
@hansaliyad1 , what header are you sending with the API key?
I was using Authorization: Bearer.
from authcrunch.github.io.
greenpau
commented on July 22, 2024
I was using Authorization: Bearer.
@hansaliyad1 , thank you for raising this. You should be using X-Api-Key
from authcrunch.github.io.
hansaliyad1
commented on July 22, 2024
@hansaliyad1 , please see greenpau/caddy-security#116 (comment) about
X-Api-Key
I tried X-Api-Key but results are same.
authentication portal myportal {
crypto default token lifetime 3600
crypto key sign-verify <SHARED_KEY>
enable identity store localdb
}
authorization policy mypolicy {
with api key auth portal myportal realm local
allow roles authp/admin authp/user
crypto key verify <SHARED_KEY>
acl default allow
}
from authcrunch.github.io.
hansaliyad1
commented on July 22, 2024
@hansaliyad1 , please see greenpau/caddy-security#116 (comment) about
X-Api-KeyI tried
X-Api-Keybut results are same.authentication portal myportal { crypto default token lifetime 3600 crypto key sign-verify <SHARED_KEY> enable identity store localdb } authorization policy mypolicy { with api key auth portal myportal realm local allow roles authp/admin authp/user crypto key verify <SHARED_KEY> acl default allow }
My curl command is curl -H "X-Api-Key: <API_KEY>" -v https://api.domain.com/api/GetGRTrack1
from authcrunch.github.io.
greenpau
commented on July 22, 2024
@hansaliyad1 , I think the plugins are not chained properly. This is incorrect.
route * {
authenticate with myportal
authorize with mypolicy
reverse_proxy http://private_ip:<port>
}
It should be:
route /auth* {
authenticate with myportal
}
route {
authorize with mypolicy
reverse_proxy http://private_ip:<port>
}
from authcrunch.github.io.
Related Issues (20)
- oauth: document enable logout directive
- ui: document meta author and description
- messaging: document file provider
- ldap: document fallback role directive
- ui: setting page directives
- document aws saml login HOT 3
- Azure OIDC Expired Tokens Redirect URL Issue HOT 2
- keycloak no id_token HOT 17
- keycloak in the same Caddyfile HOT 1
- Build fails with Docker and xcaddy HOT 1
- How does authp interact with the acme challenge URLs? HOT 2
- Allow both unauthenticated and authenticated access HOT 1
- Unable to register new user without email verification. HOT 3
- fail to send mail to smtp-mail.outlook.com HOT 1
- google oauth: send "prompt" query param HOT 1
- Successful Oauth Login Immediately Redirects HOT 4
- Feature request: automaticaly activate newly self-registered users HOT 2
- Feature request: store users in database HOT 1
- Unable to type password HOT 11
- Update Keycloak Example HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authcrunch.github.io.