11 Replies Latest reply on Sep 9, 2015 12:27 AM by jane.scott

    How to debug/log oAuth2 request attempts

    bigtdohrn

      Hi everyone,

       

      we are currently debugging a problem on our first addon (and the corresponding service). To efficiently debug, we would need logs of the connection attempts one tries to make to our jive instance:

       

      Situation:

      When we try to request resources via the REST API with an issued oAuth2 token we get following return code:

      throw 'allowIllegalResourceCall is false.';

      {

        "code" : 4088,

        "message" : "An authenticated user is required in order to access this endpoint"

      }

       

      What I am looking for:

      I am looking for any clues why our requests gets the above mentioned error message. I am therefore interested in any information which could assist me in this quest.

      The logging console is available to me, but I had a hard time to find out which is the right setting to set to debug/trace to find my connection attempt.

      My request via the REST API (v3) was not mentioned in the logs whatsoever. I would at least have expected an information like "unsuccessful connection attempt from Ip: XXXX on api V3"

       

      Background:

      • We created our first addon for a jive instance (Newbie problems could be our problem here).
      • We followed the Tutorial and have no issues whatsoever if we do the same on the jive-sandbox.
      • We are sufficiently used to the oauth(2) process and therefore rule out general problems with the understanding.
      • We are a service provider for our customer as well as the company which set up the jive instance. So setup problems (rights, firewall, etc. are possible)
      • We have access to the admin console

       

      Thanks in advance

        • Re: How to debug/log oAuth2 request attempts

          It appears like the token is invalid. Can you post the actual request in the form of a CURL command with the access token modified (to make it invalid) except for the last two characters of the token?

            • Re: How to debug/log oAuth2 request attempts
              bigtdohrn

              Hi Murali VP,

               

              Thanks for your help with this ticket. Unfortunately I answered to the original post, not to yours, so my answer might have slipped your attention.

              We did receive an update from Chris Watson on this thread: OAuth authentication does not work despite custom plugin is deactivated

               

              He found out that "... this is being caused by you using an Anonymous User rather than an Authenticated User within Jive".

              He did so by requesting the current user: curl -H "Authorization: Bearer 25mcfd46XXXXXXXXXXXXXXXXeffsfl981hzh.t" <OurJiveInstance>/api/core/v3/people/@me

              The result looks like this:

               

              throw 'allowIllegalResourceCall is false.';

              {

                "error" : {

                  "message" : "This request is not allowed for anonymous users",

                  "status" : 401

                }

               

              Following questions emerge from this answer:

               

              • How could one issue an access token for an anonymous user, if you need to be logged in to "allow the service access" to your jive data? (Step 5 from "Obtaining an Access Token using Authorization Code Grant", OAuth 2.0 )
              • Why is the refresh token, obtained from the same original request, allowed to refresh the token if the access token has authorization problems?
              • What else (besides a truly anonymously issued access token) could be the reason, that our token seems to have no user connected to?

               

              Best Regards and thanks for the help

            • Re: How to debug/log oAuth2 request attempts
              bigtdohrn

              Hi and sorry for the late answer.

              My curl request is this:

              curl -i -H "Authorization: Bearer dlf3xxxxxxxxxxxxxxxxxxxxxxxtjlyiwybn.t" https://sky.uat5.hosted.jivesoftware.com/api/core/v3/inbox

              I tested as well some variations with the bearer:

              curl -i -H "Authorization:Bearer dlf3xxxxxxxxxxxxxxxxxxxxxxxtjlyiwybn.t" https://sky.uat5.hosted.jivesoftware.com/api/core/v3/inbox   (No space between colon)

              as well as

              curl -i -H "Authorization:dlf3xxxxxxxxxxxxxxxxxxxxxxxtjlyiwybn.t" https://sky.uat5.hosted.jivesoftware.com/api/core/v3/inbox   (No bearer keyword)

               

              I always get the same error message as mentioned above:

              throw 'allowIllegalResourceCall is false.';

              {

                "code" : 4088,

                "message" : "An authenticated user is required in order to access this endpoint"

              }

               

              Because this method works like a charme for the sandbox (with different tokens and App Id, obviously) I'm pretty sure it has to do with the installation/configuration of jive.

              Could this be an Version issue? The installation in question is Jive 7.0.1.0. Is there a known issue or something?