Consume service API. cannot authenticate

I have problems to authenticate for rest-api service.
i configured the Application paramters as following:

cuba.webContextName = app-core
cuba.availableLocales = English|en
cuba.localeSelectVisible = false
cuba.anonymousSessionId = 002a9c13-8e06-af86-f829-cb5bf06b6ff6
cuba.rest.client.id = test
cuba.rest.client.secret = test
cuba.rest.anonymousEnabled = true

Swagger curl:

curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d 'grant_type=password&username=test&password=test' 'http://localhost:8080/app/rest/v2/oauth/token'

i get the following message:

{
  "error": "unauthorized",
  "error_description": "Full authentication is required to access this resource"
}

i also tried it with basic authentication test:test dit also not work.
can someone help me?

Hello, @fkoers!

You must add Authorization header with value
Basic dGVzdDp0ZXN0
where dGVzdDp0ZXN0 - it is test:test encoded in Base64

Here is the example app with REST API authorization.

Link to the doc: CUBA Platform. Developer’s Manual

1 Like

Thank you for your fast response Evgeniy,

so now i do the following calls with swagger:

call 1 getToken:
curl -X POST --header ‘Content-Type: application/x-www-form-urlencoded’ --header ‘Accept: application/json’ --header ‘Authorization: Basic dGVzdDp0ZXN0’ -d ‘grant_type=password&username=admin&password=admin’ ‘http://localhost:8080/app/rest/v2/oauth/token

Or should i use “test test” as username and pasword. again?

response:
{
“error”: “unauthorized”,
“error_description”: “Bad credentials”
}

call 2:
curl -X GET --header ‘Accept: application/json’ --header ‘Authorization: Basic dGVzdDp0ZXN0’ ‘http://localhost:8080/app/rest/v2/entities/workshop%24Client

response {
“error”: “unauthorized”,
“error_description”: “An Authentication object was not found in the SecurityContext”
}

401

You must set cuba.rest.client.id and cuba.rest.client.secret in web-app.properties (web module).
Auth request will return access token (it will be used in next queries, not test:test encoded in base64).

In the second query need to add header Authorization with value
Bearer [_access_token_]
For example,
Bearer c57c8e69-76cc-4e27-8780-50514cc30299

1 Like

Thanks Evgeniy, its working

1 Like

I’m having the same issue and I did set both client_id & client_secret in app_properties