HAL questions
OAuth Rest API v2 - getting data from the DB
Aldevinas Katkus
4-4-18
How do I get a data from the DB when I have already authenticated via OAuth2 and got an access token?
I am getting an error "the resource is not allowed" when I am authorized and "not authorized to read this resource" when not authorized.


I have added "api" function to the "access functions from the web", but it did not help.
version 8.4 2017-12-09 (build 84191013)



According to OAuth docs , I should have to pass the access token in the request header

Authorization: Bearer

as described here https://tools.ietf.org/html/rfc6750#section-2
"Clients SHOULD make authenticated requests with a bearer token using
the "Authorization" request header field with the "Bearer" HTTP
authorization scheme. Resource servers MUST support this method."

php code:
...
if(session('access_token'))
$headers[] = 'Authorization: Bearer ' . session('access_token');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);
$err = curl_error($ch);
...

Any help?
Reply
Aldevinas Katkus
4-5-18
I can see my queries in the server log:
2018-04-05 17:11:16 AK/THREAD(16) Prisijungti - login
2018-04-05 17:11:16 /THREAD(16) FindSlot() from non main thread:
2018-04-05 17:11:16 AK/THREAD(16) FindSlot() from non main thread:

2018-04-05 17:12:07 /THREAD(18) SetSlotSessionId() from non main thread:
2018-04-05 17:12:07 /THREAD(18) SetSlotSessionId() from non main thread:
Reply
Aldevinas Katkus
4-16-18
Everything works after I have added Action=Rest API in user's the Access group.
Reply
Giuseppe L.
4-16-18
Hello Aldevinas,
great to know you figured out the what the problem was and how to fix it.

We will publish a webinar link in the next days where you'll find more details about OAuth and RestAPI.
Please check the Education Section in the Partner Portal.

Giuseppe

HansaWorld Support
Reply
Aldevinas Katkus
4-16-18
Created byGiuseppe L.08:22 16 Apr 2018
Hello Aldevinas, great to know you figured out the what the problem was and how to fix it. We will publish a webinar link in the next days where you'll find more details about OAuth and RestAPI. Please check the Education Section in the Partner Portal.
I have watched that webinar.
Reply
Aldevinas Katkus
4-4-19
We have a problem connecting with real db:
we get an oauth error "the resource is not allowed",
even though:
token refreshing works,
global users are OK (enabled and set up).
"Web Rest API" is checked in the optional features,
User access group has rest api action access enabled
user can connect with Standard ID
in the "Active users" list connected user is shown as '"user_id" Web"
everything works with my demo db, but doesn't with the client's db.

Any ideas?
Reply
Aldevinas Katkus
4-4-19
Created byAldevinas Katkus14:53 4 Apr 2019
We have a problem connecting with real db: we get an oauth error "the resource is not allowed", even though: token refreshing works, global users are OK (enabled and set up). "Web Rest API" is checked in the optional features, User access group has res
after a few trials I got "not authorized to read this resource", after this the next query returned "the resource is not allowed", then "not authorized to read this resource" again. Looks like the error message has a semi random pattern.

8.4 2018-07-26 (build 84192014)
Reply
Aldevinas Katkus
4-9-19
Created byAldevinas Katkus15:08 4 Apr 2019
after a few trials I got "not authorized to read this resource", after this the next query returned "the resource is not allowed", then "not authorized to read this resource" again. Looks like the error message has a semi random pattern. 8.4 2018-07-26 (
Well, the problem was that tried to fetch data from the company 2 where, but it it looks like the global user access group used by the SERP was from company 1, where I had not enough rights to use Rest API.
I had to enable rest api Action in the first company to be able to read the data from the second company.
In both companies there were identical access groups except the Rest API access was OFF in the first company.
Reply
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Back to the list
Latest Posts
Re: Folder
Piotr Wycichowski
Is it something when a user tried to use any of AI commands in SERP? /Piotr W....
10:07 8 Nov 2024
Re: Reconnecting issues: version 8.5 2022-02-02 (build 85420830)
Brittany McGrath
Thank you for your post Lilian. I see this post has been submitted twice and the second post is being addressed so I will close this duplicate. Thank you. ...
09:41 5 Nov 2024